[graylog2] Re: Input Failed to Start

2016-06-24 Thread Claudemir de almeida rosa 
 java -version 2>&1 | awk -F\" '/java/{print 
"/usr/java/jdk"$2"/jre/lib/amd64/jli"}'  | tee -a 
 /etc/ld.so.conf.d/java.conf
ldconfig
java -version 2>&1 | awk -F\" '/java/{print "setcap 
'cap_net_bind_service=+ep' /usr/java/jdk"$2"/jre/bin/java"}' | sh

service graylog-server restart


Em quinta-feira, 16 de junho de 2016 21:01:24 UTC-3, Justin Reid escreveu:
>
>Greetings All,
>   I am very new to linux/graylog and am trying to get my server to 
> run. I've set it up, " #service graylog-server status" command says its 
> running. My problem comes when I try to add an input on the web interface. 
> I keep receiving this error:
>
> An input has failed to start (triggered 5 days ago)
> Input 575c888722383508a780383d has failed to start on node 
> 7123ded0-3444-467e-9181-a214195da068 for this reason: »Permission denied.«. 
> This means that you are unable to receive any messages from this input. 
> This is mostly an indication for a misconfiguration or an error. You can 
> click here  to solve this.
>
> I've been trying to resolve the issue for a couple days now and cannot 
> figure it out. Any ideas as to what it could possibly be? Thanks Very Much 
> in advance.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4160c10c-1a04-4bb8-a8e1-f355e3036f49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Input Failed to Start

2016-06-24 Thread Claudemir de almeida rosa 

 java -version 2>&1 | awk -F\" '/java/{print 
"/usr/java/jdk"$2"/jre/lib/amd64/jli"}'  | tee -a 
 /etc/ld.so.conf.d/java.conf
ldconfig
java -version 2>&1 | awk -F\" '/java/{print "setcap 
'cap_net_bind_service=+ep' /usr/java/jdk"$2"/jre/bin/java"}' | sh

service graylog-server restart




Em quinta-feira, 16 de junho de 2016 21:01:24 UTC-3, Justin Reid escreveu:
>
>Greetings All,
>   I am very new to linux/graylog and am trying to get my server to 
> run. I've set it up, " #service graylog-server status" command says its 
> running. My problem comes when I try to add an input on the web interface. 
> I keep receiving this error:
>
> An input has failed to start (triggered 5 days ago)
> Input 575c888722383508a780383d has failed to start on node 
> 7123ded0-3444-467e-9181-a214195da068 for this reason: »Permission denied.«. 
> This means that you are unable to receive any messages from this input. 
> This is mostly an indication for a misconfiguration or an error. You can 
> click here  to solve this.
>
> I've been trying to resolve the issue for a couple days now and cannot 
> figure it out. Any ideas as to what it could possibly be? Thanks Very Much 
> in advance.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bd73b2c9-5c4a-4621-abaa-3be1c1a6d0f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Having some difficulties with 3 node graylog cluster

2016-06-24 Thread Jason Haar 
On Thu, Jun 23, 2016 at 7:18 PM, Yiannis  wrote:

> seems to me that my browser goes again from the login screen (to send
> again the user credential) before rendering the results
>

This is a known bug - see
https://github.com/Graylog2/graylog2-server/issues/2071

Seems to only affect Firefox (ie I see it every time I do a search in
Firefox, but don't see it with Chrome)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgJ9%3DOYCKvJmwgN4Ugc0JVmFzDtOFYrj7n%2BVbVcyCC8hCg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Having some difficulties with 3 node graylog cluster

2016-06-24 Thread Yiannis 

Hi Jan
thanks for the reply
the setup is really straight forward and never thought that i will have 
difficulties but.
please find my answers with blue



