[graylog2] Can't get Graylog Appliance 2.0.2 to work with SSL and external IP address.

[Pasqual Troncone]

Hi everyone,

Sorry if I bring this up again but I have read numbers of post in here 
trying to figure out whats is going in with my Graylog installation without 
any success. This is my context:

   - Operating System: Ubuntu 14.04 (clean install)
   - Graylog versión 2.0.2-1 (Using the appliance for debian 
   graylog_2.0.2-1_amd64.deb 
   

   ).
   - I'm testing Graylog on a cloud server so, it has an internal ip 
   address (for example*10.X.X.X*) and a public ip (*192.X.X.X*) address 
   (with ports 80, 443, 9000, 12900 opens), just like the Amazon Servers that 
   I have read in this group.

Everything that I have tried with *graylog-ctl* has work so far*. *But 
I can't get SSL to work properly (*graylog-ctl enforce-ssl*) with default 
self-signed certificate after I set an external ip (*graylog-ctl 
set-external-ip http://192.168.0.162:12900*). 

I was able to get to get into the server but with mixed connections, 
encrypted and non-encrypted, as you can see in the following screen capture.



I have tried configuring the external IP with HTTPS with no luck (*graylog-ctl 
set-external-ip https://192.168.0.162:12900) *among many other things with 
no luck. *"web_enable_tls": true* option in *graylog-settings.json* file, 
or changing manually rest_enable_tls = true in *graylog.conf* make no 
difference.

Has anyone successfully install an appliance with SSL and external IP with 
Graylog versión 2.0.0-1? What I'm missing?

Thank you in advance.
Pasqual T.



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/64245024-7293-4a45-ba35-2defb7e92463%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] large searches kill ES - can graylog stop this?

[Jason Haar]

Hi there

I just did a simple search on 30 days of data and managed to trigger the 
following ES error

[2016-06-01 00:12:53,525][WARN ][indices.breaker.fielddata] [fielddata] New 
used memory 11273780309 [10.4gb] for data of [message] would be larger than 
configured breaker: 10857952051 [10.1gb], breaking


According to what I can google, this means that ES would have had to 
allocate more resources than available to fulfil it, and that condition 
somehow triggers an epic fail: either ES becomes unresponsive or 
graylog-server does - I can't tell the difference. All I know is right now 
I have messages going into graylog and nothing coming out.

Within a minute, things went bad to worse, suddenly I'm getting shard 
errors (first shard errors in ages - definitely related)

[2016-06-01 00:21:32,860][WARN ][indices.cluster  ] [fantail] 
[[graylog_488][0]] marking and sending shard failed due to [engine failure, 
reason [already closed by tragic event on the index writer]]
[graylog_488][[graylog_488][0]] ShardNotFoundException[no such shard]
at org.elasticsearch.index.IndexService.shardSafe(IndexService.java:197)
[2016-06-01 00:21:32,962][WARN ][cluster.action.shard ] [fantail] 
[graylog_488][0] received shard failed for target shard [[graylog_488][0], 
node[Tjzmk9cFRuCke6JEuomb4g], [P], v[2], s[STARTED], 
a[id=dgyATFPBQAywkydc2mxmPw]], indexUUID [jxF7U5fESqOzJu9CSDF3WA], message 
[engine failure, reason [already closed by tragic event on the index 
writer]], failure [OutOfMemoryError[Java heap space]]
[2016-06-01 00:21:32,974][WARN ][cluster.action.shard ] [fantail] 
[graylog_488][0] received shard failed for target shard [[graylog_488][0], 
node[Tjzmk9cFRuCke6JEuomb4g], [P], v[2], s[STARTED], 
a[id=dgyATFPBQAywkydc2mxmPw]], indexUUID [jxF7U5fESqOzJu9CSDF3WA], message 
[master {fantail}{Tjzmk9cFRuCke6JEuomb4g}{127.0.0.1}{127.0.0.1:9300} marked 
shard as started, but shard has previous failed. resending shard failure.]
[2016-06-01 00:21:33,182][INFO ][cluster.routing.allocation] [fantail] 
Cluster health status changed from [GREEN] to [RED] (reason: [shards failed 
[[graylog_488][0], [graylog_488][0]] ...]).



Restarting graylog-server and ES (and cleaning up...) will solve this - but 
this is lame. graylog is an end-user tool that *by design* will have people 
doing actions that - on occasion - are beyond the reach of the backend: 
there has to be some way this could be handled better. The ES people seem 
to think this is a case of "you're doing it wrong", but graylog isn't some 
programmed frontend where every ES call is tightly managed - it's something 
that is meant to be used to "play" with data. Basically all I did was take 
a previous search that worked and asked it to re-run with an hourly graph 
instead of daily - enough to tip it over the edge. This will happen time 
and time again - so causing service outages is an acceptable outcome?

How are others dealing with this? Could graylog capture the ES error and 
mitigate (somehow)? I for one should have shut everything down before that 
"breaker" error turned into the "shard" error.

