[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Aitor Mendoza 
Hello Jochen,

But the problem of disk space is from yesterday because a vmware datastore 
problem that is already solved. But I want to solve the alert "NO MASTER 
fixed" that appears till the first day...

Thanks

El jueves, 2 de febrero de 2017, 15:22:58 (UTC+1), Jochen Schalanda 
escribió:
>
> Hi Aitor,
>
> these logs clearly show that your Elasticsearch cluster is not healthy: It 
> ran out of disk space multiple times and it can't keep up with indexing 
> messages sent by Graylog (full task queues etc.).
>
> You'll have to provide more hardware (esp. more memory, at least 4 GiB) to 
> your Elasticsearch nodes.
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/57c90549-ae8f-4d07-a9a8-6b089e8bb6e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Monitoring Windows DHCP Server Activity

2017-02-02 Thread Rob Repp 
I set up a Graylog 2.1.2 server by deploying the downloadable OVA from 
graylog.org. I'm trying to monitor a Windows 2008 R2 server with the DHCP 
role installed. The DHCP server deposits activity data into log files 
at C:\Windows\System32\dhcp\DhcpSrvLog-*.log. I have collector-sidecar and 
nxlog installed on the Windows machine, and configured to send the log data 
back to a collector input on the Graylog server.

My configuration is based on the WindowsDHCP content pack available in the 
Graylog marketplace. I imported the content pack json, 
configured collector-sidecar on Windows and the Graylog collector starting 
from the sample code at https://github.com/JulioQc/WinDHCP. Unfortunately, 
when I do "show messages" for the collector, there's nothing coming in.

Has anyone had any success with this configuration? If not, is there a 
better method for monitoring Windows DHCP activity with Graylog? Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d123b126-1db8-4691-a743-86bfd61bae3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Indices and edit Extractor page timing out

2017-02-02 Thread Steve Kuntz 
Hi

This is still a big issue for me. Is there anything I can do? Is there any 
more information I can provide to get help?

On Wednesday, December 14, 2016 at 10:46:36 AM UTC-5, Steve Kuntz wrote:
>
> Hi,
>
> Has anyone else seen this behavior? Everything works well until I hit the 
> Indices page or the try to edit an extractor. After this sometimes I have 
> to restart Graylog to get the interface to respond again. Could I have too 
> many Indices and/or shards? I'm currently processing about 40,000 
> messages/second. I have 1,700 indices, 24,500 shards and I've just lowered 
> my shards from 8 primaries and 1 replica to 4 primaries and 1 replica. 
> Currently my ES usage is ~40TB
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/64f04070-a271-4cb7-98c1-803941debfce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [ANN] Graylog 2.2.0-rc.1 has been released

2017-02-02 Thread yessou . sami 
Graylog is perfect, it only needs more customization and it will beat any 
classic Elasticsearch with kibana... when do you plan working on more 
customizable dashboards like Kibana?


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5dab0a7b-f1ea-428e-a66f-b17502323093%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Unable to connect elastic search

2017-02-02 Thread Sridhar 
Hi,

I am configuring graylog in my pc, I am unable to connect elasticserach 
server from graylog

Exception: 

com.google.common.util.concurrent.UncheckedExecutionException: 
ClusterBlockException[blocked by: [SERVICE_UNAVAILABLE/1/state not 
recovered / initialized];]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2207) 
~[graylog.jar:?]
at com.google.common.cache.LocalCache.get(LocalCache.java:3953) 
~[graylog.jar:?]
at 
com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4790) 
~[graylog.jar:?]
at 
org.graylog2.rest.resources.sources.SourcesResource.list(SourcesResource.java:89)
 
~[graylog.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:1.8.0_121]
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
~[?:1.8.0_121]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:1.8.0_121]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121]
at 
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
 
~[graylog.jar:?]
at 
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
 
~[graylog.jar:?]
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) 
[graylog.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:267) 
[graylog.jar:?]
at 
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) 
[graylog.jar:?]
at 
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
 
[graylog.jar:?]
at 
org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384)
 
[graylog.jar:?]
at 
org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) 
[graylog.jar:?]
at 
com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
 
[graylog.jar:?]
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_121]
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_121]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: org.elasticsearch.cluster.block.ClusterBlockException: blocked 
by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];
at 
org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:158)
 
~[graylog.jar:?]
at 
org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:144)
 