On Friday, June 24, 2016 at 10:42:21 AM UTC+2, Jan Doberstein wrote:
>
> Hej Yiannis, 
>
>
>
> On 24. Juni 2016 at 01:18:39, Yiannis (ka...@stoiximan.gr ) 
> wrote: 
> > I 've installed and configured a 3 node graylog (2.0.3) "cluster". On 3 
> > R610 (16 cores total) servers with 72GB of RAM (Every nodes has 
> installed 
> > mongo, elastic and graylog) 
>
> i guess you have set in one graylog.conf *is_master = true* and on two 
> others *is_master = false*, additional i guess you have setup a 
> replica set for your mongodb ( 
> https://docs.mongodb.com/manual/reference/replica-configuration/ ) and 
> that you are using the same cluster.name in your the elasticsearch 
> configuration. 
>
>
Yes i' ve got the first server as is_master = true and the other two as 
is_master = false

That is my starting papameters for all graylog server
GRAYLOG_SERVER_JAVA_OPTS=
"-Xms8g -Xmx8g -XX:NewRatio=1 -server -XX:+ResizeTLAB 
-XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled 
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC 
-XX:-OmitStackTraceInFastThrow"

And the heap size of all elastic node is set to 28 GB
ES_HEAP_SIZE=28g

My elastic cluster seems pretty fine 

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
{
  "cluster_name" : "ngraylog2",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 6,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 44,
  "active_shards" : 88,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}



Also the mongo replicas seems fine

rs.status()
{
"set" : "replset01",
"date" : ISODate("2016-06-24T12:54:53.961Z"),
"myState" : 1,
"term" : NumberLong(43),
"heartbeatIntervalMillis" : NumberLong(2000),
"members" : [
{
"_id" : 0,
"name" : "graylog-manager1:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 169601,
"optime" : {
"ts" : Timestamp(1466772892, 9),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:52Z"),
"lastHeartbeat" : 
ISODate("2016-06-24T12:54:52.681Z"),
"lastHeartbeatRecv" : 
ISODate("2016-06-24T12:54:52.976Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "graylog-manager2:27017",
"configVersion" : 3
},
{
"_id" : 1,
"name" : "graylog-manager2:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 169609,
"optime" : {
"ts" : Timestamp(1466772893, 13),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:53Z"),
"electionTime" : Timestamp(1466603303, 1),
"electionDate" : ISODate("2016-06-22T13:48:23Z"),
"configVersion" : 3,
"self" : true
},
{
"_id" : 2,
"name" : "graylog-manager3:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 169557,
"optime" : {
"ts" : Timestamp(1466772892, 9),
"t" : NumberLong(43)
},
"optimeDate" : ISODate("2016-06-24T12:54:52Z"),
"lastHeartbeat" : 
ISODate("2016-06-24T12:54:52.667Z"),
"lastHeartbeatRecv" : 
ISODate("2016-06-24T12:54:52.444Z"),
"pingMs" : NumberLong(0),
"syncingTo" : "graylog-manager2:27017",
"configVersion" : 3
}
],
"ok" : 1
}


 

> Additional i would suggest to raise the Heap for elasticseaerch to 
> 31GB and for Graylog to 5GB. 
>
>
> > My 2 biggest problem are: 
> > 
> > 1) Most of the times when i press the search button (and only the search 
> > button displayed in the image) 
> > 
> > seems to me that my browser goes again from

Re: [graylog2] Having some difficulties with 3 node graylog cluster

2016-06-24 Thread Jan Doberstein 
Hej Yiannis,



On 24. Juni 2016 at 01:18:39, Yiannis (k...@stoiximan.gr) wrote:
> I 've installed and configured a 3 node graylog (2.0.3) "cluster". On 3
> R610 (16 cores total) servers with 72GB of RAM (Every nodes has installed
> mongo, elastic and graylog)

i guess you have set in one graylog.conf *is_master = true* and on two
others *is_master = false*, additional i guess you have setup a
replica set for your mongodb (
https://docs.mongodb.com/manual/reference/replica-configuration/ ) and
that you are using the same cluster.name in your the elasticsearch
configuration.

Additional i would suggest to raise the Heap for elasticseaerch to
31GB and for Graylog to 5GB.


> My 2 biggest problem are:
>
> 1) Most of the times when i press the search button (and only the search
> button displayed in the image)
>
> seems to me that my browser goes again from the login screen (to send again
> the user credential) before rendering the results

Can you please look into your log files of graylog when this happens
to you - it should be possible to get an idea why this happen just by
look at the log file during this ‘event’.