This is graylog-server-2.0.2/elasticsearch-2.3.3 under CentOS-7

Thanks

Jason

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b7a7b095-3b6d-47fb-8bb0-bc62b8b67011%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog 2.x upgrade

[Robert Hough]

Came across this:  https://gist.github.com/markwalkom/8a7201e3f6ea4354ae06

third time's the charm?  :)


On Friday, May 27, 2016 at 4:43:18 PM UTC-4, Robert Hough wrote:
>
> Recently built a Graylog 2.x cluster, and that seems to be working fine.  
> I had some questions though, but right now the biggest nagging question has 
> been...
>
> How do we migrate our existing indexes over to the new system?  The whole 
> dots in field names issue seems to be what is preventing us from pulling 
> this off.  How do we correct these, and then import them into the our new 
> system? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/20da9ee9-4ec0-40a8-b2de-aed4ce6a520b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog 2.x upgrade

[Robert Hough]

21 views and no replies.  Either this is the best kept secret in town, or 
everyone else is just as baffled as I am?  :)

So far I've tried using ElasticDump, The ElasticSearch Exporter and even 
tried using straight curl.   I'm admittedly ignorant to most of these tools 
in terms of setup.  I kind of inherited this and now feel like I have to 
beat it into submission. Perhaps I'm just going about it wrong?  Here was 
my initial approach:

1) Create a new index on the new ES cluster with the same name as the one 
on the old cluster
2) Export the index mapping,  update the fields (user.name, user.id, 
session.id, etc) and replace the dots with underscores.
3) Import the updated mapping into the new index
3) Export the index data
4) import said data into new index

I can get to step 3.  Step 4 fails, and I'm not getting any real 
explanation as to why.  So if you guys have can set my on the right track, 
that would be handy.



On Friday, May 27, 2016 at 4:43:18 PM UTC-4, Robert Hough wrote:
>
> Recently built a Graylog 2.x cluster, and that seems to be working fine.  
> I had some questions though, but right now the biggest nagging question has 
> been...
>
> How do we migrate our existing indexes over to the new system?  The whole 
> dots in field names issue seems to be what is preventing us from pulling 
> this off.  How do we correct these, and then import them into the our new 
> system? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8a41ef62-8ed4-4b3a-87bd-de02517bdf2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP Error

[Robert Hough]

Thanks I'll check on this in the morning and see if that clears up the 
issue.  It isn't a huge concern as I plan to rebuild the stack once I've 
got everything as I like it, but just wanted to make sure it was something 
I could clear up later.


On Friday, May 27, 2016 at 8:34:54 PM UTC-4, Robert Hough wrote:
>
> 2016-05-28T00:28:12.333Z ERROR [LdapUserAuthenticator] Error during LDAP 
> user account sync. Cannot log in user user_redacted
> java.lang.RuntimeException: ERR_02002_FAILURE_ON_UNDERLYING_CURSOR Failure 
> on underlying Cursor.
> at 
> org.apache.directory.api.ldap.model.cursor.CursorIterator.next(CursorIterator.java:86)
>  
> ~[graylog.jar:?]
> at 
> org.graylog2.security.ldap.LdapConnector.search(LdapConnector.java:139) 
> ~[graylog.jar:?]
>
> We keep seeing the error above. The user "user_redacted" was originally 
> configured (incorrectly) but we have since added the correct user. The 
> problem is the above error continually shows up in the graylog server.log,  
> even though we are no longer using it.  We've tried restarting, rebooting, 
> but it keeps coming back.  I suspect it is still somewhere in mongo, but 
> I'm not really sure where to look to remove.  Any ideas?  Thanks
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/697ebeeb-ea8e-486c-901a-fb47ebc294ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] when following documentation for creating ss cert i get error messages

[John Babio]

*i followed this in the documentation*
Creating a self-signed private key/certificate 

Create PKCS#5 and X.509 certificate:

$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016
$ openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout pkcs5-plain.pem 
-out cert.pem
Generating a 2048 bit RSA private key
+++
.+++
writing new private key to 'pkcs5-plain.pem'
-
[...]
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Hamburg
Locality Name (eg, city) []:Hamburg
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Graylog, Inc.
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:graylog.example.com
Email Address []:hostmas...@graylog.example.com

Convert PKCS#5 private key into a *plaintext* PKCS#8 private key:

$ openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem
*then i added my certs in like explained here.*

# Enable HTTPS support for the REST API. This secures the communication with 
the REST API# using TLS to prevent request forgery and 
eavesdropping.rest_enable_tls = true
# The X.509 certificate chain file in PEM format to use for securing the REST 
API.rest_tls_cert_file = /path/to/graylog-certificate.pem
# The PKCS#8 private key file in PEM format to use for securing the REST 
API.rest_tls_key_file = /path/to/graylog-key.pem
# The password to unlock the private key used for securing the REST 
API.rest_tls_key_password = secret
# Enable HTTPS support for the web interface. This secures the communication 
the web interface# using TLS to prevent request forgery and 
eavesdropping.web_enable_tls = true
# The X.509 certificate chain file in PEM format to use for securing the web 
interface.web_tls_cert_file = /path/to/graylog-certificate.pem
# The PKCS#8 private key file in PEM format to use for securing the web 
interface.web_tls_key_file = /path/to/graylog-key.pem
# The password to unlock the private key used for securing the web 
interface.web_tls_key_password = secret