~[graylog.jar:?]
at 
org.elasticsearch.action.search.AbstractSearchAsyncAction.(AbstractSearchAsyncAction.java:94)
 
~[graylog.jar:?]
at 
org.elasticsearch.action.search.SearchQueryThenFetchAsyncAction.(SearchQueryThenFetchAsyncAction.java:53)
 
~[graylog.jar:?]
at 
org.elasticsearch.action.search.TransportSearchAction.doExecute(TransportSearchAction.java:93)
 
~[graylog.jar:?]
at 
org.elasticsearch.action.search.TransportSearchAction.doExecute(TransportSearchAction.java:47)
 
~[graylog.jar:?]
at 
org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:149)
 
~[graylog.jar:?]


elasticsearch.yml

st of Elasticsearch master nodes to connect to
elasticsearch_discovery_zen_ping_unicast_hosts = 
es-node-1.example.org:9300,es-node-2.example.org:9300

# Public IP address or host name of the Graylog node, accessible for the 
other Elasticsearch nodes
elasticsearch_network_host = 127.0.0.1

discovery.zen.ping.multicast.enabled : false
discovery.zen.ping.unicast.hosts : ["es-node-1.example.org:9300" , 
"es-node-2.example.org:9300"]

[graylog2] Re: Source Name is not displayed.

2017-02-02 Thread Jochen Schalanda 
Hi Sridhar,

Which GELF appender are you using?
Did you configure a GELF UDP or a GELF TCP input in Graylog?
How did you configure these inputs?
Did you check your firewall rules to allow access on port 12201/tcp or 
12201/udp?

Cheers,
Jochen

On Thursday, 2 February 2017 16:21:08 UTC+1, Sridhar wrote:
>
> Hi,
>
> I am very new to graylog. I am using following configuration,
>
> Virtualbox version: Version 5.1.14 r112924 (Qt5.6.2)
> Graylog OVA file: graylog-2.1.3-1
>
> I am able to open Graylog web interface with out any issue and I am using 
> the following logging configuration for sending messages from my local java 
> application to Graylog.
>
> 
> 
>  xmlns:log4j='http://jakarta.apache.org/log4j/'>
>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
> 
> 
> 
> 
> 
>
> 
>
> When I run the application, I can see the input message count coming from 
> my java application on top right corner of the web interface, but I am not 
> able to find the source name under Top Sources section. Could any one know 
> what is the issue here?
>
> Please find the attachment for more details, I have highlighted the input 
> and source sections with red color
>
> Your help is much more appreciated.
>
> Thanks,
> Sridhar
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/490b60cc-d483-4750-b240-c8b9f59b0a9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Nodes with too long GC pauses

2017-02-02 Thread Jochen Schalanda 
Hi Nitzan,

please post the configuration and logs of all Graylog nodes and a 
description of your hardware.

Cheers,
Jochen

On Thursday, 2 February 2017 17:18:12 UTC+1, Nitzan Haimovich wrote:
>
> Hi all,
>
> I'm getting this message (*Nodes with too long GC pauses*) on my Graylog 
> cluster. I saw many people were posting about it but not a single thread 
> with solutions for how to solve/fix/approach it.
> I would be glad for any help.
>
> My cluster - 3 Graylog instances, each one with 8 cores and 16GB memory 
> (heap size is configured to be : Xms - 1GB , Xmx - 8GB).
> If you need any more details please let me know.
>
> Thanks!!
>
> Nitzan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/67436c8a-659b-4dce-b24a-3fec658852ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Jochen Schalanda 
Hi Giwenn,

what are the attributes of your self-signed certificate, especially the 
CommonName (CN) and optionally the AltSubjName?

In your first message, it looks like it was CN=10.22.5.24:9000, which is 
wrong (it has to be the host name of the Graylog node, i. e. CN=10.22.5.24 
or CN=graylog.example.com).

