Re: [graylog2] Problem with streeam alerts after updating to graylog1.2

[Arie]

Send it by mail

hth,,

Arie

On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez wrote:
>
> We saw a similar problem with an alert callback that was created in 1.0, 
> it could be the same problem that you are experiencing. Could you share 
> with us your "alarmcallbackconfigurations" MongoDB collection in order to 
> further investigate the issue? Please send it to edm...@graylog.com 
>  if it contains any sensitive information. 
>
> In case you don't know how to get the collection, you can get the MongoDB 
> collection by executing the following command in a terminal: 
> mongo :/ <<< 
> 'db.alarmcallbackconfigurations.find()' 
>
> Please remember to replace , , and 
>  with the actual values for your environment. You 
> may also need to add a username and password if your setup requires 
> authentication. 
>
> Edmundo 
>
> > On 16 Sep 2015, at 13:09, Arie  
> wrote: 
> > 
> > That is very well possible, 1.0 or 1.01 but not totally shore of it. 
> > 
> > In one of the upgrades I had a problem with some data that was the 
> result of a Yum update from repository 
> > where old data was deleted an a wrong/missing node-id file. 
> > 
> > We use the contend-pack function for backup of a lot of settings, an 
> what I see now is that the callback 
> > function is not present there, and may be missing in my present stream 
> configs. 
> > 
> > Arie 
> > 
> > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: 
> > That previous 1.1 version, was it an upgrade from 1.0 by any chance? 
> > 
> > Edmundo 
> > 
> > > On 16 Sep 2015, at 11:39, Arie  wrote: 
> > > 
> > > And second: 
> > > 
> > > In the alert the "callbacks" part in the GUI keeps "loading" going on 
> endlesly. 
> > > I remember editing the calback email condition so we are closer intho 
> the problem I guess 
> > > 
> > > Arie 
> > > 
> > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo Alvarez: 
> > > Hi Arie, 
> > > 
> > > From which version did you upgrade to 1.2? It would also be helpful to 
> know if that was a clean installation or an upgrade from an even earlier 
> version. 
> > > 
> > > Regards, 
> > > 
> > > Edmundo 
> > > 
> > > > On 16 Sep 2015, at 11:10, Arie  wrote: 
> > > > 
> > > > I'dd had an error on producing the clone, but it appeard to be 
> there. After putting the receivers in it, 
> > > > il looks like it is worrking. So whot is wrong with the original 
> alerts. ? 
> > > > 
> > > > 
> > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: 
> > > > Cloning the stream is not possible either 
> > > > 
> > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: 
> > > > Hi, 
> > > > 
> > > > we are encountering problems with stream alerts after the update. 
> > > > When editing/testing the alert condition we get this message in the 
> GUI. 
> > > > 
> > > > Could not retrieve AlarmCallbacks 
> > > > Fetching AlarmCallbacks failed with status: Internal Server Error 
> > > > 
> > > > 
> > > > server logfile (partial): 
> > > > 
> > > >  ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
> resource 
> > > > com.mongodb.MongoException$Network: Read operation to server 
> localhost:27017 failed on database graylog2 
> > > > at 
> com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) 
> > > > at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) 
> > > > at 
> com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) 
> > > > at 
> com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:66) 
> > > > at com.mongodb.DBCursor._check(DBCursor.java:498) 
> > > > at com.mongodb.DBCursor._hasNext(DBCursor.java:621) 
> > > > at com.mongodb.DBCursor._fill(DBCursor.java:726) 
> > > > at com.mongodb.DBCursor.toArray(DBCursor.java:763) 
> > > > at org.mongojack.DBCursor.toArray(DBCursor.java:426) 
> > > > at org.mongojack.DBCursor.toArray(DBCursor.java:411) 
> > > > 
> > > > 
> > > > Caused by: com.fasterxml.jackson.databind.JsonMappingException: Can 
> not construct instance of java.lang.String, problem: Expected an ObjectId 
> to deserialise to string, but found class java.lang.String 
> > > >  at [Source: 
> de.undercouch.bson4jackson.io.LittleEndianInputStream@2909ef06; pos: 21] 
> (through reference chain: 
> org.graylog2.alarmcallbacks.AlarmCallbackConfigurationAVImpl["id"]) 
> > > > at 
> com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:148)
>  
>
> > > > at 
> com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:889)
>  
>
> > > > at 
> org.mongojack.internal.ObjectIdDeserializers$ToStringDeserializer.deserialize(ObjectIdDeserializers.java:55)
>  
>
> > > > at 
> org.mongojack.internal.ObjectIdDeserializers$ToStringDeserializer.deserialize(ObjectIdDeserializers.java:37)
>  
>
> > > > at 

[graylog2] Re: receiving netflow

[RaCo]

Hello Jochen,

nice work! Is it planned to support IPFIX/AppFlow in the future?