When I restart the service everything seems to start ok but when I connect to 
the web interface I receive and error connecting to <1.1.1.1:12900>

the rest api is accessible because if I turn web_tls and rest_tls back off i 
can reach everything.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6e646984-f8aa-4ff3-ac63-346e5430a454%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Support for Ubuntu 16.04

[beeg98]

Ubuntu 16.04 was officially released a little over a month ago. The deb 
download page shows that 12.04 and 14.04 are currently the only supported 
versions of Ubuntu, but I presume that eventually 16.04 will be added to 
that list. I would like to have an idea of when that package will be 
released. I've been asked to install a new graylog server, and I'd prefer 
to use the latest LTS release, but if it is going to be very long before 
there is official support for it, then I will use 14.04 instead. Does 
anyone know if there is a plan for this, and if there is what the plan is? 

If you happen to know that there currently is no plan, then I'd like to 
hear from you as well. I asked on IRC a couple of times today, and didn't 
get a response. I just need to know which way to go. 

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9de1031f-1ccb-4362-83b1-890c0462bfe3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog Email Callbacks - which fields/variables can I use?

[Jochen Schalanda]

Hi Dennis,

you can only reference fields listed 
in 
http://docs.graylog.org/en/1.3/pages/streams.html#alert-callbacks-types-explained
 
in your email template (scroll down a little bit).

In your case, you would access the ad_username field of the message with 
${message.fields.ad_username}.

Cheers,
Jochen

On Tuesday, 31 May 2016 17:58:33 UTC+2, Dennis Seaton wrote:
>
> I have an extractor that pulls the username whenever someone is locked out 
> of my Windows domain. It puts the username into a field called 
> *ad_username*. I now want to use that custom field that I made inside an 
> email callback so I can send extremely simplified email alerts like this:
>
> *A user was locked out of the domain at ${check_result.triggeredAt} *
> *The user was: ${ad_username}*
>
> I've seen the Callback documentation here 
> 
>  but 
> it is lacking detail on how to do this.
>
> Can anyone tell me if it's possible? How can I use my own fields in the 
> callbacks?
>
>
>
> Thanks in advance
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fe10988f-816c-4491-89b1-88e407b816cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Email Callbacks - which fields/variables can I use?

[Dennis Seaton]

I have an extractor that pulls the username whenever someone is locked out 
of my Windows domain. It puts the username into a field called *ad_username*. 
I now want to use that custom field that I made inside an email callback so 
I can send extremely simplified email alerts like this:

*A user was locked out of the domain at ${check_result.triggeredAt} *
*The user was: ${ad_username}*

I've seen the Callback documentation here 

 but 
it is lacking detail on how to do this.

Can anyone tell me if it's possible? How can I use my own fields in the 
callbacks?



Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d50cea64-877f-4a3e-8cac-0c3cc8be1890%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Why do graylog use strings instead of ES' dedicated field types for IP and geoip data?

[Jochen Schalanda]

Hi Daniel,

the simple answer is that Graylog currently only supports fields of types 
string, number, and boolean. We might add support for other field types in 
the future.

Feel free to subscribe 
to https://github.com/Graylog2/graylog2-server/issues/2113 to follow the 
progress regarding this feature.

Cheers,
Jochen

On Tuesday, 31 May 2016 14:17:09 UTC+2, Daniel Kamiński wrote:
>
> Hi
> I noticed before, that graylog doesn't use IP field types, it could be 
> used as a converter, just like numbers and dates. It would be helpful as i 
> could query by CIDR notation.
> Also now, when graylog supports geoip it uses strings and not dedicated 
> type of geo_point.
> Is there some advantages of such decisions in graylog development? Because 
> all i can see are drawbacks. Aside of usage inconvenience this creates, 
> there are obvious computational and storage overhead.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c8d2b56f-9805-466a-b76d-e8c565003b25%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2/graylog-plugin-snmp - how to set the SNMPTrap community string

[Jochen Schalanda]

Hi Chris,

the community target is currently hard-coded in the SNMP plugin but feel 
free to add a feature request at 
https://github.com/Graylog2/graylog-plugin-snmp/issues.