Cheers,
Jochen

On Thursday, 2 February 2017 16:48:43 UTC+1, Giwenn Launay wrote:
>
> Hi Jochen,
>
>
> Here are the commands that I pass to put my server graylog in HTTPS:
>
> 1- 
>
> openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem 
> -out graycert.pem
>
> 2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem
>
> 3- configuration this server.conf:
>
> rest_enable_tls = true
> rest_tls_cert_file = /path/to/graycert.pem
> rest_tls_key_file = /path/to/graylog-key.pem
> web_enable_tls = true
> web_tls_cert_file = /path/to/graycert.pem
> web_tls_key_file = /path/to/graykey.pem
>
> I have not set a password for the keys yet.
>
> 4 - keytool -importcert -keystore 
> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts
>  -storepass changeit -alias graylog-self-signed -file graycert.pem
>
> 5 - Verify that the certificate has been added:
>
> keytool -keystore 
> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts
>  -storepass changeit -list | grep graylog-self-signed -A1
>
> answer: 
> graylog-self-signed, 2 févr. 2017, trustedCertEntry,
> Empreinte du certificat (SHA1) : 
> 78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08
>
> 6- Addition of the instruction in the jvm trust:
>
> GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts"
>
> 7- restart the server
>
>
> The error message appears when connecting to the web page. The inputs and 
> outputs do not work, they are in not running mode.
> Is my configuration good? 
>
> Thank =)
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1656783b-f336-4d0a-83b2-f7e363454bc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Nodes with too long GC pauses

2017-02-02 Thread Nitzan Haimovich 
Hi all,

I'm getting this message (*Nodes with too long GC pauses*) on my Graylog 
cluster. I saw many people were posting about it but not a single thread 
with solutions for how to solve/fix/approach it.
I would be glad for any help.

My cluster - 3 Graylog instances, each one with 8 cores and 16GB memory 
(heap size is configured to be : Xms - 1GB , Xmx - 8GB).
If you need any more details please let me know.

Thanks!!

Nitzan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fd53a040-cecb-45eb-ba32-20c2fbf2dac7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Giwenn Launay 
Hi Jochen,


Here are the commands that I pass to put my server graylog in HTTPS:

1- 

openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem 
-out graycert.pem

2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem

3- configuration this server.conf:

rest_enable_tls = true
rest_tls_cert_file = /path/to/graycert.pem
rest_tls_key_file = /path/to/graylog-key.pem
web_enable_tls = true
web_tls_cert_file = /path/to/graycert.pem
web_tls_key_file = /path/to/graykey.pem

I have not set a password for the keys yet.

4 - keytool -importcert -keystore 
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts
 -storepass changeit -alias graylog-self-signed -file graycert.pem

5 - Verify that the certificate has been added:

keytool -keystore 
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts
 -storepass changeit -list | grep graylog-self-signed -A1

answer: 
graylog-self-signed, 2 févr. 2017, trustedCertEntry,
Empreinte du certificat (SHA1) : 
78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08

6- Addition of the instruction in the jvm trust:

GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts"

7- restart the server


The error message appears when connecting to the web page. The inputs and 
outputs do not work, they are in not running mode.
Is my configuration good? 

Thank =)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/73a0db75-1713-466a-acdf-3d98c3137b51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Source Name is not displayed.

2017-02-02 Thread Sridhar 
Hi,

I am very new to graylog. I am using following configuration,

Virtualbox version: Version 5.1.14 r112924 (Qt5.6.2)
Graylog OVA file: graylog-2.1.3-1

I am able to open Graylog web interface with out any issue and I am using 
the following logging configuration for sending messages from my local java 
application to Graylog.


































When I run the application, I can see the input message count coming from 
my java application on top right corner of the web interface, but I am not 
able to find the source name under Top Sources section. Could any one know 
what is the issue here?

Please find the attachment for more details, I have highlighted the input 
and source sections with red color

Your help is much more appreciated.

Thanks,
Sridhar


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6424ac65-0bd3-4754-aa1c-313130c2b330%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Tzvi Moshe Arnstein 
That worked!!
Thank you for all your help!
Seems like we're all good now!

On Thursday, February 2, 2017 at 4:18:54 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Tzvi,
>
>
> On Thursday, 2 February 2017 15:14:46 UTC+1, Tzvi Moshe Arnstein wrote:
>>
>> However I'm getting an errr in the browser now: 
>> https://gyazo.com/2398b5bd57aa1e860192ec445ae04ee6 the IP there is the 
>> internal IP
>>
>
> Try setting web_endpoint_uri to http://104.196.203.4:9000/api/. This is 
> the URI the Graylog web interface will use to communicate with the Graylog 
> REST API.
>
> Also make sure to read and understand 
> http://docs.graylog.org/en/2.1/pages/configuration/web_interface.html 
> before continuing.
>
> Cheers,
> Jochen
>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/640fef9b-4cb4-41b7-835c-ac3b515ed5a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Jochen Schalanda 
Hi Aitor,

these logs clearly show that your Elasticsearch cluster is not healthy: It 
ran out of disk space multiple times and it can't keep up with indexing 
messages sent by Graylog (full task queues etc.).