Cheers,
Rainer

Am Mittwoch, 26. August 2015 10:37:35 UTC+2 schrieb Jochen Schalanda:
>
> Hi Marsel,
>
> we will publish a Netflow plugin for Graylog 1.2.0 in the near future. I'm 
> not aware of any Netflow plugin for Graylog 1.1.x.
>
>
> Cheers,
> Jochen
>
> On Wednesday, 26 August 2015 00:40:38 UTC+2, Marsel Qako wrote:
>>
>> HI,
>>
>> I would like to collect netflow from cisco devices into graylog. I 
>> haven't been able to find any documentation if it is supported. Is this a 
>> supported feature?
>>
>> Thank you,
>> Marsel
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4ce591a4-8756-4a46-9cd3-f6c791acbfa2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Autologin for Graylog Dashboard?

[Daniel Oceno]

>
>
>>
Hello there, yes is possible to autologin, you can use this html code, I 
tested and works. But you need to set a timer or something for what you 
want, certanly that can be done with js.

Will be cool to do it with out hardcode the username and password.

**
**
*AutoLogin*
**
*function loginForm() {*
*document.myform.action = "https://graylog/login";*
*document.myform.submit();*
*}*
**
**
**
**
**
**
**
**
** 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a2bca7ea-ac6d-4649-aa9f-94afa7dc89f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: receiving netflow

[Jochen Schalanda]

Hi Rainer,

support for AppFlow is currently not planned but feel free to post a 
feature request at https://github.com/Graylog2/graylog-plugin-netflow/issues
.


Cheers,
Jochen

On Thursday, 17 September 2015 10:15:45 UTC+2, RaCo wrote:
>
> Hello Jochen,
>
> nice work! Is it planned to support IPFIX/AppFlow in the future?
>
> Cheers,
> Rainer
>
> Am Mittwoch, 26. August 2015 10:37:35 UTC+2 schrieb Jochen Schalanda:
>>
>> Hi Marsel,
>>
>> we will publish a Netflow plugin for Graylog 1.2.0 in the near future. 
>> I'm not aware of any Netflow plugin for Graylog 1.1.x.
>>
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 26 August 2015 00:40:38 UTC+2, Marsel Qako wrote:
>>>
>>> HI,
>>>
>>> I would like to collect netflow from cisco devices into graylog. I 
>>> haven't been able to find any documentation if it is supported. Is this a 
>>> supported feature?
>>>
>>> Thank you,
>>> Marsel
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1dae18ba-08ad-4abf-940f-a8618b1a704a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] drools rules metrics?

[Daniel Kamiński]

Hi,
Is there any way I can extract info about how many rules have been affected 
by my drools rules? some kind of metrics of dropped/changed messages 
depending on rule. I know I can use log but it's too verbose, all i need is 
numbers.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2d8e8efc-0b2d-4e94-baa9-09fe463df8ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Problem with streeam alerts after updating to graylog1.2

[Arie]

HI,

My workaround is to clone it, and create the callback again if needed.

Arie.

