date:20160706

[graylog2] Re: Has any one successfully set up SSL on Graylog 2.0?

2016-07-06 Thread BKeep

I have just started the process of deploying Graylog 2.0.3 and cannot say 
anything about the process for settting up ssl within Graylog. if there 
really is an issue with using the built in capabilities, you can always try 
Apache as a proxy for Graylog. 
https://www.lisenet.com/2015/install-graylog2-server-on-centos-6/ and then 
look for the section configure Apache with https.

Once I actually get to the point where I am setting up my own cert, I will 
be able to comment more on this.

On Wednesday, July 6, 2016 at 2:42:47 PM UTC-5, dave...@gmail.com wrote:
>
> All, 
>
> I have been working on setting up a test instance of Graylog 2.0 for 
> several weeks now and I can't seem to make any progress with implementing 
> SSL. I have seen a few other posts asking about converting java wallets to 
> the new set up of cert and key pair but that doesn't apply I have a new 
> cert from a CA. I am pretty sure I have the cert in the correct encoding 
> "X.509 certificate with PEM encoding" that the documentation 
> asks for. 
> I can use the command "openssl x509 -in cert.pem -text -noout" to see the 
> contents of the cert without issue. I can get Graylog 2.0 running with no 
> SSL and with self generated certs but when I use the certs from the CA 
> I keep getting the errors below in /var/log/graylog-server/server.log when 
> I try to start Graylog 2.0, I can send more of the log if needed. This is 
> installed on Oracle Linux Server release 6.7 with Graylog 2.0, 
> Elasticsearch, and MongoDB installed from their respective yum repos. Any 
> advice would be greatly appreciated, I'm just spinning my wheels at this 
> point. 
>
>
> 2016-07-06T14:02:42.862-05:00 ERROR [ServiceManager] Service 
> WebInterfaceService [FAILED] has failed in the STARTING state.
> java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 
> 48)
> at 
> sun.security.util.ObjectIdentifier.(ObjectIdentifier.java:253) 
> ~[?:1.8.0_73]
> at 
> sun.security.util.DerInputStream.getOID(DerInputStream.java:281) 
> ~[?:1.8.0_73]
> at 
> com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) 
> ~[sunjce_provider.jar:1.8.0_71]
> at 
> java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) 
> ~[?:1.8.0_73]
> at 
> sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) 
> ~[?:1.8.0_73]
> at sun.security.x509.AlgorithmId.(AlgorithmId.java:114) 
> ~[?:1.8.0_73]
> at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) 
> ~[?:1.8.0_73]
> at 
> javax.crypto.EncryptedPrivateKeyInfo.(EncryptedPrivateKeyInfo.java:95) 
> ~[?:1.8.0_71]
> at 
> org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69)
>  
> ~[graylog.jar:?]
> at 
> org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96)
>  
> ~[graylog.jar:?]
> at 
> org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187)
>  
> ~[graylog.jar:?]
> at 
> org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158)
>  
> ~[graylog.jar:?]
> at 
> org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46)
>  
> ~[graylog.jar:?]
> at 
> com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
>  
> [graylog.jar:?]
> at 
> com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
> [graylog.jar:?]
> at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]
> 2016-07-06T14:02:42.896-05:00 ERROR [InputSetupService] Not starting any 
> inputs because lifecycle is: Uninitialized [LB:DEAD]
>
> 2016-07-06T14:02:42.941-05:00 ERROR [ServiceManager] Service 
> IndexerSetupService [FAILED] has failed in the STOPPING state.
> java.lang.IllegalStateException: Can't move to started state when closed
> at 
> org.elasticsearch.common.component.Lifecycle.moveToStarted(Lifecycle.java:130)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.transport.TransportService.doStart(TransportService.java:182)
>  
> ~[graylog.jar:?]
> at 
> org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68)
>  
> ~[graylog.jar:?]
> at org.elasticsearch.node.Node.start(Node.java:278) 
> ~[graylog.jar:?]
> at 
> org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114)
>  
> ~[graylog.jar:?]
> at 
> com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
>  
> [graylog.jar:?]
> at 
> com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
> [graylog.jar:?]
>

[graylog2] Where to configure the elasticsearch cluster, server.conf or elasticsearch.yml?

2016-07-06 Thread tommcf64



I have a 3 node Graylog cluster, two nodes have both the Graylog server and 
elasticsearch installed, the other has only elasticsearch installed,  and I 
am having difficultly understanding where to place the elasticsearch 
configuration information. Should it be placed in the server.conf file or 
in the elasticsearch.yml?

 

If the elasticsearch configuration  should be placed in the server.conf 
file what information needs to be placed in the elastcisearch.yml file?