> 2) Every now and then, i get a strange error (when mostly when using
> firefox) from webs interface api server like the following
> (no errors on shown in the graylog server logs)

Are you sure that you read
http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#overview
and set all Configurations to that?

Even if you run the Web Interface only on one Node the API of all
Nodes need to be reachable by your browser.


regards
Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGm-bLaH8XtRdRmCVkOnuvwn28kseP8wsrN1iZqc8JP1WMjmwg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] NXlog and Graylog Collector Sidecar on SUSE Linux Server

2016-06-24 Thread sailing-lin 
Hi Darin,

Thanks a lot. For SLES12 is OK.

>From Graylog document, it said need to do as below:

$ sudo /etc/init.d/nxlog stop
$ sudo update-rc.d -f nxlog remove
$ sudo gpasswd -a nxlog adm

For SUSE 12, does gpasswd is needed? If need, which group should to add?

#systemctl stop nxlog-ce.service

#systemctl disable nxlog-ce.service

 # gpasswd -a nxlog adm

gpasswd: group 'adm' does not exist in /etc/group




On Thursday, June 23, 2016 at 10:16:59 PM UTC+8, Darin Perusich wrote:
>
> A bunch of openSUSE/SUSE collaborators and I are working on providing 
> rpm packages for various logging utilities via the openSUSE Build 
> Service, project link below. NXlog is currently not building on SLE_11 
> and I haven't had the opportunity to dig into it, and it wasn't a 
> priority since I'm running SLE_12, and Graylog Collector Sidecar 
> hasn't been packaged yet and I won't have an opportunity to look into 
> it for a few weeks. If you're interested in contributing we'd 
> appreciate the effort! 
>
> https://build.opensuse.org/project/show/security:logging 
>
> -- 
> Later, 
> Darin 
>
>
> On Thu, Jun 23, 2016 at 5:16 AM, sailing-lin  > wrote: 
> > I try to install NXlog and Graylog Collector Sidecar on my SUSE Linux 
> Server 
> > Enterprise 11. But there is no rpm package for SUSE, does anyone know 
> how to 
> > use these two package on SESUE? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/graylog2/718b9de7-9734-4520-8471-d919ed8d8019%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/63c9d94f-8e8f-4540-95eb-0f44a734979c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] NXlog and Graylog Collector Sidecar on SUSE Linux Server

2016-06-24 Thread sailing-lin 
Thank you.
I have tried install the present version, get lots of dependencies error:
error: Failed dependencies:
apr >= 1.2 is needed by nxlog-ce-2.9.1504-1.x86_64
libapr-1.so.0()(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
libc.so.6(GLIBC_2.14)(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
libcrypto.so.10()(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
libcrypto.so.10(libcrypto.so.10)(64bit) is needed by 
nxlog-ce-2.9.1504-1.x86_64
libdbi >= 0.8.1 is needed by nxlog-ce-2.9.1504-1.x86_64
libdbi.so.0()(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
libpcre.so.1()(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
libssl.so.10()(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
libssl.so.10(libssl.so.10)(64bit) is needed by nxlog-ce-2.9.1504-1.x86_64
perl >= 0:5.008005 is needed by nxlog-ce-2.9.1504-1.x86_64
rpmlib(FileDigests) <= 4.6.0-1 is needed by nxlog-ce-2.9.1504-1.x86_64

tgz I think will also meet this error. Unfortunately, most of them i cannot 
find from SUSE official website.
So the next way, i need try to build it, but i'm not very professional on 
it. :) 

On Thursday, June 23, 2016 at 5:33:19 PM UTC+8, Jan Doberstein wrote:
>
> Hi, 
>
> On 23. Juni 2016 at 11:16:16, sailing-lin (sait...@gmail.com ) 
> wrote: 
> > I try to install NXlog and Graylog Collector Sidecar on my SUSE Linux 
> > Server Enterprise 11. But there is no rpm package for SUSE, does anyone 
> > know how to use these two package on SESUE? 
>
> just install the present rpms or use the .tgz 
>
> with kind regards 
> Jan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/aa524832-e64b-4427-8bf9-e10e6a018f3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.