On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote:
>
> Hello,
>
>   We have the same problem after upgrading to 1.2.0. The callbacks created 
> before version 1.1.6 are not displayed. We also get the error message log: 
> ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
> com.mongodb.MongoException$Network: Read operation to server 
> localhost:27017 failed on database graylog2
>
>   Regards.
>
> El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió:
>>
>> Send it by mail
>>
>> hth,,
>>
>> Arie
>>
>> On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez 
>> wrote:
>>>
>>> We saw a similar problem with an alert callback that was created in 1.0, 
>>> it could be the same problem that you are experiencing. Could you share 
>>> with us your "alarmcallbackconfigurations" MongoDB collection in order to 
>>> further investigate the issue? Please send it to edm...@graylog.com if 
>>> it contains any sensitive information. 
>>>
>>> In case you don't know how to get the collection, you can get the 
>>> MongoDB collection by executing the following command in a terminal: 
>>> mongo :/ <<< 
>>> 'db.alarmcallbackconfigurations.find()' 
>>>
>>> Please remember to replace , , and 
>>>  with the actual values for your environment. You 
>>> may also need to add a username and password if your setup requires 
>>> authentication. 
>>>
>>> Edmundo 
>>>
>>> > On 16 Sep 2015, at 13:09, Arie  wrote: 
>>> > 
>>> > That is very well possible, 1.0 or 1.01 but not totally shore of it. 
>>> > 
>>> > In one of the upgrades I had a problem with some data that was the 
>>> result of a Yum update from repository 
>>> > where old data was deleted an a wrong/missing node-id file. 
>>> > 
>>> > We use the contend-pack function for backup of a lot of settings, an 
>>> what I see now is that the callback 
>>> > function is not present there, and may be missing in my present stream 
>>> configs. 
>>> > 
>>> > Arie 
>>> > 
>>> > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: 
>>> > That previous 1.1 version, was it an upgrade from 1.0 by any chance? 
>>> > 
>>> > Edmundo 
>>> > 
>>> > > On 16 Sep 2015, at 11:39, Arie  wrote: 
>>> > > 
>>> > > And second: 
>>> > > 
>>> > > In the alert the "callbacks" part in the GUI keeps "loading" going 
>>> on endlesly. 
>>> > > I remember editing the calback email condition so we are closer 
>>> intho the problem I guess 
>>> > > 
>>> > > Arie 
>>> > > 
>>> > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo 
>>> Alvarez: 
>>> > > Hi Arie, 
>>> > > 
>>> > > From which version did you upgrade to 1.2? It would also be helpful 
>>> to know if that was a clean installation or an upgrade from an even earlier 
>>> version. 
>>> > > 
>>> > > Regards, 
>>> > > 
>>> > > Edmundo 
>>> > > 
>>> > > > On 16 Sep 2015, at 11:10, Arie  wrote: 
>>> > > > 
>>> > > > I'dd had an error on producing the clone, but it appeard to be 
>>> there. After putting the receivers in it, 
>>> > > > il looks like it is worrking. So whot is wrong with the original 
>>> alerts. ? 
>>> > > > 
>>> > > > 
>>> > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: 
>>> > > > Cloning the stream is not possible either 
>>> > > > 
>>> > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: 
>>> > > > Hi, 
>>> > > > 
>>> > > > we are encountering problems with stream alerts after the update. 
>>> > > > When editing/testing the alert condition we get this message in 
>>> the GUI. 
>>> > > > 
>>> > > > Could not retrieve AlarmCallbacks 
>>> > > > Fetching AlarmCallbacks failed with status: Internal Server Error 
>>> > > > 
>>> > > > 
>>> > > > server logfile (partial): 
>>> > > > 
>>> > > >  ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
>>> resource 
>>> > > > com.mongodb.MongoException$Network: Read operation to server 
>>> localhost:27017 failed on database graylog2 
>>> > > > at 
>>> com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) 
>>> > > > at 
>>> com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) 
>>> > > > at 
>>> com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) 
>>> > > > at 
>>> com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:66) 
>>> > > > at com.mongodb.DBCursor._check(DBCursor.java:498) 
>>> > > > at com.mongodb.DBCursor._hasNext(DBCursor.java:621) 
>>> > > > at com.mongodb.DBCursor._fill(DBCursor.java:726) 
>>> > > > at com.mongodb.DBCursor.toArray(DBCursor.java:763) 
>>> > > > at org.mongojack.DBCursor.toArray(DBCursor.java:426) 
>>> > > > at org.mongojack.DBCursor.toArray(DBCursor.java:411) 
>>> > > > 
>>> > > > 
>>> > > > Caused by: com.fasterxml.jackson.databind.JsonMappingException: 
>>> Can not construct instance of java.lang.String, problem: 

Re: [graylog2] Problem with streeam alerts after updating to graylog1.2

[Ubay]

Thank you but it didn't work for me. I got the error message:

Could not clone Stream
Cloning Stream failed with status: Internal Server error.


In the server.log file the error "Read operation to server localhost:27017 
failed on database graylog2" is present again.

Regards.

El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió:
>
> HI,
>
> My workaround is to clone it, and create the callback again if needed.
>
> Arie.
>
> On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote:
>>
>> Hello,
>>
>>   We have the same problem after upgrading to 1.2.0. The callbacks 
>> created before version 1.1.6 are not displayed. We also get the error 
>> message log: ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
>> resource
>> com.mongodb.MongoException$Network: Read operation to server 
>> localhost:27017 failed on database graylog2
>>
>>   Regards.
>>
>> El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió:
>>>
>>> Send it by mail
>>>
>>> hth,,
>>>
>>> Arie
>>>
>>> On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez 
>>> wrote:

 We saw a similar problem with an alert callback that was created in 
 1.0, it could be the same problem that you are experiencing. Could you 
 share with us your "alarmcallbackconfigurations" MongoDB collection in 
 order to further investigate the issue? Please send it to 
 edm...@graylog.com if it contains any sensitive information. 

 In case you don't know how to get the collection, you can get the 
 MongoDB collection by executing the following command in a terminal: 
 mongo :/ <<< 
 'db.alarmcallbackconfigurations.find()' 

 Please remember to replace , , and 
  with the actual values for your environment. You 
 may also need to add a username and password if your setup requires 
 authentication. 