 

The only way that I can get Graylog to operate is to have the cluster name, 
the node name, the network hostname  and the zen discovery hosts in both 
files, but I end up with 5 elasticsearch clusters instead of three.  2 of 
the elasticsearch clusters are advertised by the server.conf file 
configuration and three by the elastcisearch.yml configuration.  In this 
configuration Graylog show the elastcisearch cluster as being green, but 
elastcisearch show it being yellow

 

See below.   

curl 'server1:9200/_cat/nodes?v'

hostip  heap.percent   
 ram.percent load node.role  master name   


10.85.7.18710.85.7.187   6276 0.75 c   
   -   graylog-cc56d951(exposed by 
server.conf)

10.42.2.31  10.42.2.31 3  98 0.04 - 
  -   server3 (exposed by 
elasticsearch.yml)

10.42.2.21  10.42.2.2151 70 3.02 c 
 -   graylog-efba9df3(exposed by 
server.conf)

10.42.2.21  10.42.2.21 9  70 3.02 d 
 m server1 (exposed by 
elasticsearch.yml)   

10.85.7.18710.85.7.187   1176 0.75 d   
*  server2 (exposed by 
elasticsearch.yml)

 

Thank you,

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0160d312-1ab5-4335-9c35-d59ef7af4cb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Where to configure the elasticsearch cluster, server.conf or elasticsearch.yml?

2016-07-06 Thread tommcf64



I have a 3 node Graylog cluster, two nodes have both Graylog server and 
elastcisearch installed, the other has only elastcisearch installed,  and I 
am having difficultly understanding where to place the elasticsearch 
configuration information. Should it be placed in the server.conf file or 
in the elasticsearch.yml?

 

If the elasticsearch configuration  should be placed in the server.conf 
file what information needs to be placed in the elastcisearch.yml file?

 
The only way that I can get Graylog to operate is to have the cluster name, 
the node name, the network hostname  and the zen discovery hosts in both 
files, but I end up with 5 elasticsearch clusters instead of three.  2 of 
the elasticsearch clusters are advertised by the server.conf file 
configuration and three by the elastcisearch.yml configuration.
See results below:
curl 'server1:9200/_cat/nodes?v'
hostip  heap.percent ram.percent load node.role master name 
  
10.85.7.187 10.85.7.187   62  76 0.75 c - 
 graylog-cc56d951(exposed by server.conf)
10.42.2.31  10.42.2.31 3  98 0.04 - - 
 server3 (exposed by elasticsearch.yml)
10.42.2.21  10.42.2.2151  70 3.02 c - 
 graylog-efba9df3(exposed by server.conf)
10.42.2.21  10.42.2.21 9  70 3.02 d m 
 server1 (exposed by elasticsearch.yml)   
10.85.7.187 10.85.7.187   11  76 0.75 d * 
 server2 (exposed by elasticsearch.yml)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7f0856ab-2fc4-468d-8ed6-cb87b97d1766%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Error ( invalid distance too far back)

2016-07-06 Thread Yiannis

Hi all,
my graylog server every now and then throws the following error

2016-07-06T18:16:31.634Z ERROR [DecodingProcessor] Error processing message 
RawMessage{id=c3e09906-43a5-11e6-8d92-14feb5dac0e1, journalOffset=8155803, 
codec=gelf, payloadSize=2473, timestamp=2016-07-06T18:16:31.632Z}
java.util.zip.ZipException: invalid distance too far back
at 
java.util.zip.InflaterInputStream.read(InflaterInputStream.java:164) 
~[?:1.8.0_91]
at java.util.zip.GZIPInputStream.read(GZIPInputStream.java:117) 
~[?:1.8.0_91]
at java.io.FilterInputStream.read(FilterInputStream.java:107) 
~[?:1.8.0_91]
at com.google.common.io.ByteStreams.copy(ByteStreams.java:110) 
~[graylog.jar:?]
at 
com.google.common.io.ByteStreams.toByteArray(ByteStreams.java:168) 
~[graylog.jar:?]
at org.graylog2.plugin.Tools.decompressGzip(Tools.java:202) 
~[graylog.jar:?]
at 
org.graylog2.inputs.codecs.gelf.GELFMessage.getJSON(GELFMessage.java:57) 
~[graylog.jar:?]
at org.graylog2.inputs.codecs.GelfCodec.decode(GelfCodec.java:110) 
~[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:136)
 
~[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:82)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:58)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35)
 
[graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:139) 
[graylog.jar:?]
at 
com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66)
 
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_91]

