[graylog2] Re: Chunking format, some examples?

2015-09-18 Thread Jamie Geyer 
Jeff -

I'm having a hard time understanding this myself.  Instead of chunking you 
could try to gzip it.  Graylog should decode a gzip'd string automatically. 
 

I think it would be something like:

echo  | gzip -cf | nc  etc...

On Thursday, September 17, 2015 at 10:27:11 AM UTC-4, Jeffrey Newell wrote:
>
> I am just getting started using graylog, and am honing my logging.
> I have a large dump from an external tool im using in my data pipeline 
> that I want so send as a Debug-level single log item.
> I'm interfacing with graylog with nc, piping a formatted string, of GELF 
> format, to it (ip address obfuscated below, of course):
>
> echo "{\"version\": 
> \"$GRAYLOG_VERSION\",\"host\":\"$APP_HOST\",\"short_message\":\"$SHORT_MESSAGE\",\"full_message\":\"$j\",\"level\":$LOG_LEVEL,\"log_type\":\"$LOG_TYPE\"}"
>  
> | nc -w 3 -u 00.00.00.00 12201
>
>
> I see in the docs there is a direction, and further info about a structure 
> to prepend, but I'm not clear WHERE this should go, like directly before 
> the { or what, any separators?  An example would be really helpful:
>
> You can define chunks of messages by prepending a byte header to a GELF 
> message including a message ID and sequence count/number to reassemble the 
> message later
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8b66648b-6dcd-4ca0-b161-21c7ea19261a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

2015-09-18 Thread ivan morozov 
Great! It works perfectly, thanks for your help!

Am Freitag, 18. September 2015 17:04:57 UTC+2 schrieb Kay Röpke:
>
>
> On 18 Sep 2015, at 16:05, ivan morozov  
> wrote:
>
> So far i know to keep the input configurations/ grok patterns / custom 
> extractors, i have to use the same NODE_ID and same password_secret. 
> I estimate when i change it i will lose all this configurations? Do you 
> have a approach to avoid this?
>
>
> The password secret is only for authentication tokens, user passwords and 
> the ldap settings. You need to keep the node id, but the secret should not
> affect anything else.
>
> cheers,
> -k
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/24be7d9d-8e0a-48c3-9ac1-749f1210e571%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog2-web-interface - build_release.sh fails today

2015-09-18 Thread Jesse Skrivseth 
Yesterday the build worked fine, but today I've made no changes and I'm 
getting npm issues:

npm WARN package.json graylog-web-interface@1.3.0-SNAPSHOT No repository 
field.
npm WARN package.json graylog-web-interface@1.3.0-SNAPSHOT No README data
npm http GET https://registry.npmjs.org/npm/3.3.4
npm http 200 https://registry.npmjs.org/npm/3.3.4
npm http GET https://registry.npmjs.org/npm/-/npm-3.3.4.tgz
npm http 200 https://registry.npmjs.org/npm/-/npm-3.3.4.tgz
npm WARN prefer global npm@3.3.4 should be installed with -g
npm@3.3.4 node_modules/npm
Using npm 
module.js:340
throw err;
  ^
Error: Cannot find module 'are-we-there-yet'
at Function.Module._resolveFilename (module.js:338:15)
at Function.Module._load (module.js:280:25)
at Module.require (module.js:364:17)
at require (module.js:380:17)
at Object. 
(/home/jesse/IdeaProjects/graylog2-web-interface/javascript/node_modules/npm/node_modules/npmlog/log.js:2:16)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:364:17)


Changing build_release.sh from:

# Install same npm version as we use in travis
rm -rf ./node_modules
npm install --no-spin npm@latest

to

# Install same npm version as we use in travis
rm -rf ./node_modules
npm install --no-spin npm@2


allows it to build properly. Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c5303cb6-f651-4cc5-bd04-fedab9a9e6da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Trends presentation in dashboard

2015-09-18 Thread Edmundo Alvarez 
Hi Stanislav,

The "lower is better" option changes the used colour for arrows indicating the 
trend. With that option enabled, arrows pointing down will be in green, and 
arrows pointing up in red. I am not aware of any issues with that feature, at 
least seems to be working in 1.2.0. Could you please upgrade to 1.2.0 and see 
if the problem disappears?