 Edmundo 

 > On 16 Sep 2015, at 13:09, Arie  wrote: 
 > 
 > That is very well possible, 1.0 or 1.01 but not totally shore of it. 
 > 
 > In one of the upgrades I had a problem with some data that was the 
 result of a Yum update from repository 
 > where old data was deleted an a wrong/missing node-id file. 
 > 
 > We use the contend-pack function for backup of a lot of settings, an 
 what I see now is that the callback 
 > function is not present there, and may be missing in my present 
 stream configs. 
 > 
 > Arie 
 > 
 > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: 
 > That previous 1.1 version, was it an upgrade from 1.0 by any chance? 
 > 
 > Edmundo 
 > 
 > > On 16 Sep 2015, at 11:39, Arie  wrote: 
 > > 
 > > And second: 
 > > 
 > > In the alert the "callbacks" part in the GUI keeps "loading" going 
 on endlesly. 
 > > I remember editing the calback email condition so we are closer 
 intho the problem I guess 
 > > 
 > > Arie 
 > > 
 > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo 
 Alvarez: 
 > > Hi Arie, 
 > > 
 > > From which version did you upgrade to 1.2? It would also be helpful 
 to know if that was a clean installation or an upgrade from an even 
 earlier 
 version. 
 > > 
 > > Regards, 
 > > 
 > > Edmundo 
 > > 
 > > > On 16 Sep 2015, at 11:10, Arie  wrote: 
 > > > 
 > > > I'dd had an error on producing the clone, but it appeard to be 
 there. After putting the receivers in it, 
 > > > il looks like it is worrking. So whot is wrong with the original 
 alerts. ? 
 > > > 
 > > > 
 > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: 
 > > > Cloning the stream is not possible either 
 > > > 
 > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: 
 > > > Hi, 
 > > > 
 > > > we are encountering problems with stream alerts after the update. 
 > > > When editing/testing the alert condition we get this message in 
 the GUI. 
 > > > 
 > > > Could not retrieve AlarmCallbacks 
 > > > Fetching AlarmCallbacks failed with status: Internal Server Error 
 > > > 
 > > > 
 > > > server logfile (partial): 
 > > > 
 > > >  ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
 resource 
 > > > com.mongodb.MongoException$Network: Read operation to server 
 localhost:27017 failed on database graylog2 
 > > > at 
 com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) 
 > > > at 
 com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) 
 > > > at 
 com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) 
 > > > at 
 com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:66) 
 > > > at com.mongodb.DBCursor._check(DBCursor.java:498) 
 > > > 

[graylog2] Re: One more search question ...

[Jochen Schalanda]

Hi Claus,

not all message fields are being analyzed during index time, which enables 
wildcard searches in the first place. By default, only message, full_message, 
and source are being analyzed. If you want to analyze other message fields 
as well, you'll need to create an Elasticsearch index template with the 
appropriate mapping: 
https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html

Cheers,
Jochen

On Thursday, 17 September 2015 13:44:48 UTC+2, Claus Koell wrote:
>
> Hi !
>
> We have a Input that extract some fields with regular expressions from 
> messages coming from a apache access-log 
> One resulting field is called path.
>
> Some values in that field look like
>
> /primefaces/5.1.14/primefaces.css
> /mahara/view/blocks.json.php
> /TestWeb/sample.do
>
> If i try to search with wildcards it looks like that values with a lower 
> "beginning" will be found
>
> Sample search strings with results:
>
> path:\/primefaces\/5.1.14\/*
> path:\/mahara\/view\/*
>
> If i try this search i get no results
>
> path:\/TestWeb\/*
>
> Trying to search for a valid value without wildcard works fine
>
> path:\/TestWeb\/sample.do
>
> Thanks for any tip !
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ed889e93-c0ad-4ece-885b-32fc1e4a8e65%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Docker, ES Cluster Status - Red

[ivan morozov]

Hi @all

I'm starting my es docker with params as follow:

docker run -t -p 9000:9000 -p 12201:12201 -p 514:514/udp -p : -e 
GRAYLOG_NODE_ID=static-nodename -e GRAYLOG_TIMEZONE=Europe/Berlin -e 
GRAYLOG_SMTP_SERVER="my-smtp.server --no-tls --no-ssl" -v /graylog/data:
/var/opt/graylog/data -v /graylog/logs:/var/log/graylog -v /graylog/plugin:
/opt/graylog/plugin graylog2/allinone

After restarting the docker container with the same params the cluster of 
my elasticsearch get status RED.

What can i do to avoid this problem?

Thanks in advance
Ivan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c3d859d7-561a-47b4-ba3c-856b27f2c421%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: elasticsearch node with mixed SSD and HDD

[RaCo]

This seems to be closely related to your issue:
https://www.elastic.co/blog/hot-warm-architecture?blade=tw

Am Mittwoch, 16. September 2015 17:12:45 UTC+2 schrieb 
holgerop...@gmail.com:
>
> *Is it possible to move older indices from FS x on SSD to FS y on HDD?*
>
> We want to try this because server with large SSD-arrays are aweful 
> expensive. We know we have to expect performance implications during 
> searches in data we moved to HDD.
> As far as we know old indices are no longer updated in any way.
>
> Can we:
>
>1. close the index in Graylog
>2. move the shards-directory of an old index from FS x to FS y.
>ES config must include the multiple data locations option.
>3. reopen the index in Graylog.
>
> What do you think?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/97868377-3aae-43aa-a30b-38f3037a8600%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Problem with streeam alerts after updating to graylog1.2

[Arie]

I have that error to, but the clone appeard.
We put "Clone" in front of the name of the clone, you have to do that :-)