You'll have to provide more hardware (esp. more memory, at least 4 GiB) to 
your Elasticsearch nodes.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c0a90c4c-c6b3-4f5e-9ce6-cc79a3c0dee9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Jochen Schalanda 
Hi Tzvi,


On Thursday, 2 February 2017 15:14:46 UTC+1, Tzvi Moshe Arnstein wrote:
>
> However I'm getting an errr in the browser now: 
> https://gyazo.com/2398b5bd57aa1e860192ec445ae04ee6 the IP there is the 
> internal IP
>

Try setting web_endpoint_uri to http://104.196.203.4:9000/api/. This is the 
URI the Graylog web interface will use to communicate with the Graylog REST 
API.

Also make sure to read and 
understand 
http://docs.graylog.org/en/2.1/pages/configuration/web_interface.html 
before continuing.

Cheers,
Jochen

>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/808c97da-bfa0-46ba-bd40-780b5dff5233%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Tzvi Moshe Arnstein 
Hi Jochen,

Bingo! I changed to 0.0.0.0 and now it worked! Also seems that my firewall 
was blocking connections on 9000 so I updated that too.
However I'm getting an errr in the browser 
now: https://gyazo.com/2398b5bd57aa1e860192ec445ae04ee6 the IP there is the 
internal IP
Thank you

On Thursday, February 2, 2017 at 3:48:35 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Tzvi,
>
> On Thursday, 2 February 2017 14:40:13 UTC+1, Tzvi Moshe Arnstein wrote:
>>
>> Im not sure what you mean? This is the instance running graylog and this 
>> is the assigned IP, unless I have to do additional configuration to make 
>> this IP work?
>>
>
> The IP addresses set up on the machine are those which you have seen in 
> the output of *ip addr show*. If you want or need to use other IP 
> addresses, you need to set them up on your machine first.
>
> FWIW, using 0.0.0.0 should just be fine.
>
>
> Cheers,
> Jochen
>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8cbcebab-a4a1-4a94-b1e5-47efbc7339fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Jochen Schalanda 
Hi Tzvi,

On Thursday, 2 February 2017 14:40:13 UTC+1, Tzvi Moshe Arnstein wrote:
>
> Im not sure what you mean? This is the instance running graylog and this 
> is the assigned IP, unless I have to do additional configuration to make 
> this IP work?
>

The IP addresses set up on the machine are those which you have seen in the 
output of *ip addr show*. If you want or need to use other IP addresses, 
you need to set them up on your machine first.

FWIW, using 0.0.0.0 should just be fine.


Cheers,
Jochen

>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/47ba5be4-6e23-48e1-9003-650a96955a78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Tzvi Moshe Arnstein 
Hi,
Im not sure what you mean? This is the instance running graylog and this is 
the assigned IP, unless I have to do additional configuration to make this 
IP work? Can you explain? Thanks you for your patience!

On Thursday, February 2, 2017 at 3:31:15 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Tzvi,
>
> you have to use an IP address or hostname in rest_listen_uri an 
> web_listen_uri, which has been setup *on the machine* running Graylog.
>
> Cheers,
> Jochen
>
> On Thursday, 2 February 2017 14:19:05 UTC+1, Tzvi Moshe Arnstein wrote:
>>
>> Hi,
>> Thats the IP assigned to the instance in GCP
>> When I run: host myip.opendns.com resolver1.opendns.com
>> *This is the response*
>> Using domain server:
>> Name: resolver1.opendns.com
>> Address: 208.67.222.222#53
>> Aliases:
>>
>> myip.opendns.com has address 104.196.203.4
>> Host myip.opendns.com not found: 3(NXDOMAIN)
>> Host myip.opendns.com not found: 3(NXDOMAIN)
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2e50-371e-4c10-af27-2b6962a56a5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: You are running an outdated Graylog version even after upgrade from 2.1.x to 2.1.3

2017-02-02 Thread Jochen Schalanda 
Hi Sinai,

are you running multiple Graylog nodes? Have all been updated? Did you 
restart all Graylog nodes after upgrading the files via the package 
management system of your operating system?