Cheers,
Jochen

On Tuesday, 31 May 2016 15:11:54 UTC+2, brooklynn...@gmail.com wrote:
>
> Hi,
>
>
> i try to use the SNMPTrap input from here:
>
>
> https://github.com/Graylog2/graylog-plugin-snmp
>
>
> It is working well but only with the community string "public".
>
>
> Does anybody know how/where it is possible to set the community string?
>
>
> The only settings are shown here:
>
>
> https://github.com/Graylog2/graylog-plugin-snmp/blob/master/images/snmp-input-1.png
>
>
> I'm using Graylog v2.0.1 on CentOS 6.7.
>
>
> Thanks for the help.
>
>
> Regards
> Chris
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3c342bcc-48a7-47f5-8557-08b7c5db72d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog Error Logging and Disk Space

[David Gerdeman]

Done, thank you.  The github issue link is 
https://github.com/Graylog2/omnibus-graylog2/issues/29.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1807e8e5-368f-4ecb-87d0-f1e2db9b3757%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] After 2.0.2 update Web console page footer says "2.0.1"

[Jochen Schalanda]

Hi Joe,

"graylog-server" is the wrong package for the virtual machine and Docker 
images.

Cheers,
Jochen

On Tuesday, 31 May 2016 15:22:33 UTC+2, Joe K wrote:
>
> Yes I followed that page instructions. And you can see in my log it's 
> "2.0.2" being installed:
>
> Preparing to unpack .../graylog-server_2.0.2-1_all.deb ...
> Unpacking graylog-server (2.0.2-1) ...
> Processing triggers for ureadahead (0.100.0-16) ...
> Setting up graylog-server (2.0.2-1) ...
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3b581f07-bf01-499b-b35d-09df73f38c47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] After 2.0.2 update Web console page footer says "2.0.1"

[Edmundo Alvarez]

Did you update and restarted all nodes in your cluster? The version is properly 
displayed in a couple of setups I was checking.

Edmundo

> On 31 May 2016, at 15:22, Joe K  wrote:
> 
> Yes I followed that page instructions. And you can see in my log it's "2.0.2" 
> being installed:
> 
> Preparing to unpack .../graylog-server_2.0.2-1_all.deb ...
> Unpacking graylog-server (2.0.2-1) ...
> Processing triggers for ureadahead (0.100.0-16) ...
> Setting up graylog-server (2.0.2-1) ...
> 
> On Tuesday, May 31, 2016 at 10:15:58 AM UTC+3, Jochen Schalanda wrote:
> Hi Joe,
> 
> judging from your other emails to the mailing list, you've simply installed 
> the wrong DEB package. Please use the upgrade instructions here: 
> http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
> 
> Cheers,
> Jochen
> 
> On Monday, 30 May 2016 21:49:07 UTC+2, Joe K wrote:
> Of course it was refreshed. cleared browser cache and everything. "2.0.1" 
> comes form the server.
> 
> On Monday, May 30, 2016 at 6:19:15 PM UTC+3, Edmundo Alvarez wrote:
> Hi Joe, 
> 
> Please also remember to refresh the Graylog web interface tab after 
> upgrading, as the whole web interface lives in your browser now. 
> 
> Regards, 
> Edmundo 
> 
> > On 30 May 2016, at 17:06, Jochen Schalanda  wrote: 
> > 
> > Hi Joe, 
> > 
> > Graylog 2.0.2 should show the following version in the footer of the 
> > Graylog web interface: Graylog 2.0.2 (4da1379) 
> > 
> > From the output you've posted it looks as if you've installed the 
> > "graylog-server" package for the first time (it's marked as NEW). Are you 
> > sure that you've been using the normal DEB package before and not for 
> > example the official virtual machine or Docker images which are based on 
> > the Omnibus package? If the latter is the case, you can find upgrade 
> > instructions here: 
> > http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
> >  
> > 
> > Cheers, 
> > Jochen 
> > 
> > On Monday, 30 May 2016 16:38:38 UTC+2, Joe K wrote: 
> > 
> > Following instructions on 
> > http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
> >  
> > 
> > Installed 2.0.2 but in web colsole page footer it says: 
> > 
> > Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on Linux 
> > 3.13.0-85-generic) 
> > 
> > Is this expected? 
> > 
> > 
> > 
> > ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb 
> > (Reading database ... 93442 files and directories currently installed.) 
> > Preparing to unpack graylog-2.0-repository_latest.deb ... 
> > Unpacking graylog-2.0-repository (1-1) over (1-1) ... 
> > Setting up graylog-2.0-repository (1-1) ... 
> > 
> > ubuntu@graylog:~$ sudo apt-get install graylog-server 
> > Reading package lists... Done 
> > Building dependency tree 
> > Reading state information... Done 
> > The following NEW packages will be installed: 
> >   graylog-server 
> > 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded. 
> > Need to get 85.7 MB of archives. 
> > After this operation, 95.5 MB of additional disk space will be used. 
> > Fetched 85.7 MB in 9s (8,838 kB/s) 
> > Selecting previously unselected package graylog-server. 
> > (Reading database ... 93413 files and directories currently installed.) 
> > Preparing to unpack .../graylog-server_2.0.2-1_all.deb ... 
> > Unpacking graylog-server (2.0.2-1) ... 
> > Processing triggers for ureadahead (0.100.0-16) ... 
> > Setting up graylog-server (2.0.2-1) ... 
> > 
> >  
> > Graylog does NOT start automatically! 
> > 
> > Please run the following commands if you want to start Graylog 
> > automatically on system boot: 
> > 
> > sudo rm -f /etc/init/graylog-server.override 
> > 
> > sudo start graylog-server 
> > 
> > 
> >  
> > Processing triggers for ureadahead (0.100.0-16) ... 
> > 
> > 
> > Then performed reconfigure and restart 
> > 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to graylog2+u...@googlegroups.com. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/graylog2/965c8825-8704-4f95-a9c0-96cdee2aaf33%40googlegroups.com.
> >  
> > For more options, visit https://groups.google.com/d/optout. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/8bfd2598-4f8e-4db5-919a-3be0815c0c59%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this mess