On Thursday, September 17, 2015 at 2:02:42 PM UTC+2, Ubay wrote:
>
> Thank you but it didn't work for me. I got the error message:
>
> Could not clone Stream
> Cloning Stream failed with status: Internal Server error.
>
>
> In the server.log file the error "Read operation to server localhost:27017 
> failed on database graylog2" is present again.
>
> Regards.
>
> El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió:
>>
>> HI,
>>
>> My workaround is to clone it, and create the callback again if needed.
>>
>> Arie.
>>
>> On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote:
>>>
>>> Hello,
>>>
>>>   We have the same problem after upgrading to 1.2.0. The callbacks 
>>> created before version 1.1.6 are not displayed. We also get the error 
>>> message log: ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
>>> resource
>>> com.mongodb.MongoException$Network: Read operation to server 
>>> localhost:27017 failed on database graylog2
>>>
>>>   Regards.
>>>
>>> El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió:

 Send it by mail

 hth,,

 Arie

 On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez 
 wrote:
>
> We saw a similar problem with an alert callback that was created in 
> 1.0, it could be the same problem that you are experiencing. Could you 
> share with us your "alarmcallbackconfigurations" MongoDB collection in 
> order to further investigate the issue? Please send it to 
> edm...@graylog.com if it contains any sensitive information. 
>
> In case you don't know how to get the collection, you can get the 
> MongoDB collection by executing the following command in a terminal: 
> mongo :/ <<< 
> 'db.alarmcallbackconfigurations.find()' 
>
> Please remember to replace , , and 
>  with the actual values for your environment. You 
> may also need to add a username and password if your setup requires 
> authentication. 
>
> Edmundo 
>
> > On 16 Sep 2015, at 13:09, Arie  wrote: 
> > 
> > That is very well possible, 1.0 or 1.01 but not totally shore of it. 
> > 
> > In one of the upgrades I had a problem with some data that was the 
> result of a Yum update from repository 
> > where old data was deleted an a wrong/missing node-id file. 
> > 
> > We use the contend-pack function for backup of a lot of settings, an 
> what I see now is that the callback 
> > function is not present there, and may be missing in my present 
> stream configs. 
> > 
> > Arie 
> > 
> > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo 
> Alvarez: 
> > That previous 1.1 version, was it an upgrade from 1.0 by any chance? 
> > 
> > Edmundo 
> > 
> > > On 16 Sep 2015, at 11:39, Arie  wrote: 
> > > 
> > > And second: 
> > > 
> > > In the alert the "callbacks" part in the GUI keeps "loading" going 
> on endlesly. 
> > > I remember editing the calback email condition so we are closer 
> intho the problem I guess 
> > > 
> > > Arie 
> > > 
> > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo 
> Alvarez: 
> > > Hi Arie, 
> > > 
> > > From which version did you upgrade to 1.2? It would also be 
> helpful to know if that was a clean installation or an upgrade from an 
> even 
> earlier version. 
> > > 
> > > Regards, 
> > > 
> > > Edmundo 
> > > 
> > > > On 16 Sep 2015, at 11:10, Arie  wrote: 
> > > > 
> > > > I'dd had an error on producing the clone, but it appeard to be 
> there. After putting the receivers in it, 
> > > > il looks like it is worrking. So whot is wrong with the original 
> alerts. ? 
> > > > 
> > > > 
> > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: 
> > > > Cloning the stream is not possible either 
> > > > 
> > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: 
> > > > Hi, 
> > > > 
> > > > we are encountering problems with stream alerts after the 
> update. 
> > > > When editing/testing the alert condition we get this message in 
> the GUI. 
> > > > 
> > > > Could not retrieve AlarmCallbacks 
> > > > Fetching AlarmCallbacks failed with status: Internal Server 
> Error 
> > > > 
> > > > 
> > > > server logfile (partial): 
> > > > 
> > > >  ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
> resource 
> > > > com.mongodb.MongoException$Network: Read operation to server 
> localhost:27017 failed on database graylog2 
> > > > at 
> com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:298) 

Re: [graylog2] Graylog shows no menu after login

[Anant Sawant]

Hi Edmundo,

Thanks!!
The cause of this issue was the "app.js" file which graylog was no able to 
load. I fixed it and now the graylog is working fine.
Though it is working fine, when I start the Graylog server component I get 
the following lines on console "Failed to load sigar falling back to jmx 
implementation". Is this something I should be worried about as with this 
still everything works fine. Can you please suggest me something on this. 
As I have no idea about this.