2016-07-06T20:22:57.544Z ERROR [DecodingProcessor] Error processing message 
RawMessage{id=6d6dfe20-43b7-11e6-9c4f-14feb5dade21, journalOffset=13128278, 
codec=gelf, payloadSize=1659, timestamp=2016-07-06T20:22:57.538Z}
java.util.zip.ZipException: invalid distance too far back
at 
java.util.zip.InflaterInputStream.read(InflaterInputStream.java:164) 
~[?:1.8.0_91]
at java.util.zip.GZIPInputStream.read(GZIPInputStream.java:117) 
~[?:1.8.0_91]
at java.io.FilterInputStream.read(FilterInputStream.java:107) 
~[?:1.8.0_91]
at com.google.common.io.ByteStreams.copy(ByteStreams.java:110) 
~[graylog.jar:?]
at 
com.google.common.io.ByteStreams.toByteArray(ByteStreams.java:168) 
~[graylog.jar:?]
at org.graylog2.plugin.Tools.decompressGzip(Tools.java:202) 
~[graylog.jar:?]
at 
org.graylog2.inputs.codecs.gelf.GELFMessage.getJSON(GELFMessage.java:57) 
~[graylog.jar:?]
at org.graylog2.inputs.codecs.GelfCodec.decode(GelfCodec.java:110) 
~[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:136)
 
~[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:82)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:58)
 
[graylog.jar:?]
at 
org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35)
 
[graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:139) 
[graylog.jar:?]
at 
com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66)
 
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_91]

Could someone explain what is going wrong.

Regards
Yiannis

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/84fbfa9e-e54b-446d-bcef-c18be85ee6e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Has any one successfully set up SSL on Graylog 2.0?

2016-07-06 Thread davelcan

All, 

I have been working on setting up a test instance of Graylog 2.0 for 
several weeks now and I can't seem to make any progress with implementing 
SSL. I have seen a few other posts asking about converting java wallets to 
the new set up of cert and key pair but that doesn't apply I have a new 
cert from a CA. I am pretty sure I have the cert in the correct encoding 
"X.509 certificate with PEM encoding" that the documentation 
asks for. I 
can use the command "openssl x509 -in cert.pem -text -noout" to see the 
contents of the cert without issue. I can get Graylog 2.0 running with no 
SSL and with self generated certs but when I use the certs from the CA 
I keep getting the errors below in /var/log/graylog-server/server.log when 
I try to start Graylog 2.0, I can send more of the log if needed. This is 
installed on Oracle Linux Server release 6.7 with Graylog 2.0, 
Elasticsearch, and MongoDB installed from their respective yum repos. Any 
advice would be greatly appreciated, I'm just spinning my wheels at this 
point. 


2016-07-06T14:02:42.862-05:00 ERROR [ServiceManager] Service 
WebInterfaceService [FAILED] has failed in the STARTING state.
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 
48)
at 
sun.security.util.ObjectIdentifier.(ObjectIdentifier.java:253) 
~[?:1.8.0_73]
at sun.security.util.DerInputStream.getOID(DerInputStream.java:281) 
~[?:1.8.0_73]
at 
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) 
~[sunjce_provider.jar:1.8.0_71]
at 
java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) 
~[?:1.8.0_73]
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) 
~[?:1.8.0_73]
at sun.security.x509.AlgorithmId.(AlgorithmId.java:114) 
~[?:1.8.0_73]
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) 
~[?:1.8.0_73]
at 
javax.crypto.EncryptedPrivateKeyInfo.(EncryptedPrivateKeyInfo.java:95) 
~[?:1.8.0_71]
at 
org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69)
 
~[graylog.jar:?]
at 
org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) 
~[graylog.jar:?]
at 
org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187)
 
~[graylog.jar:?]
at 
org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158)
 
~[graylog.jar:?]
at 
org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46)
 
~[graylog.jar:?]
at 
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
 
[graylog.jar:?]
at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]
2016-07-06T14:02:42.896-05:00 ERROR [InputSetupService] Not starting any 
inputs because lifecycle is: Uninitialized [LB:DEAD]

2016-07-06T14:02:42.941-05:00 ERROR [ServiceManager] Service 
IndexerSetupService [FAILED] has failed in the STOPPING state.
java.lang.IllegalStateException: Can't move to started state when closed
at 
org.elasticsearch.common.component.Lifecycle.moveToStarted(Lifecycle.java:130) 
~[graylog.jar:?]
at 
org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69)
 
~[graylog.jar:?]
at 
org.elasticsearch.transport.TransportService.doStart(TransportService.java:182) 
~[graylog.jar:?]
at 
org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68)
 
~[graylog.jar:?]
at org.elasticsearch.node.Node.start(Node.java:278) ~[graylog.jar:?]
at 
org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114)
 
~[graylog.jar:?]
at 
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
 
[graylog.jar:?]
at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]


2016-07-06T14:02:43.202-05:00 ERROR [ServiceManager] Service RestApiService 
[FAILED] has failed in the STOPPING state.
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 
48)
at 
sun.security.util.ObjectIdentifier.(ObjectIdentifier.java:253) 
~[?:1.8.0_73]
at sun.security.util.DerInputStream.getOID(DerInputStream.java:281) 
~[?:1.8.0_73]
at 
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) 
~[sunjce_provider.jar:1.8.0_71]
at 
java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) 
~[?:1.8.0_73]
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) 
~[?:1.8.0_73]
at

[graylog2] Graylog IO Exception Error

2016-07-06 Thread Ariel Godinez

Hello,

I've been using graylog for a couple weeks now and started to notice some 
unusual behavior today. I am currently running a single node setup.