Re: [graylog2] Permissions On Inputs

[Todd Bryant]

Thanks Dennis, I will take a look at this and report my experience.

T

On Mon, May 30, 2016 at 4:58 AM, Dennis Oelkers  wrote:

> Hey Todd,
>
> what you can do at the moment is that your define streams for each input
> (adding rules so that only the messages of this input are routed into the
> stream) and then define the users to be readers for the corresponding
> streams.
>
> Kr,
> D.
>
> > On 27.05.2016, at 17:22, Todd Bryant  wrote:
> >
> > I would like to use Graylog as a customer portal, however security is a
> big issue.   Is there a way to segment users by input?   This would allow
> me to host multiple users on the same Graylog instance, while maintaining
> data segregation.
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Graylog Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to graylog2+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/e0a6f613-f3ed-4d53-a7f3-904e4a4603ab%40googlegroups.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog company
> Poolstrasse 21
> 20355 Hamburg
> Germany
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/9BUDkiqtvw0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/818C1CD2-B010-4176-B2BA-89A1B8183A21%40graylog.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CA%2BE%2BEhH4t9xDRh9RphDbT3%2BjntvNAhtr6%3D1D_LiRiBtZJZubrA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog Error Logging and Disk Space

[Marius Sturm]

Hi,
could you put all the informations in a ticket please:
https://github.com/Graylog2/omnibus-graylog2/issues
I have to review that later.

Thanks,
Marius

On 31 May 2016 at 15:09, David Gerdeman  wrote:

> I had to wait for it to fail again.  It looks like it failed on May 30th.
> In the /var/log/graylog/elasticsearch folder the graylog.log. files
> for May 25-29 are all about 400K.  The log file for May 30th is 2.1GB and
> the disk of the virtual appliance is at 100% utilization.  Also, the last
> index folder from before it stopped is 2.8GB in size (my indexes are set to
> roll over at 1GB).  It seems that the "translog" folder in the index shard
> folders are about 700MB each, as opposed to about 12K for the previous
> indexes.
>
> Looks like there are two problems: the final log before failure gets
> bloated while the transaction log for the final index fills with unindexed
> messages(?).
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/c96656d9-ab03-4491-8066-cc10cd4b4af8%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bqou8%3D9buzujCjFQ-ou7h8P7kQ%2BWMu-j0M4dxTi_f6Fg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] After 2.0.2 update Web console page footer says "2.0.1"

[Joe K]

Yes I followed that page instructions. And you can see in my log it's 
"2.0.2" being installed:

Preparing to unpack .../graylog-server_2.0.2-1_all.deb ...
Unpacking graylog-server (2.0.2-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up graylog-server (2.0.2-1) ...