Thanks in advance!!
Anant :-)

On Wednesday, 16 September 2015 23:23:55 UTC+5:30, Edmundo Alvarez wrote:
>
> Hi Anant, 
>
> By the way you described the problem, there must be some error loading 
> Javascript. Could you please take a look at the Javascript console in your 
> browser and share any errors that you might see there? It would also be 
> helpful knowing the browser and OS you use. Please also ensure that you are 
> not using any plugin blocking Javascript execution for Graylog. 
>
> Regards, 
>
> Edmundo 
>
> > On 16 Sep 2015, at 18:58, Anant Sawant  > wrote: 
> > 
> > Hi! 
> > 
> > I am running Graylog 1.1.6 server component and Graylog web component 
> 1.1.6 which I have setup manually. 
> > I am running this on ubuntu 14.04.1. For this I have installed 
> Elasticsearch 1.7.2, mongodb version v3.0.6 and Java 1.8.0_60. The Graylog 
> 1.1.6 server component, Graylog web component 1.1.6, Mongod and 
> Elasticsearch are on the same machine. For configuration I have referred  
> http://docs.graylog.org/en/1.2/pages/installation/manual_setup.html#configuring-the-web-interface.
>  
> As per this document Graylog 1.1.6 server component and Graylog web 
> component 1.1.6 both are running well/as expected as I can see the expected 
> result on the console, also the logs shows no errors/exception. It also 
> shows the graylog login screen, but when I login using the credentials I 
> see no menu's, all I get is a simple page saying "graylog-web-interface 
> v1.1.6 (2e264c2) (Oracle Corporation 1.8.0_60 / Linux 3.13.0-32-generic) on 
> ubuntu ". Why are the menus not visible?? 
> > Is it because as I have not pointed the configured elasticsearch to 
> syslog or any other log system. Or is the issue with the configuration?? 
> > I have attached the configuration files. 
> > 
> > Please suggest or give me a idea to where to look for this issue. 
> > 
> > Thanks in advance 
> > 
> > Anant:-) 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/6683ee44-dda1-4869-b72e-d43471f8d81e%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
> > 
>  
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ae5d6b2f-6a5d-467b-adf8-bba225b17509%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Elasticsearch cluster is red.

[Marsel Qako]

Hi,

I'm having an issue with elasticsearch. Any help would be really 
appreciated. The first time i had this issue i did a cleanse which fixed 
the issue for couple of days, but that deleted all my data.

Every couple of days i'm getting the follwoing error *Elasticsearch cluster 
is red.* Shards: 8 active, 0 initializing, 0 relocating, 16 unassigned.  I 
see messages coming in but not going out " In *47* / Out *0* msg/s" . The 
log file shows the following


2015-09-17_16:19:03.24771 WARN  [BlockingBatchedESOutput] Error while 
waiting for healthy Elasticsearch cluster. Not flushing.
2015-09-17_16:19:03.24773 java.util.concurrent.TimeoutException: 
Elasticsearch cluster didn't get healthy within timeout
2015-09-17_16:19:03.24774   at 
org.graylog2.indexer.cluster.Cluster.waitForConnectedAndHealthy(Cluster.java:174)
2015-09-17_16:19:03.24774   at 
org.graylog2.indexer.cluster.Cluster.waitForConnectedAndHealthy(Cluster.java:179)
2015-09-17_16:19:03.24774   at 
org.graylog2.outputs.BlockingBatchedESOutput.flush(BlockingBatchedESOutput.java:112)
2015-09-17_16:19:03.24774   at 
org.graylog2.outputs.BlockingBatchedESOutput.write(BlockingBatchedESOutput.java:105)
2015-09-17_16:19:03.24774   at 
org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:189)
2015-09-17_16:19:03.24775   at 
com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
2015-09-17_16:19:03.24775   at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
2015-09-17_16:19:03.24775   at 
java.util.concurrent.FutureTask.run(FutureTask.java:266)
2015-09-17_16:19:03.24775   at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
2015-09-17_16:19:03.24775   at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
2015-09-17_16:19:03.24776   at java.lang.Thread.run(Thread.java:745)

Thank you for all your help

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fea28c28-7395-461c-9e95-c9ddd5c69abb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Problem with streeam alerts after updating to graylog1.2

[Ubay]

The fix works!