In other case, please attach an screenshot of the problem, and the 
configuration of the widget (you get it by clicking on the info button on the 
bottom-right corner of the widget).

Regards,

Edmundo

> On 17 Sep 2015, at 18:18, Stanislav Kopp  wrote:
> 
> Hi all,
> 
> I have a question about trends in dashboard, I've activated trend for simple 
> logs counter with option "Lower is better", but no matter if number of logs 
> is lower or higher, it always remains "green". Did I misunderstood this 
> feature or it is something wrong with my setup?
> 
> I'm using Graylog 1.1.4
> 
> Thanks,
> Stan  
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/c186a534-3577-4455-9a5c-5c4876a75fb0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3FF40F9E-94B6-4586-9C93-3CA575A83222%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Encoding problem in email alert callback.

2015-09-18 Thread Alexander Ivanes 
Hello!

We have a standard email callback configuration:


   body: 
   ##
   Alert Description: ${check_result.resultDescription}
   Date: ${check_result.triggeredAt}
   Stream ID: ${stream.id}
   Stream title: ${stream.title}
   Stream description: ${stream.description}
   ${if stream_url}Stream URL: ${stream_url}${end}
   Triggered condition: ${check_result.triggeredCondition}
   ##
   ${if backlog}Last messages accounting for this alert:
   ${foreach backlog message}${message}
   ${end}${else}
   ${end} 
   
   sender: 
   graylog@***
   
   subject: 
   Graylog alert for stream: ${stream.title}: ${check_result.
   resultDescription}
   
   

Everything works fine, except that ${message} contain question marks 
instead of cyrillic symbols.

>From graylog stream documentation:

message (only available via iteration over the backlog object)
> The message object has several fields with details about the message. When 
> using the message object without accessing any fields, the toString() 
> method of the underlying Java object is used to display it.


I think that problem is in the toString() method, that doesn't work with 
unicode.

Is there any way to solve this problem? JMTE magic maybe?

Thanks in advance.

Alexander.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/53519954-d73e-4351-b3b9-3300a06b94af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Trends presentation in dashboard

2015-09-18 Thread Stanislav Kopp 
Hi Edmundo,

thx for explanation, I did some research for another counter, see
screenshots: http://imgur.com/a/765md
the first one is counter for errors in last hour, you see 3437 messages
the second one is the same stream for last 2 hours, 6636 messages,
what makes 6636-3437=3199, so this mean for me the number of errors
now is more than for "another" last hour, but the widget is still
green (no screenshot, but you can trust me :)


Best,
Stan



2015-09-18 16:06 GMT+02:00 Edmundo Alvarez :
> To be honest I'm not sure if it is an actual error or some misunderstanding 
> of how it works, as it is tricky. I will explain it here a bit more in depth, 
> so you can investigate further, and decide if it is working or not.
>
> When you add a count widget for the last 5 minutes, Graylog will do a search 
> in the last 5 minutes and count the number of messages. Adding a trend to 
> that widget means that Graylog will do two searches: one in the last 5 
> minutes for the actual number you want to see, and another one in the 
> previous 5 minutes that is, since 10 minutes ago to 5 minutes ago, and 
> compare the results to show the trend information.
>
> So, in summary, to see if it is working as expected, you could do a search in 
> the last 10 minutes, subtract the count for the last 5 minutes, and see if 
> the previous count was higher or lower. Please let us know the results, so we 
> know if there is a problem with it.
>
> Cheers,
>
> Edmundo
>
>> On 18 Sep 2015, at 15:39, Stanislav Kopp  wrote:
>>
>> Hi Edmundo,
>>
>> thx, I will try upgrade graylog to 1.2 next week (I wanted to wait
>> till 1.2.1 honestly), here some screenshot of my dasboard
>> http://imgur.com/a/l0t02, the widget shows count of specific errors
>> every 5 minutes (so less is better). here is "4", 5 minutes before it
>> was "1", so if I understood correctly the arrow should be red
>> (pointing up).
>>
>> Best,
>> Stan
>>
>> 2015-09-18 14:21 GMT+02:00 Edmundo Alvarez :
>>> Hi Stanislav,
>>>
>>> The "lower is better" option changes the used colour for arrows indicating 
>>> the trend. With that option enabled, arrows pointing down will be in green, 
>>> and arrows pointing up in red. I am not aware of any issues with that 
>>> feature, at least seems to be working in 1.2.0. Could you please upgrade to 
>>> 1.2.0 and see if the problem disappears?
>>>
>>> In other case, please attach an screenshot of the problem, and the 
>>> configuration of the widget (you get it by clicking on the info button on 
>>> the bottom-right corner of the widget).
>>>
>>> Regards,
>>>
>>> Edmundo
>>>
 On 17 Sep 2015, at 18:18, Stanislav Kopp  wrote:

 Hi all,

 I have a question about trends in dashboard, I've activated trend for 
 simple logs counter with option "Lower is better", but no matter if number 
 of logs is lower or higher, it always remains "green". Did I misunderstood 
 this feature or it is something wrong with my setup?

 I'm using Graylog 1.1.4

 Thanks,
 Stan

 --
 You received this message because you are subscribed to the Google Groups 
 "Graylog Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to graylog2+unsubscr...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/graylog2/c186a534-3577-4455-9a5c-5c4876a75fb0%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the 
>>> Google Groups "Graylog Users" group.
>>> To unsubscribe from this topic, visit 
>>> https://groups.google.com/d/topic/graylog2/rgagiaf8MgM/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to 
>>> graylog2+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/graylog2/3FF40F9E-94B6-4586-9C93-3CA575A83222%40graylog.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/CAFddgf3detsBhXPFuSKsd0GODRDsZx3BnzsVG-0ya0kMVJ7%2Bdg%40mail.gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google 
> Groups "Graylog Users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/graylog2/rgagiaf8MgM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

2015-09-18 Thread Kay Röpke 

> On 18 Sep 2015, at 16:05, ivan morozov  wrote:
> 
> So far i know to keep the input configurations/ grok patterns / custom 
> extractors, i have to use the same NODE_ID and same password_secret. 
> I estimate when i change it i will lose all this configurations? Do you have 
> a approach to avoid this?
> 

The password secret is only for authentication tokens, user passwords and the 
ldap settings. You need to keep the node id, but the secret should not
affect anything else.

cheers,
-k

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/85079D70-8314-4119-893F-D39264401358%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog 1.2 LDAP Integration Error.

2015-09-18 Thread ivan morozov 
Hi @All,

i'm trying to integrate LDAP into my Graylog. I'm using Graylog standalone 
docker machine.

In my case i'm putt all the configuration of LDAP into Graylog UI, then

   1. Test Server Connection -> Works Fine! 
   2. Test Login -> Works Fine!
   3. Save LDAP Settings -> Fail!


After looking into Logs i found this:

Unable to save LDAP settings.

 

org.graylog2.restclient.lib.APIException: API call failed PUT 
http://@172.17.0.14:12900/system/ldap/settings 
returned 500 Internal Server Error body: 
{"type":"ApiError","message":"String index out of range: 16"} 


 




Has anybody this error before? 


Best

Ivan 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3a36c236-4aa3-4030-ab98-360c42215382%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

2015-09-18 Thread Kay Röpke 
This is because your password_secret in the server.conf is too short.

We use AES to encrypt the system password and AES needs 16 characters as inputs 
from the secret. If it is too short, then we can’t encrypt it.