On Tuesday, May 31, 2016 at 10:15:58 AM UTC+3, Jochen Schalanda wrote:
>
> Hi Joe,
>
> judging from your other emails to the mailing list, you've simply 
> installed the wrong DEB package. Please use the upgrade instructions here: 
> http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
>
> Cheers,
> Jochen
>
> On Monday, 30 May 2016 21:49:07 UTC+2, Joe K wrote:
>>
>> Of course it was refreshed. cleared browser cache and everything. "2.0.1" 
>> comes form the server.
>>
>> On Monday, May 30, 2016 at 6:19:15 PM UTC+3, Edmundo Alvarez wrote:
>>>
>>> Hi Joe, 
>>>
>>> Please also remember to refresh the Graylog web interface tab after 
>>> upgrading, as the whole web interface lives in your browser now. 
>>>
>>> Regards, 
>>> Edmundo 
>>>
>>> > On 30 May 2016, at 17:06, Jochen Schalanda  
>>> wrote: 
>>> > 
>>> > Hi Joe, 
>>> > 
>>> > Graylog 2.0.2 should show the following version in the footer of the 
>>> Graylog web interface: Graylog 2.0.2 (4da1379) 
>>> > 
>>> > From the output you've posted it looks as if you've installed the 
>>> "graylog-server" package for the first time (it's marked as NEW). Are you 
>>> sure that you've been using the normal DEB package before and not for 
>>> example the official virtual machine or Docker images which are based on 
>>> the Omnibus package? If the latter is the case, you can find upgrade 
>>> instructions here: 
>>> http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
>>>  
>>> > 
>>> > Cheers, 
>>> > Jochen 
>>> > 
>>> > On Monday, 30 May 2016 16:38:38 UTC+2, Joe K wrote: 
>>> > 
>>> > Following instructions on 
>>> http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
>>>  
>>> > 
>>> > Installed 2.0.2 but in web colsole page footer it says: 
>>> > 
>>> > Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on 
>>> Linux 3.13.0-85-generic) 
>>> > 
>>> > Is this expected? 
>>> > 
>>> > 
>>> > 
>>> > ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb 
>>> > (Reading database ... 93442 files and directories currently 
>>> installed.) 
>>> > Preparing to unpack graylog-2.0-repository_latest.deb ... 
>>> > Unpacking graylog-2.0-repository (1-1) over (1-1) ... 
>>> > Setting up graylog-2.0-repository (1-1) ... 
>>> > 
>>> > ubuntu@graylog:~$ sudo apt-get install graylog-server 
>>> > Reading package lists... Done 
>>> > Building dependency tree 
>>> > Reading state information... Done 
>>> > The following NEW packages will be installed: 
>>> >   graylog-server 
>>> > 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded. 
>>> > Need to get 85.7 MB of archives. 
>>> > After this operation, 95.5 MB of additional disk space will be used. 
>>> > Fetched 85.7 MB in 9s (8,838 kB/s) 
>>> > Selecting previously unselected package graylog-server. 
>>> > (Reading database ... 93413 files and directories currently 
>>> installed.) 
>>> > Preparing to unpack .../graylog-server_2.0.2-1_all.deb ... 
>>> > Unpacking graylog-server (2.0.2-1) ... 
>>> > Processing triggers for ureadahead (0.100.0-16) ... 
>>> > Setting up graylog-server (2.0.2-1) ... 
>>> > 
>>> 
>>>  
>>>
>>> > Graylog does NOT start automatically! 
>>> > 
>>> > Please run the following commands if you want to start Graylog 
>>> automatically on system boot: 
>>> > 
>>> > sudo rm -f /etc/init/graylog-server.override 
>>> > 
>>> > sudo start graylog-server 
>>> > 
>>> > 
>>> 
>>>  
>>>
>>> > Processing triggers for ureadahead (0.100.0-16) ... 
>>> > 
>>> > 
>>> > Then performed reconfigure and restart 
>>> > 
>>> > -- 
>>> > You received this message because you are subscribed to the Google 
>>> Groups "Graylog Users" group. 
>>> > To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to graylog2+u...@googlegroups.com. 
>>> > To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/graylog2/965c8825-8704-4f95-a9c0-96cdee2aaf33%40googlegroups.com.
>>>  
>>>
>>> > For more options, visit https://groups.google.com/d/optout. 
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8bfd2598-4f8e-4db5-919a-3be0815c0c59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog2/graylog-plugin-snmp - how to set the SNMPTrap community string

[brooklynnewyork999]

 

Hi,


i try to use the SNMPTrap input from here:


https://github.com/Graylog2/graylog-plugin-snmp


It is working well but only with the community string "public".


Does anybody know how/where it is possible to set the community string?


The only settings are shown here:

https://github.com/Graylog2/graylog-plugin-snmp/blob/master/images/snmp-input-1.png


I'm using Graylog v2.0.1 on CentOS 6.7.


Thanks for the help.


Regards
Chris


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/525962b6-d3d0-41e8-af47-c03778f19754%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog Error Logging and Disk Space

[David Gerdeman]

I had to wait for it to fail again.  It looks like it failed on May 30th.  
In the /var/log/graylog/elasticsearch folder the graylog.log. files 
for May 25-29 are all about 400K.  The log file for May 30th is 2.1GB and 
the disk of the virtual appliance is at 100% utilization.  Also, the last 
index folder from before it stopped is 2.8GB in size (my indexes are set to 
roll over at 1GB).  It seems that the "translog" folder in the index shard 
folders are about 700MB each, as opposed to about 12K for the previous 
indexes.

Looks like there are two problems: the final log before failure gets 
bloated while the transaction log for the final index fills with unindexed 
messages(?). 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c96656d9-ab03-4491-8066-cc10cd4b4af8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Why do graylog use strings instead of ES' dedicated field types for IP and geoip data?

[Daniel Kamiński]

Hi
I noticed before, that graylog doesn't use IP field types, it could be used 
as a converter, just like numbers and dates. It would be helpful as i could 
query by CIDR notation.
Also now, when graylog supports geoip it uses strings and not dedicated 
type of geo_point.
Is there some advantages of such decisions in graylog development? Because 
all i can see are drawbacks. Aside of usage inconvenience this creates, 
there are obvious computational and storage overhead.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/072106d8-f793-495a-8e72-a7b7675a5dc2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Why AWS Load balancer in front of graylog-server is redirecting traffic to internal instance on 12900

[Pranay Manwatkar]

Thank you very much for the resolution.