Thank you

El jueves, 17 de septiembre de 2015, 14:06:00 (UTC+1), Edmundo Alvarez 
escribió:
>
> After looking at the documents provided by Arie and Ubay, I can confirm 
> the issue, and we already identified the cause. We are working to provide a 
> proper solution for this issue, but if you really can't wait, there is a 
> temporary solution and more information in here: 
> https://github.com/Graylog2/graylog2-server/issues/1428 
>
> Thank you for your patience, and sorry for any inconveniences this may 
> have caused. 
>
> Regards, 
>
> Edmundo 
>
> > On 17 Sep 2015, at 14:55, Arie  
> wrote: 
> > 
> > I have that error to, but the clone appeard. 
> > We put "Clone" in front of the name of the clone, you have to do that 
> :-) 
> > 
> > 
> > On Thursday, September 17, 2015 at 2:02:42 PM UTC+2, Ubay wrote: 
> > Thank you but it didn't work for me. I got the error message: 
> > 
> > Could not clone Stream 
> > Cloning Stream failed with status: Internal Server error. 
> > 
> > 
> > In the server.log file the error "Read operation to server 
> localhost:27017 failed on database graylog2" is present again. 
> > 
> > Regards. 
> > 
> > El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió: 
> > HI, 
> > 
> > My workaround is to clone it, and create the callback again if needed. 
> > 
> > Arie. 
> > 
> > On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote: 
> > Hello, 
> > 
> >   We have the same problem after upgrading to 1.2.0. The callbacks 
> created before version 1.1.6 are not displayed. We also get the error 
> message log: ERROR [AnyExceptionClassMapper] Unhandled exception in REST 
> resource 
> > com.mongodb.MongoException$Network: Read operation to server 
> localhost:27017 failed on database graylog2 
> > 
> >   Regards. 
> > 
> > El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió: 
> > Send it by mail 
> > 
> > hth,, 
> > 
> > Arie 
> > 
> > On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez 
> wrote: 
> > We saw a similar problem with an alert callback that was created in 1.0, 
> it could be the same problem that you are experiencing. Could you share 
> with us your "alarmcallbackconfigurations" MongoDB collection in order to 
> further investigate the issue? Please send it to edm...@graylog.com if it 
> contains any sensitive information. 
> > 
> > In case you don't know how to get the collection, you can get the 
> MongoDB collection by executing the following command in a terminal: 
> > mongo :/ <<< 
> 'db.alarmcallbackconfigurations.find()' 
> > 
> > Please remember to replace , , and 
>  with the actual values for your environment. You 
> may also need to add a username and password if your setup requires 
> authentication. 
> > 
> > Edmundo 
> > 
> > > On 16 Sep 2015, at 13:09, Arie  wrote: 
> > > 
> > > That is very well possible, 1.0 or 1.01 but not totally shore of it. 
> > > 
> > > In one of the upgrades I had a problem with some data that was the 
> result of a Yum update from repository 
> > > where old data was deleted an a wrong/missing node-id file. 
> > > 
> > > We use the contend-pack function for backup of a lot of settings, an 
> what I see now is that the callback 
> > > function is not present there, and may be missing in my present stream 
> configs. 
> > > 
> > > Arie 
> > > 
> > > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: 
> > > That previous 1.1 version, was it an upgrade from 1.0 by any chance? 
> > > 
> > > Edmundo 
> > > 
> > > > On 16 Sep 2015, at 11:39, Arie  wrote: 
> > > > 
> > > > And second: 
> > > > 
> > > > In the alert the "callbacks" part in the GUI keeps "loading" going 
> on endlesly. 
> > > > I remember editing the calback email condition so we are closer 
> intho the problem I guess 
> > > > 
> > > > Arie 
> > > > 
> > > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo 
> Alvarez: 
> > > > Hi Arie, 
> > > > 
> > > > From which version did you upgrade to 1.2? It would also be helpful 
> to know if that was a clean installation or an upgrade from an even earlier 
> version. 
> > > > 
> > > > Regards, 
> > > > 
> > > > Edmundo 
> > > > 
> > > > > On 16 Sep 2015, at 11:10, Arie  wrote: 
> > > > > 
> > > > > I'dd had an error on producing the clone, but it appeard to be 
> there. After putting the receivers in it, 
> > > > > il looks like it is worrking. So whot is wrong with the original 
> alerts. ? 
> > > > > 
> > > > > 
> > > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: 
> > > > > Cloning the stream is not possible either 
> > > > > 
> > > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: 
> > > > > Hi, 
> > > > > 
> > > > > we are encountering problems with stream alerts after the update. 
> > > > > When editing/testing the alert condition we get this message in 
> the GUI. 
> > > > > 
> > > > > Could not retrieve 

Re: [graylog2] Problem with streeam alerts after updating to graylog1.2

[Edmundo Alvarez]

After looking at the documents provided by Arie and Ubay, I can confirm the 
issue, and we already identified the cause. We are working to provide a proper 
solution for this issue, but if you really can't wait, there is a temporary 
solution and more information in here: 
https://github.com/Graylog2/graylog2-server/issues/1428

Thank you for your patience, and sorry for any inconveniences this may have 
caused.