If you change it, then you need to reset the passwords of all users except the 
builtin admin account.

cheers,
-k
> On 18 Sep 2015, at 15:49, Edmundo Alvarez  wrote:
> 
> Hi,
> 
> Could you please also include any errors that you may see in the Graylog 
> server log? Maybe those were give us a hint.
> 
> Thank you,
> 
> Edmundo
> 
>> On 18 Sep 2015, at 15:34, ivan morozov  wrote:
>> 
>> Hi @All,
>> 
>> i'm trying to integrate LDAP into my Graylog. I'm using Graylog standalone 
>> docker machine.
>> 
>> In my case i'm putt all the configuration of LDAP into Graylog UI, then
>>  • Test Server Connection -> Works Fine! 
>>  • Test Login -> Works Fine!
>>  • Save LDAP Settings -> Fail!
>> 
>> After looking into Logs i found this:
>> 
>> Unable to save LDAP settings.
>> 
>> 
>> 
>> org.graylog2.restclient.lib.APIException: API call failed PUT 
>> http://@172.17.0.14:12900/system/ldap/settings returned 500 Internal Server 
>> Error body: {"type":"ApiError","message":"String index out of range: 16"} 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Has anybody this error before? 
>> 
>> 
>> 
>> Best
>> 
>> Ivan 
>> 
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/3a36c236-4aa3-4030-ab98-360c42215382%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/D935506A-A040-4E65-B97C-291CFD3CFFEB%40graylog.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4F64A289-76BD-4F7E-B73B-15A1B3B44B53%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Trends presentation in dashboard

2015-09-18 Thread Edmundo Alvarez 
To be honest I'm not sure if it is an actual error or some misunderstanding of 
how it works, as it is tricky. I will explain it here a bit more in depth, so 
you can investigate further, and decide if it is working or not.

When you add a count widget for the last 5 minutes, Graylog will do a search in 
the last 5 minutes and count the number of messages. Adding a trend to that 
widget means that Graylog will do two searches: one in the last 5 minutes for 
the actual number you want to see, and another one in the previous 5 minutes 
that is, since 10 minutes ago to 5 minutes ago, and compare the results to show 
the trend information.

So, in summary, to see if it is working as expected, you could do a search in 
the last 10 minutes, subtract the count for the last 5 minutes, and see if the 
previous count was higher or lower. Please let us know the results, so we know 
if there is a problem with it.

Cheers,

Edmundo

> On 18 Sep 2015, at 15:39, Stanislav Kopp  wrote:
> 
> Hi Edmundo,
> 
> thx, I will try upgrade graylog to 1.2 next week (I wanted to wait
> till 1.2.1 honestly), here some screenshot of my dasboard
> http://imgur.com/a/l0t02, the widget shows count of specific errors
> every 5 minutes (so less is better). here is "4", 5 minutes before it
> was "1", so if I understood correctly the arrow should be red
> (pointing up).
> 
> Best,
> Stan
> 
> 2015-09-18 14:21 GMT+02:00 Edmundo Alvarez :
>> Hi Stanislav,
>> 
>> The "lower is better" option changes the used colour for arrows indicating 
>> the trend. With that option enabled, arrows pointing down will be in green, 
>> and arrows pointing up in red. I am not aware of any issues with that 
>> feature, at least seems to be working in 1.2.0. Could you please upgrade to 
>> 1.2.0 and see if the problem disappears?
>> 
>> In other case, please attach an screenshot of the problem, and the 
>> configuration of the widget (you get it by clicking on the info button on 
>> the bottom-right corner of the widget).
>> 
>> Regards,
>> 
>> Edmundo
>> 
>>> On 17 Sep 2015, at 18:18, Stanislav Kopp  wrote:
>>> 
>>> Hi all,
>>> 
>>> I have a question about trends in dashboard, I've activated trend for 
>>> simple logs counter with option "Lower is better", but no matter if number 
>>> of logs is lower or higher, it always remains "green". Did I misunderstood 
>>> this feature or it is something wrong with my setup?
>>> 
>>> I'm using Graylog 1.1.4
>>> 
>>> Thanks,
>>> Stan
>>> 
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to graylog2+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/graylog2/c186a534-3577-4455-9a5c-5c4876a75fb0%40googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>> 
>> --
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Graylog Users" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/graylog2/rgagiaf8MgM/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to 
>> graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/3FF40F9E-94B6-4586-9C93-3CA575A83222%40graylog.com.
>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/CAFddgf3detsBhXPFuSKsd0GODRDsZx3BnzsVG-0ya0kMVJ7%2Bdg%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/91D1468D-4951-4BBA-8E11-221879F811E3%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Encoding problem in email alert callback.