Cheers,
Jochen

On Thursday, 2 February 2017 13:03:15 UTC+1, Sinai Rijkov wrote:
>
> Hi,
>  Yes I know it, but its coming back. :)  
> Pretty annoying when all is "green" and OK. 
>
>
> On Wednesday, February 1, 2017 at 5:42:54 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Sinai,
>>
>> you can close/delete that notification by clicking on the 'X' in the 
>> upper right corner of the notification in the Graylog web interface.
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 1 February 2017 16:31:43 UTC+1, Sinai Rijkov wrote:
>>>
>>>
>>> Hi , guys! 
>>>
>>> Issue error from web interface - 
>>>
>>>
>>> You are running an outdated Graylog version. (triggered 5 hours ago)
>>> The most recent stable Graylog version is *2.1.3 (Smuttynose) released 
>>> at 2017-01-26T00:00:00.000Z*. Get it from https://www.graylog.org/.
>>>
>>>
>>>
>>>
>>> So I did update through yum install before w/o updating repositroy 
>>> first, 
>>> After reading article I've checked this from my server and it looks 
>>> fine, but still have error that server is Outdated:
>>>  
>>>
>>> *1 *.[root@graylog]# rpm -Uvh 
>>> https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.rpm
>>> Retrieving 
>>> https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.rpm
>>> Preparing...  # 
>>> [100%]
>>> package graylog-2.1-repository-1-3.noarch is already installed
>>>
>>>
>>> *2.* [root@graylog]# yum install graylog-server
>>> Loaded plugins: fastestmirror, langpacks
>>> Loading mirror speeds from cached hostfile
>>>  * epel: mirror.nonstop.co.il
>>> Package graylog-server-2.1.3-1.noarch already installed and latest 
>>> version
>>> Nothing to do
>>>
>>>
>>> Some bug? (any changes,that I can do manually? )
>>>  
>>>
>>> Thank you.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d2a7e69b-9484-429a-a2bb-1a9947cbad56%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Jochen Schalanda 
Hi Tzvi,

you have to use an IP address or hostname in rest_listen_uri an 
web_listen_uri, which has been setup *on the machine* running Graylog.

Cheers,
Jochen

On Thursday, 2 February 2017 14:19:05 UTC+1, Tzvi Moshe Arnstein wrote:
>
> Hi,
> Thats the IP assigned to the instance in GCP
> When I run: host myip.opendns.com resolver1.opendns.com
> *This is the response*
> Using domain server:
> Name: resolver1.opendns.com
> Address: 208.67.222.222#53
> Aliases:
>
> myip.opendns.com has address 104.196.203.4
> Host myip.opendns.com not found: 3(NXDOMAIN)
> Host myip.opendns.com not found: 3(NXDOMAIN)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/67dd0685-6b11-48d3-8294-5ab438a540ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Jochen Schalanda 
Hi Aitor,

On Thursday, 2 February 2017 14:06:55 UTC+1, Aitor Mendoza wrote:
>
> *For example: (/var/log/graylog/elasticsearch/graylog.log)*
>

Please post the *complete* logs of your Graylog and Elasticsearch nodes as 
text (for example as an attachment to this discussion).

Did you run out of disk space? There is at least 1 corrupted Elasticsearch 
index (graylog_58) according to your logs.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/be3b7b52-5736-41c1-ba6b-725b7982f647%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Jochen Schalanda 
Hi Giwenn,

On Thursday, 2 February 2017 14:20:17 UTC+1, Giwenn Launay wrote:
>
> You have another solution ???
>

What didn't work with the one outlined in the Graylog documentation?

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9d5f1d82-1e2d-4b6a-a7b0-6e109939cd26%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Giwenn Launay 
You have another solution ???
For more than 2 weeks I have been trying to solve this error

Thank =)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e213d8d0-9615-4902-9796-ad8b41c8cad0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Error on start

2017-02-02 Thread Tzvi Moshe Arnstein 
Hi,
Thats the IP assigned to the instance in GCP
When I run: host myip.opendns.com resolver1.opendns.com
*This is the response*
Using domain server:
Name: resolver1.opendns.com
Address: 208.67.222.222#53
Aliases:

myip.opendns.com has address 104.196.203.4
Host myip.opendns.com not found: 3(NXDOMAIN)
Host myip.opendns.com not found: 3(NXDOMAIN)

Also when I tried 127.0.0.1 or 0.0.0.0 its still would error out

On Thu, Feb 2, 2017 at 12:32 AM, Jochen Schalanda 
wrote:

> Hi Tzvi,
>
> there you have it. 104.196.203.4 is not a valid IP address of the machine
> running Graylog.
>
> Why did you use that in your configuration?
>
> Cheers,
> Jochen
>
> On Wednesday, 1 February 2017 22:56:06 UTC+1, Tzvi Moshe Arnstein wrote:
>>
>> the output is as follows:
>> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
>> default qlen 1
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>>valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>>valid_lft forever preferred_lft forever
>> 2: ens4:  mtu 1460 qdisc pfifo_fast
>> state UP group default qlen 1000
>> link/ether 42:01:0a:8e:00:03 brd ff:ff:ff:ff:ff:ff
>> inet 10.142.0.3/32 brd 10.142.0.3 scope global ens4
>>valid_lft forever preferred_lft forever
>> inet6 fe80::4001:aff:fe8e:3/64 scope link
>>valid_lft forever preferred_lft forever
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/N_sANtDwwXA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/252bf127-e20f-403f-98db-3144f7dc341a%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CANLnumhdkVy4o6CbLLbwzg_d0zopf7-aq7oZwEqWGLEuHNF-9w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Aitor Mendoza 
Sorry,

*For example: (/var/log/graylog/elasticsearch/graylog.log)*




[2017-01-30 01:49:24,310][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 01:49:24,591][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 02:00:18,260][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 02:24:34,321][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 02:24:34,568][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 05:44:38,282][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 06:10:19,257][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 06:25:32,267][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 07:26:44,297][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 07:26:48,272][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 10:38:00,252][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 16:19:33,278][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 17:25:35,716][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 18:03:43,270][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 18:03:45,291][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-30 18:04:17,286][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_56] update_mapping [message]
[2017-01-31 01:00:05,015][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] creating index, cause [api], templates 
[graylog-internal], shards [4]/[1], mapping$
[2017-01-31 01:00:06,298][INFO ][cluster.routing.allocation] [Servidor 
Graylog] Cluster health status changed from [RED] to [YELLOW] (reason: 
[shards started [[graylog_57][0]$
[2017-01-31 01:00:07,427][INFO ][cluster.routing.allocation] [Servidor 
Graylog] Cluster health status changed from [YELLOW] to [GREEN] (reason: 
[shards started [[graylog_57][$
[2017-01-31 01:00:08,251][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:08,254][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:08,470][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:08,737][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:09,019][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:09,403][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:09,657][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:10,278][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:10,477][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:18,255][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:22,259][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:34,326][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:34,531][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:34,535][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:34,821][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:34,824][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:34,828][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]
[2017-01-31 01:00:35,055][INFO ][cluster.metadata ] [Servidor 
Graylog] [graylog_57] update_mapping [message]





El jueves, 2 de febrero de 2017, 12:57:03 (UTC+1), Jochen Schalanda 
escribió:
>
> Hi Aitor,
>
> please post the logs of your

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Giwenn Launay 
Yes, I added GRAYLOG_SERVER_JAVA_OPTS= 
"-Djavax.net.ssl.trustStore=/etc/graylog/certificate/cacerts.jks" 
in the /etc/sysconfig/graylog-server
 And I did not change the password by default

Thank you for the speed of your answer

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/22b44d31-fb9e-4d89-8c4e-fbb26a3f78e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Giwenn Launay 
Yes, I added GRAYLOG_SERVER_JAVA_OPTS= 
"-Djavax.net.ssl.trustStore=/etc/graylog/certificate/cacerts.jks" 
in the /etc/sysconfig/graylog-server
 And I did not change the password by default

Thank you for the speed of your answer

On Thursday, February 2, 2017 at 12:55:42 PM UTC+1, Jochen Schalanda wrote:
>
> Hi Giwenn,
>
> you have to add your self-signed certificate to the JVM's trust store: 
> http://docs.graylog.org/en/2.1/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store
>
> Cheers,
> Jochen
>
> On Thursday, 2 February 2017 12:43:47 UTC+1, Giwenn Launay wrote:
>>
>> Hello,
>>
>> I'll contact you because I have a problem with the https of my Graylog 
>> server.
>> I generated the self-signed certificate and added the certificate to the 
>> JVM
>>
>> Here is my error message:
>>
>> You can not call https://10.22.5.24:9000/api/system/metrics/multiple on 
>> node <88d73a41-f393-43db-80e6- 85b80dd1d4f6>
>> Javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not 
>> verified:
>> Certificate: sha256 / a6eF3sXXGHb2 / Qni7qcRXNjM6JV6 + nuD4OADQ81Mczo =
>> DN: EMAILADDRESS = x...@xxx.com, CN = 10.22.5.24: 9000, OR = XX, O = 
>> , L = , ST = France, C = FR
>> SubjectAltNames: []
>>
>> Can anyone help me?
>> Thank you
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/86629dfe-e6de-4f9b-a28b-aa26540e6696%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: You are running an outdated Graylog version even after upgrade from 2.1.x to 2.1.3