Regards,

Edmundo

> On 17 Sep 2015, at 14:55, Arie  wrote:
> 
> I have that error to, but the clone appeard.
> We put "Clone" in front of the name of the clone, you have to do that :-)
> 
> 
> On Thursday, September 17, 2015 at 2:02:42 PM UTC+2, Ubay wrote:
> Thank you but it didn't work for me. I got the error message:
> 
> Could not clone Stream
> Cloning Stream failed with status: Internal Server error.
> 
> 
> In the server.log file the error "Read operation to server localhost:27017 
> failed on database graylog2" is present again.
> 
> Regards.
> 
> El jueves, 17 de septiembre de 2015, 12:33:54 (UTC+1), Arie escribió:
> HI,
> 
> My workaround is to clone it, and create the callback again if needed.
> 
> Arie.
> 
> On Thursday, September 17, 2015 at 1:09:38 PM UTC+2, Ubay wrote:
> Hello,
> 
>   We have the same problem after upgrading to 1.2.0. The callbacks created 
> before version 1.1.6 are not displayed. We also get the error message log: 
> ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
> com.mongodb.MongoException$Network: Read operation to server localhost:27017 
> failed on database graylog2
> 
>   Regards.
> 
> El jueves, 17 de septiembre de 2015, 7:55:27 (UTC+1), Arie escribió:
> Send it by mail
> 
> hth,,
> 
> Arie
> 
> On Wednesday, September 16, 2015 at 3:15:12 PM UTC+2, Edmundo Alvarez wrote:
> We saw a similar problem with an alert callback that was created in 1.0, it 
> could be the same problem that you are experiencing. Could you share with us 
> your "alarmcallbackconfigurations" MongoDB collection in order to further 
> investigate the issue? Please send it to edm...@graylog.com if it contains 
> any sensitive information. 
> 
> In case you don't know how to get the collection, you can get the MongoDB 
> collection by executing the following command in a terminal: 
> mongo :/ <<< 
> 'db.alarmcallbackconfigurations.find()' 
> 
> Please remember to replace , , and 
>  with the actual values for your environment. You may 
> also need to add a username and password if your setup requires 
> authentication. 
> 
> Edmundo 
> 
> > On 16 Sep 2015, at 13:09, Arie  wrote: 
> > 
> > That is very well possible, 1.0 or 1.01 but not totally shore of it. 
> > 
> > In one of the upgrades I had a problem with some data that was the result 
> > of a Yum update from repository 
> > where old data was deleted an a wrong/missing node-id file. 
> > 
> > We use the contend-pack function for backup of a lot of settings, an what I 
> > see now is that the callback 
> > function is not present there, and may be missing in my present stream 
> > configs. 
> > 
> > Arie 
> > 
> > Op woensdag 16 september 2015 11:45:55 UTC+2 schreef Edmundo Alvarez: 
> > That previous 1.1 version, was it an upgrade from 1.0 by any chance? 
> > 
> > Edmundo 
> > 
> > > On 16 Sep 2015, at 11:39, Arie  wrote: 
> > > 
> > > And second: 
> > > 
> > > In the alert the "callbacks" part in the GUI keeps "loading" going on 
> > > endlesly. 
> > > I remember editing the calback email condition so we are closer intho the 
> > > problem I guess 
> > > 
> > > Arie 
> > > 
> > > Op woensdag 16 september 2015 11:22:52 UTC+2 schreef Edmundo Alvarez: 
> > > Hi Arie, 
> > > 
> > > From which version did you upgrade to 1.2? It would also be helpful to 
> > > know if that was a clean installation or an upgrade from an even earlier 
> > > version. 
> > > 
> > > Regards, 
> > > 
> > > Edmundo 
> > > 
> > > > On 16 Sep 2015, at 11:10, Arie  wrote: 
> > > > 
> > > > I'dd had an error on producing the clone, but it appeard to be there. 
> > > > After putting the receivers in it, 
> > > > il looks like it is worrking. So whot is wrong with the original 
> > > > alerts. ? 
> > > > 
> > > > 
> > > > Op woensdag 16 september 2015 10:55:54 UTC+2 schreef Arie: 
> > > > Cloning the stream is not possible either 
> > > > 
> > > > Op woensdag 16 september 2015 10:53:47 UTC+2 schreef Arie: 
> > > > Hi, 
> > > > 
> > > > we are encountering problems with stream alerts after the update. 
> > > > When editing/testing the alert condition we get this message in the 
> > > > GUI. 
> > > > 
> > > > Could not retrieve AlarmCallbacks 
> > > > Fetching AlarmCallbacks failed with status: Internal Server Error 
> > > > 
> > > > 
> > > > server logfile (partial): 
> > > > 
> > > >  ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource 
> > > > com.mongodb.MongoException$Network: Read operation to server 
> > > > localhost:27017 failed on database 

[graylog2] Chunking format, some examples?

[Jeffrey Newell]

I am just getting started using graylog, and am honing my logging.
I have a large dump from an external tool im using in my data pipeline that 
I want so send as a Debug-level single log item.
I'm interfacing with graylog with nc, piping a formatted string, of GELF 
format, to it (ip address obfuscated below, of course):

echo "{\"version\": 
\"$GRAYLOG_VERSION\",\"host\":\"$APP_HOST\",\"short_message\":\"$SHORT_MESSAGE\",\"full_message\":\"$j\",\"level\":$LOG_LEVEL,\"log_type\":\"$LOG_TYPE\"}"
 
| nc -w 3 -u 00.00.00.00 12201


I see in the docs there is a direction, and further info about a structure 
to prepend, but I'm not clear WHERE this should go, like directly before 
the { or what, any separators?  An example would be really helpful:

You can define chunks of messages by prepending a byte header to a GELF 
message including a message ID and sequence count/number to reassemble the 
message later


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9e6a983b-089b-4e31-abd3-13a77add9d52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Elasticsearch cluster is red.

[Drew Miranda]

Are you able to do a cat on your elastic search via the api?
https://www.elastic.co/guide/en/elasticsearch/reference/current/cat.html

Do you just have one ES node? Does the logs for elaaticsearch have any errors?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/93fe71a4-879a-4dc8-9816-2458599a9473%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.