2015-09-18 Thread Edmundo Alvarez 
Hi Alexander,

Could you please open an issue in Github 
https://github.com/Graylog2/graylog2-server/issues? Please include an example 
log message, so we can test it more easily.

Thank you,

Edmundo

> On 17 Sep 2015, at 18:33, Alexander Ivanes  wrote:
> 
> Hello!
> 
> We have a standard email callback configuration:
> 
> body: 
> ##
> Alert Description: ${check_result.resultDescription}
> Date: ${check_result.triggeredAt}
> Stream ID: ${stream.id}
> Stream title: ${stream.title}
> Stream description: ${stream.description}
> ${if stream_url}Stream URL: ${stream_url}${end}
> Triggered condition: ${check_result.triggeredCondition}
> ##
> ${if backlog}Last messages accounting for this alert:
> ${foreach backlog message}${message}
> ${end}${else}
> ${end} 
> 
> sender: 
> graylog@***
> 
> subject: 
> Graylog alert for stream: ${stream.title}: ${check_result.resultDescription}
> 
> 
> Everything works fine, except that ${message} contain question marks instead 
> of cyrillic symbols.
> 
> From graylog stream documentation:
> 
> message (only available via iteration over the backlog object)
> The message object has several fields with details about the message. When 
> using the message object without accessing any fields, the toString() method 
> of the underlying Java object is used to display it.
> 
> I think that problem is in the toString() method, that doesn't work with 
> unicode.
> 
> Is there any way to solve this problem? JMTE magic maybe?
> 
> Thanks in advance.
> 
> Alexander.
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/53519954-d73e-4351-b3b9-3300a06b94af%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7DBBBD99-D515-4B17-838C-15866641CB2B%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

2015-09-18 Thread Edmundo Alvarez 
Hi,

Could you please also include any errors that you may see in the Graylog server 
log? Maybe those were give us a hint.

Thank you,

Edmundo

> On 18 Sep 2015, at 15:34, ivan morozov  wrote:
> 
> Hi @All,
> 
> i'm trying to integrate LDAP into my Graylog. I'm using Graylog standalone 
> docker machine.
> 
> In my case i'm putt all the configuration of LDAP into Graylog UI, then
>   • Test Server Connection -> Works Fine! 
>   • Test Login -> Works Fine!
>   • Save LDAP Settings -> Fail!
> 
> After looking into Logs i found this:
> 
> Unable to save LDAP settings.
> 
>  
> 
> org.graylog2.restclient.lib.APIException: API call failed PUT 
> http://@172.17.0.14:12900/system/ldap/settings returned 500 Internal Server 
> Error body: {"type":"ApiError","message":"String index out of range: 16"} 
> 
> 
>  
> 
> 
> 
> 
> 
> Has anybody this error before? 
> 
> 
> 
> Best
> 
> Ivan 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/3a36c236-4aa3-4030-ab98-360c42215382%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/D935506A-A040-4E65-B97C-291CFD3CFFEB%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Trends presentation in dashboard

2015-09-18 Thread Stanislav Kopp 
Hi Edmundo,

thx, I will try upgrade graylog to 1.2 next week (I wanted to wait
till 1.2.1 honestly), here some screenshot of my dasboard
http://imgur.com/a/l0t02, the widget shows count of specific errors
every 5 minutes (so less is better). here is "4", 5 minutes before it
was "1", so if I understood correctly the arrow should be red
(pointing up).