2017-02-02 Thread Sinai Rijkov 
Hi,
 Yes I know it, but its coming back. :)  
Pretty annoying when all is "green" and OK. 


On Wednesday, February 1, 2017 at 5:42:54 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Sinai,
>
> you can close/delete that notification by clicking on the 'X' in the upper 
> right corner of the notification in the Graylog web interface.
>
> Cheers,
> Jochen
>
> On Wednesday, 1 February 2017 16:31:43 UTC+1, Sinai Rijkov wrote:
>>
>>
>> Hi , guys! 
>>
>> Issue error from web interface - 
>>
>>
>> You are running an outdated Graylog version. (triggered 5 hours ago)
>> The most recent stable Graylog version is *2.1.3 (Smuttynose) released 
>> at 2017-01-26T00:00:00.000Z*. Get it from https://www.graylog.org/.
>>
>>
>>
>>
>> So I did update through yum install before w/o updating repositroy first, 
>> After reading article I've checked this from my server and it looks fine, 
>> but still have error that server is Outdated:
>>  
>>
>> *1 *.[root@graylog]# rpm -Uvh 
>> https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.rpm
>> Retrieving 
>> https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.rpm
>> Preparing...  # 
>> [100%]
>> package graylog-2.1-repository-1-3.noarch is already installed
>>
>>
>> *2.* [root@graylog]# yum install graylog-server
>> Loaded plugins: fastestmirror, langpacks
>> Loading mirror speeds from cached hostfile
>>  * epel: mirror.nonstop.co.il
>> Package graylog-server-2.1.3-1.noarch already installed and latest version
>> Nothing to do
>>
>>
>> Some bug? (any changes,that I can do manually? )
>>  
>>
>> Thank you.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/258d43ce-0b73-4c5c-90b8-954cc5dc3345%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Jochen Schalanda 
Hi Aitor,

please post the logs of your Graylog and ES 
nodes: 
http://docs.graylog.org/en/2.1/pages/configuration/file_location.html#deb-package

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ebab97e2-bbc3-481c-8b51-a9a5863fe2f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Jochen Schalanda 
Hi Giwenn,

you have to add your self-signed certificate to the JVM's trust 
store: 
http://docs.graylog.org/en/2.1/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store

Cheers,
Jochen

On Thursday, 2 February 2017 12:43:47 UTC+1, Giwenn Launay wrote:
>
> Hello,
>
> I'll contact you because I have a problem with the https of my Graylog 
> server.
> I generated the self-signed certificate and added the certificate to the 
> JVM
>
> Here is my error message:
>
> You can not call https://10.22.5.24:9000/api/system/metrics/multiple on 
> node <88d73a41-f393-43db-80e6- 85b80dd1d4f6>
> Javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified:
> Certificate: sha256 / a6eF3sXXGHb2 / Qni7qcRXNjM6JV6 + nuD4OADQ81Mczo =
> DN: EMAILADDRESS = x...@xxx.com, CN = 10.22.5.24: 9000, OR = XX, O = 
> , L = , ST = France, C = FR
> SubjectAltNames: []
>
> Can anyone help me?
> Thank you
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/96012e8e-5092-437f-8d22-0b89878bc838%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https

2017-02-02 Thread Giwenn Launay 
Hello,

I'll contact you because I have a problem with the https of my Graylog 
server.
I generated the self-signed certificate and added the certificate to the JVM

Here is my error message:

You can not call https://10.22.5.24:9000/api/system/metrics/multiple on 
node <88d73a41-f393-43db-80e6- 85b80dd1d4f6>
Javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified:
Certificate: sha256 / a6eF3sXXGHb2 / Qni7qcRXNjM6JV6 + nuD4OADQ81Mczo =
DN: EMAILADDRESS = x...@xxx.com, CN = 10.22.5.24: 9000, OR = XX, O = , 
L = , ST = France, C = FR
SubjectAltNames: []