On Sat, May 28, 2016 at 12:54 AM, Bryan Shell  wrote:

> This is covered in the documentation here:
>
> http://docs.graylog.org/en/2.0/pages/configuring_webif.html?highlight=rest_transport_uri#making-the-web-interface-work-with-load-balancers-proxies
>
> `web_listen_uri` should be set to some port that is allowed by your
> security group and the ELB updated to forward to the instance 12900 port
> and permissions added for that port.
>
> On Thursday, May 26, 2016 at 10:47:07 AM UTC-5, Pranay Manwatkar wrote:
>>
>> *### Problem description*
>> I am unable to understand why browser is redirecting the ELB request to
>> internal IP 12900.
>> What am I missing in configuration. I am getting this error as I blocked
>> the security group to access 12900 directly from browser host. What port I
>> need to add so that request does not go directly to internal instances on
>> rest_listen_uri port.
>> ```
>> *Error message*
>> Bad request
>> *Original Request*
>> GET http://10.2.93.6:12900/system/cluster/node
>> *Status code*
>> undefined
>> *Full error message*
>> Error: Request has been terminated Possible causes: the network is
>> offline, Origin is not allowed by Access-Control-Allow-Origin, the page is
>> being unloaded, etc.
>> ```
>>
>> *### Steps to reproduce the problem*
>> As per http://docs.graylog.org/en/2.0/pages/architecture.html for bigger
>> setup I have added AWS ELB  in front of graylog-server
>> ELB http port: 80
>> Instance http port: 9000
>>
>> Graylog server: 10.2.93.6
>> Elasticsearch: 10.2.68.102
>>
>> graylog-server.conf::
>> ```
>> is_master = true
>> node_id_file = /etc/graylog/server/node-id
>> password_secret = XXX
>> root_username = admin
>> root_password_sha2 = YXXXY
>> plugin_dir = plugin
>> rest_listen_uri = http://0.0.0.0:12900/
>> web_listen_uri = http://0.0.0.0:9000/
>> web_enable_cors = false
>> rotation_strategy = time
>> elasticsearch_max_time_per_index = 3d
>> elasticsearch_max_number_of_indices = 20
>> retention_strategy = delete
>> elasticsearch_shards = 2
>> elasticsearch_replicas = 0
>> elasticsearch_index_prefix = graylog
>> allow_leading_wildcard_searches = true
>> allow_highlighting = false
>> elasticsearch_cluster_name = graylog
>> elasticsearch_discovery_zen_ping_unicast_hosts = 10.2.68.102:9300
>> elasticsearch_discovery_zen_ping_multicast_enabled = false
>> elasticsearch_cluster_discovery_timeout = 5000
>> elasticsearch_discovery_initial_state_timeout = 15s
>> elasticsearch_analyzer = standard
>> elasticsearch_network_host = 10.2.93.6
>> output_batch_size = 500
>> output_flush_interval = 1
>> output_fault_count_threshold = 5
>> output_fault_penalty_seconds = 30
>> processbuffer_processors = 5
>> outputbuffer_processors = 3
>> processor_wait_strategy = blocking
>> ring_size = 65536
>> inputbuffer_ring_size = 65536
>> inputbuffer_processors = 2
>> inputbuffer_wait_strategy = blocking
>> message_journal_enabled = true
>> message_journal_dir = data/journal
>> lb_recognition_period_seconds = 3
>> mongodb_uri = mongodb://mongodb.test.com:27017/db1
>> mongodb_max_connections = 1000
>> mongodb_threads_allowed_to_block_multiplier = 5
>> content_packs_auto_load = grok-patterns.json
>> ```
>>
>> elasticsearch.yml
>> ```
>> cluster.name: graylog
>> node.master: true
>> node.data: true
>> index.number_of_shards: 2
>> index.number_of_replicas: 0
>> index.replication: async
>> index.refresh_interval: 30s
>> path.data: /var/lib/elasticsearch/data-0, /var/lib/elasticsearch/data-1
>> path.logs: /var/lib/elasticsearch/logs
>> bootstrap.mlockall: true
>> ES_HEAP_SIZE: 3g
>> MAX_LOCKED_MEMORY: unlimited
>> transport.tcp.compress: true
>> http.compression: true
>> http.cors.enabled: true
>> discovery.zen.minimum_master_nodes: 1
>> discovery.zen.ping.multicast.enabled: false
>> discovery.zen.ping.unicast.hosts: ["10.2.68.102:9300"]
>> discovery.type: ec2
>> discovery.ec2.host_type: private_ip
>> discovery.ec2.ping_timeout: 5s
>> cloud.aws.region:  us-east-1
>> discovery.ec2.tag.Role:  haystack-es
>> jmx.create_connector: true
>> jmx.port: 1099
>> jmx.domain: elasticsearch
>> index.search.slowlog.level: DEBUG
>> index.search.slowlog.threshold.query.warn: 10s
>> index.search.slowlog.threshold.query.info: 5s
>> index.search.slowlog.threshold.query.debug: 2s
>> index.search.slowlog.threshold.query.trace: 500ms
>> index.search.slowlog.threshold.fetch.warn: 1s
>> index.search.slowlog.threshold.fetch.info: 800ms
>> index.search.slowlog.threshold.fetch.debug: 500ms
>> index.search.slowlog.threshold.fetch.trace: 200ms
>> index.indexing.slowlog.level: DEBUG
>> index.indexing.slowlog.threshold.index.warn: 10s
>> index.indexing.slowlog.threshold.index.info: 5s
>> index.indexing.slowlog.threshold.index.debug: 2s
>> index.indexing.slowlog.threshold.index.trace: 500ms
>> node.name: ${HOSTNAME}
>> network.bind_host: 0.0.0.0
>> network.host: 10.2.68.102
>> cloud.node.auto_attributes: true
>> cluster.routing.allocation.awareness.attributes: aws_a