Best,
Stan

2015-09-18 14:21 GMT+02:00 Edmundo Alvarez :
> Hi Stanislav,
>
> The "lower is better" option changes the used colour for arrows indicating 
> the trend. With that option enabled, arrows pointing down will be in green, 
> and arrows pointing up in red. I am not aware of any issues with that 
> feature, at least seems to be working in 1.2.0. Could you please upgrade to 
> 1.2.0 and see if the problem disappears?
>
> In other case, please attach an screenshot of the problem, and the 
> configuration of the widget (you get it by clicking on the info button on the 
> bottom-right corner of the widget).
>
> Regards,
>
> Edmundo
>
>> On 17 Sep 2015, at 18:18, Stanislav Kopp  wrote:
>>
>> Hi all,
>>
>> I have a question about trends in dashboard, I've activated trend for simple 
>> logs counter with option "Lower is better", but no matter if number of logs 
>> is lower or higher, it always remains "green". Did I misunderstood this 
>> feature or it is something wrong with my setup?
>>
>> I'm using Graylog 1.1.4
>>
>> Thanks,
>> Stan
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/c186a534-3577-4455-9a5c-5c4876a75fb0%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google 
> Groups "Graylog Users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/graylog2/rgagiaf8MgM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/3FF40F9E-94B6-4586-9C93-3CA575A83222%40graylog.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFddgf3detsBhXPFuSKsd0GODRDsZx3BnzsVG-0ya0kMVJ7%2Bdg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog 1.2 LDAP Integration Error.

2015-09-18 Thread ivan morozov 
Hey Kay,

thank you for the answer!

So far i know to keep the input configurations/ grok patterns / custom 
extractors, i have to use the same NODE_ID and same password_secret. 
I estimate when i change it i will lose all this configurations? Do you 
have a approach to avoid this?

Ivan

Am Freitag, 18. September 2015 15:57:45 UTC+2 schrieb Kay Röpke:
>
> This is because your password_secret in the server.conf is too short. 
>
> We use AES to encrypt the system password and AES needs 16 characters as 
> inputs from the secret. If it is too short, then we can’t encrypt it. 
>
> If you change it, then you need to reset the passwords of all users except 
> the builtin admin account. 
>
> cheers, 
> -k 
> > On 18 Sep 2015, at 15:49, Edmundo Alvarez  > wrote: 
> > 
> > Hi, 
> > 
> > Could you please also include any errors that you may see in the Graylog 
> server log? Maybe those were give us a hint. 
> > 
> > Thank you, 
> > 
> > Edmundo 
> > 
> >> On 18 Sep 2015, at 15:34, ivan morozov  > wrote: 
> >> 
> >> Hi @All, 
> >> 
> >> i'm trying to integrate LDAP into my Graylog. I'm using Graylog 
> standalone docker machine. 
> >> 
> >> In my case i'm putt all the configuration of LDAP into Graylog UI, then 
> >> • Test Server Connection -> Works Fine! 
> >> • Test Login -> Works Fine! 
> >> • Save LDAP Settings -> Fail! 
> >> 
> >> After looking into Logs i found this: 
> >> 
> >> Unable to save LDAP settings. 
> >> 
> >> 
> >> 
> >> org.graylog2.restclient.lib.APIException: API call failed PUT http://@
> 172.17.0.14:12900/system/ldap/settings returned 500 Internal Server Error 
> body: {"type":"ApiError","message":"String index out of range: 16"} 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> Has anybody this error before? 
> >> 
> >> 
> >> 
> >> Best 
> >> 
> >> Ivan 
> >> 
> >> 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> >> To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> >> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/3a36c236-4aa3-4030-ab98-360c42215382%40googlegroups.com.
>  
>
> >> For more options, visit https://groups.google.com/d/optout. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/D935506A-A040-4E65-B97C-291CFD3CFFEB%40graylog.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/78189821-d52f-4e8c-8c1f-ed9adb743d24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch cluster is red.

2015-09-18 Thread Marsel Qako 
Hi Drew, Thank you for reply.

I only have one node. No other errors except what i posted on the other 
logs files. I did a cleanse and after reconfiguring it, its working fine 
for now.

On Thursday, September 17, 2015 at 9:06:56 PM UTC-7, Drew Miranda wrote:
>
> Are you able to do a cat on your elastic search via the api?
> https://www.elastic.co/guide/en/elasticsearch/reference/current/cat.html
>
> Do you just have one ES node? Does the logs for elaaticsearch have any 
> errors?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e9e890a7-c3bf-4afc-adee-6ca7a6ed7a6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.