Can anyone help me?
Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/38d7bf00-cc92-4c25-b979-e00765f56ebb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Aitor Mendoza 
Hi,



*graylog.conf on GRAYLOG SERVER:*
is_master = true
node_id_file = /var/opt/graylog/graylog-server-node-id
rest_listen_uri = http://0.0.0.0:9000/api
web_listen_uri = http://0.0.0.0:9000/
elasticsearch_shards = 4
elasticsearch_replicas = 1
elasticsearch_discovery_zen_ping_unicast_hosts = 
192.168.1.XX:9300,192.168.1.XX:9300,192.168.1.XX:9300
elasticsearch_cluster_discovery_timeout = 5000
elasticsearch_network_host = 0.0.0.0

*http://192.168.1.xx:9200/_cluster/state?human*

  "nodes" : {
"VqnZug3bTe-SYeYEJTxbbg" : {
  "name" : "Servidor Graylog",
  "transport_address" : "192.168.1.xx:9300",
  "attributes" : {
"data" : "false",
"master" : "true"
  }
},
"HD4nGhhfTNuj323-4vzJ8A" : {
  "name" : "Servidor Elasticsearch 01",
  "transport_address" : "192.168.1.xx:9300",
  "attributes" : {
"master" : "true"
  }
},
"A6tbkcVMQC6X3ogr7LBCBw" : {
  "name" : "graylog-d84e9b91-9e4e-4ca9-a13f-09e824f26e0b",
  "transport_address" : "192.168.1.xx:9350",
  "attributes" : {
"client" : "true",
"data" : "false",
"master" : "false"
  }
},
"z1xsgIoQSDqie4Wj3xT10w" : {
  "name" : "Servidor Elasticsearch 02",
  "transport_address" : "192.168.1.xx:9300",
  "attributes" : {
"master" : "true"
  }
}
  },


*/etc/elasticsearch/elasticsearch.yml on ES1:*



cluster.name: graylog
node.name: "Servidor Elasticsearch 01"
node.master: true
node.data: true

network.host: 192.168.1.x1
network.bind_host: 192.168.1.x1
network.publish_host: 192.168.1.x1
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["192.168.1.x1:9300" , 
"192.168.1.x2:9300" , "192.168.1.x3:9300"]

index.number_of_replicas: 1
index.number_of_shards: 2


Thanks


El jueves, 2 de febrero de 2017, 10:30:04 (UTC+1), Jochen Schalanda 
escribió:
>
> Hi Aitor,
>
> please post the logs of your Graylog node, your Graylog configuration 
> (including JVM settings), and some details about the hardware of the 
> machine running Graylog.
>
> Cheers,
> Jochen
>
> On Thursday, 2 February 2017 07:57:34 UTC+1, Aitor Mendoza wrote:
>>
>> Hello,
>>
>> Since I configured my Graylog server sometimes appears this alert: 
>> *Notification condition [NO_MASTER] has been fixed.*
>> I have *one Graylog server* with *two ElasticSearch nodes*. I already 
>> check the server.conf to verify that is_master is correct.
>>
>> Yesterday I found that it could also be because I did not have 
>> synchronized time (I always had it correctly), but I also installed NTP and 
>> configured the 3 hosts with the same NTP servers configuration.
>> But it seems that the warning still appears ...
>>
>> I appreciate any help, thank you in advance!
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/99f968cb-8093-446b-b475-2966ad4adf37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to solve this alert? Notification condition [NO_MASTER] has been fixed.

2017-02-02 Thread Jochen Schalanda 
Hi Aitor,

please post the logs of your Graylog node, your Graylog configuration 
(including JVM settings), and some details about the hardware of the 
machine running Graylog.

Cheers,
Jochen

On Thursday, 2 February 2017 07:57:34 UTC+1, Aitor Mendoza wrote:
>
> Hello,
>
> Since I configured my Graylog server sometimes appears this alert: 
> *Notification condition [NO_MASTER] has been fixed.*
> I have *one Graylog server* with *two ElasticSearch nodes*. I already 
> check the server.conf to verify that is_master is correct.
>
> Yesterday I found that it could also be because I did not have 
> synchronized time (I always had it correctly), but I also installed NTP and 
> configured the 3 hosts with the same NTP servers configuration.
> But it seems that the warning still appears ...
>
> I appreciate any help, thank you in advance!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9b4d51c2-7172-4920-a0b0-da95742336f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.