Re: [graylog2] After 2.0.2 update Web console page footer says "2.0.1"

[Jochen Schalanda]

Hi Joe,

judging from your other emails to the mailing list, you've simply installed 
the wrong DEB package. Please use the upgrade instructions here: 
http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog

Cheers,
Jochen

On Monday, 30 May 2016 21:49:07 UTC+2, Joe K wrote:
>
> Of course it was refreshed. cleared browser cache and everything. "2.0.1" 
> comes form the server.
>
> On Monday, May 30, 2016 at 6:19:15 PM UTC+3, Edmundo Alvarez wrote:
>>
>> Hi Joe, 
>>
>> Please also remember to refresh the Graylog web interface tab after 
>> upgrading, as the whole web interface lives in your browser now. 
>>
>> Regards, 
>> Edmundo 
>>
>> > On 30 May 2016, at 17:06, Jochen Schalanda  wrote: 
>> > 
>> > Hi Joe, 
>> > 
>> > Graylog 2.0.2 should show the following version in the footer of the 
>> Graylog web interface: Graylog 2.0.2 (4da1379) 
>> > 
>> > From the output you've posted it looks as if you've installed the 
>> "graylog-server" package for the first time (it's marked as NEW). Are you 
>> sure that you've been using the normal DEB package before and not for 
>> example the official virtual machine or Docker images which are based on 
>> the Omnibus package? If the latter is the case, you can find upgrade 
>> instructions here: 
>> http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
>>  
>> > 
>> > Cheers, 
>> > Jochen 
>> > 
>> > On Monday, 30 May 2016 16:38:38 UTC+2, Joe K wrote: 
>> > 
>> > Following instructions on 
>> http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
>>  
>> > 
>> > Installed 2.0.2 but in web colsole page footer it says: 
>> > 
>> > Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on 
>> Linux 3.13.0-85-generic) 
>> > 
>> > Is this expected? 
>> > 
>> > 
>> > 
>> > ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb 
>> > (Reading database ... 93442 files and directories currently installed.) 
>> > Preparing to unpack graylog-2.0-repository_latest.deb ... 
>> > Unpacking graylog-2.0-repository (1-1) over (1-1) ... 
>> > Setting up graylog-2.0-repository (1-1) ... 
>> > 
>> > ubuntu@graylog:~$ sudo apt-get install graylog-server 
>> > Reading package lists... Done 
>> > Building dependency tree 
>> > Reading state information... Done 
>> > The following NEW packages will be installed: 
>> >   graylog-server 
>> > 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded. 
>> > Need to get 85.7 MB of archives. 
>> > After this operation, 95.5 MB of additional disk space will be used. 
>> > Fetched 85.7 MB in 9s (8,838 kB/s) 
>> > Selecting previously unselected package graylog-server. 
>> > (Reading database ... 93413 files and directories currently installed.) 
>> > Preparing to unpack .../graylog-server_2.0.2-1_all.deb ... 
>> > Unpacking graylog-server (2.0.2-1) ... 
>> > Processing triggers for ureadahead (0.100.0-16) ... 
>> > Setting up graylog-server (2.0.2-1) ... 
>> > 
>> 
>>  
>>
>> > Graylog does NOT start automatically! 
>> > 
>> > Please run the following commands if you want to start Graylog 
>> automatically on system boot: 
>> > 
>> > sudo rm -f /etc/init/graylog-server.override 
>> > 
>> > sudo start graylog-server 
>> > 
>> > 
>> 
>>  
>>
>> > Processing triggers for ureadahead (0.100.0-16) ... 
>> > 
>> > 
>> > Then performed reconfigure and restart 
>> > 
>> > -- 
>> > You received this message because you are subscribed to the Google 
>> Groups "Graylog Users" group. 
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to graylog2+u...@googlegroups.com. 
>> > To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/965c8825-8704-4f95-a9c0-96cdee2aaf33%40googlegroups.com.
>>  
>>
>> > For more options, visit https://groups.google.com/d/optout. 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e6c4ef97-ce4d-485b-a20f-f81177b37f9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.