The Issue:

Every once in awhile I start to notice that that graylog is dragging quite 
a bit (the loading spinner is persisting much longer than usual) so I go 
check the logs and find the following error message. 

ERROR [ServerRuntime$Responder] An I/O error has occurred while writing a 
response message entity to the container output stream.
org.glassfish.jersey.server.internal.process.MappableException: 
java.io.IOException: Connection closed
at 
org.glassfish.jersey.server.internal.MappableExceptionWrapperInterceptor.aroundWriteTo(MappableExceptionWrapperInterceptor.java:92)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.message.internal.WriterInterceptorExecutor.proceed(WriterInterceptorExecutor.java:162)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.message.internal.MessageBodyFactory.writeTo(MessageBodyFactory.java:1130)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.ServerRuntime$Responder.writeResponse(ServerRuntime.java:711)
 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ServerRuntime$Responder.processResponse(ServerRuntime.java:444)
 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ServerRuntime$Responder.process(ServerRuntime.java:434)
 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:329) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:267) 
[graylog.jar:?]
at 
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
 
[graylog.jar:?]
at 
org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384)
 
[graylog.jar:?]
at 
org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) 
[graylog.jar:?]
at 
com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
 
[graylog.jar:?]
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_91]
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_91]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_91]
Caused by: java.io.IOException: Connection closed
at 
org.glassfish.grizzly.asyncqueue.TaskQueue.onClose(TaskQueue.java:317) 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.AbstractNIOAsyncQueueWriter.onClose(AbstractNIOAsyncQueueWriter.java:501)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.transport.TCPNIOTransport.closeConnection(TCPNIOTransport.java:412)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.NIOConnection.doClose(NIOConnection.java:604) 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.NIOConnection$5.run(NIOConnection.java:570) 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.DefaultSelectorHandler.execute(DefaultSelectorHandler.java:235)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.NIOConnection.terminate0(NIOConnection.java:564) 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.transport.TCPNIOConnection.terminate0(TCPNIOConnection.java:291)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.transport.TCPNIOAsyncQueueWriter.writeCompositeRecord(TCPNIOAsyncQueueWriter.java:197)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.transport.TCPNIOAsyncQueueWriter.write0(TCPNIOAsyncQueueWriter.java:92)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.AbstractNIOAsyncQueueWriter.processAsync(AbstractNIOAsyncQueueWriter.java:344)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:107)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) 
~[graylog.jar:?]
at 
org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.strategies.SameThreadIOStrategy.executeIoEvent(SameThreadIOStrategy.java:103)
 
~[graylog.jar:?]
at 
org.glassfish.grizzly.strategies.AbstractIOStrategy.executeIoEvent(AbstractIOStrategy.java:89)

[graylog2] Re: Graylog alerts - X-Forwarded-For showing as 'null'

2016-07-06 Thread George Nussbaum

Hi Jochen,

I actually think it's normal behavior now.  I see proper logs and then the 
null ones but think it's a process that is running on those sites that's 
being logged.

On Friday, July 1, 2016 at 4:14:46 AM UTC-4, Jochen Schalanda wrote:
>
> Hi George,
>
> what kind of alarm callback are you using? If it's supporting templates, 
> which ones are you using?
>
> Cheers,
> Jochen
>
> On Thursday, 30 June 2016 18:40:57 UTC+2, George Nussbaum wrote:
>>
>> Hello,
>>
>> I have set up alerting on one of my streams.  The alerts come through 
>> fine.  However, the detailed info within the alert is showing my 
>> X-Forwarded-For as a null value.  The values show up in a search, so I'm 
>> confused as to why it's doing this.
>>
>> Any ideas?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/21f36c37-bf37-473b-ac67-87ad03033f98%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Has any one successfully set up SSL on Graylog 2.0?

[graylog2] Where to configure the elasticsearch cluster, server.conf or elasticsearch.yml?

[graylog2] Where to configure the elasticsearch cluster, server.conf or elasticsearch.yml?

[graylog2] Graylog Error ( invalid distance too far back)

[graylog2] Has any one successfully set up SSL on Graylog 2.0?

[graylog2] Graylog IO Exception Error

[graylog2] Re: Graylog alerts - X-Forwarded-For showing as 'null'

7 matches

Site Navigation

Mail list logo

Footer information