[graylog2] graylog collector sidecar and winloigbeat language issue

[Daniel Kamiński]

Hi
I'm collecting logs from Windows Serwer 2012 R2 using graylog collector 
sidecar with winlogbeat, and I have issues with logs language. The system 
was installed as Polish (my language) but later we changed language to 
English, now everything is in English except messages sent by winlogbeat 
run by collector (which is run as a service), those are in Polish. *BUT *if 
I run winlogbeat *manually from the cmd* shell with the same config 
messages I collect *are in English*.

*TL;DR: *winlogbeat run by collector sends event log messages in Polish, 
winlogbeats run by hand sends messages in English (*desired*)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/950928d6-dd3b-4596-912b-afa64f1c213d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog Collector Sidecar Analysis

[Marvin Popyk]

Thanks Marius, that seemed to do that trick.

On Wednesday, November 30, 2016 at 4:34:10 AM UTC-5, Marius Sturm wrote:
>
> Hi Marvin, 
> the tags are used to define which configuration should be applied to a 
> host. So it's up to you to add the tag to the collector_sidecar.yml 
> file. Afterwards it should detect the change in the web interface. If 
> you want to distinguish between the two inputs at search time you can 
> use the filename for it or add a custome field. 
>
> Cheers, 
> Marius 
>
> On 29 November 2016 at 21:01, Marvin Popyk  > wrote: 
> > Hello, 
> > 
> > We are testing graylog to see if it fits our needs for a centralized 
> logging 
> > system.  We've installed and setup graylog and we wanted to be able to 
> > import specific log files to graylog.  We read that graylog collector 
> > sidecar is an option.  We have setup a new beats input and tested an 
> apache 
> > collection recommended by the graylog instructions.  That worked like a 
> > charm.  We setup a new collection to import authentication logs 
> > (/var/log/auth.log) but it seems like the host that has sidecar 
> installed is 
> > not getting the updates for the 2nd configuration and is not pushing the 
> > auth log to graylog. 
> > 
> > 1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and 
> i 
> > noticed the tags aren't updated with the new configuration tag 
> > 2. I also looked in 
> /etc/graylog/collector-sidecar/generated/filebeat.yml 
> > and noticed the input_type doesn't match the new configuration file 
> type.  I 
> > changed it to auth instead of log. 
> > 
> > However, if i edit these 2 yml files with the correct information, 
> graylog 
> > with start pulling authentication logs. BUT, it will still say the input 
> > type is LOG instead of AUTH. 
> > 
> > Not sure why the host isn't getting the configuration updates of the 2nd 
> > configuration for the authentication logs.  I've restarted the service 
> and 
> > that didn't work. 
> > 
> > Also, would you recommend using NXLog instead of Beats? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>
>
> -- 
> Developer 
>
> Tel.: +49 (0)40 609 452 077 
> Fax.: +49 (0)40 609 452 078 
>
> TORCH GmbH - A Graylog Company 
> Poolstraße 21 
> 20335 Hamburg 
> Germany 
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 
> Geschäftsführer: Lennart Koopmann (CEO) 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3c8a8050-37e7-4b87-bf3b-98ef76e3fc29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog Collector Sidecar Analysis

[Marius Sturm]

Hi Marvin,
the tags are used to define which configuration should be applied to a
host. So it's up to you to add the tag to the collector_sidecar.yml
file. Afterwards it should detect the change in the web interface. If
you want to distinguish between the two inputs at search time you can
use the filename for it or add a custome field.

Cheers,
Marius

On 29 November 2016 at 21:01, Marvin Popyk  wrote:
> Hello,
>
> We are testing graylog to see if it fits our needs for a centralized logging
> system.  We've installed and setup graylog and we wanted to be able to
> import specific log files to graylog.  We read that graylog collector
> sidecar is an option.  We have setup a new beats input and tested an apache
> collection recommended by the graylog instructions.  That worked like a
> charm.  We setup a new collection to import authentication logs
> (/var/log/auth.log) but it seems like the host that has sidecar installed is
> not getting the updates for the 2nd configuration and is not pushing the
> auth log to graylog.
>
> 1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and i
> noticed the tags aren't updated with the new configuration tag
> 2. I also looked in /etc/graylog/collector-sidecar/generated/filebeat.yml
> and noticed the input_type doesn't match the new configuration file type.  I
> changed it to auth instead of log.
>
> However, if i edit these 2 yml files with the correct information, graylog
> with start pulling authentication logs. BUT, it will still say the input
> type is LOG instead of AUTH.
>
> Not sure why the host isn't getting the configuration updates of the 2nd
> configuration for the authentication logs.  I've restarted the service and
> that didn't work.
>
> Also, would you recommend using NXLog instead of Beats?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbJuS%3Dc4CW2h%2BP4EQs9Ls8pmjBrY4SKC%3DmarX%3DyHbAi4%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Collector Sidecar Analysis

[Marvin Popyk]

Hello,

We are testing graylog to see if it fits our needs for a centralized 
logging system.  We've installed and setup graylog and we wanted to be able 
to import specific log files to graylog.  We read that graylog collector 
sidecar is an option.  We have setup a new beats input and tested an apache 
collection recommended by the graylog instructions.  That worked like a 
charm.  We setup a new collection to import authentication logs 
(/var/log/auth.log) but it seems like the host that has sidecar installed 
is not getting the updates for the 2nd configuration and is not pushing the 
auth log to graylog.

1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and i 
noticed the tags aren't updated with the new configuration tag
2. I also looked in /etc/graylog/collector-sidecar/generated/filebeat.yml 
and noticed the input_type doesn't match the new configuration file type. 
 I changed it to auth instead of log. 

However, if i edit these 2 yml files with the correct information, graylog 
with start pulling authentication logs. BUT, it will still say the input 
type is LOG instead of AUTH.  

Not sure why the host isn't getting the configuration updates of the 2nd 
configuration for the authentication logs.  I've restarted the service and 
that didn't work.

Also, would you recommend using NXLog instead of Beats?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog-collector-sidecar on RHEL 5.6 Segmentation fault

[tommy yang]

Hi everyone,

I try to add collector-sidecar as a system service on RHEL 5.4 and 5.6.
It works on RHEL 5.4, but failed on RHEL 5.6.

The error message is "Segmentation fault"
kernel: graylog-collect[25418]: segfault at  rip 
7fff3c8e8767 rsp 7fff3c8216e0 error 4

Any suggestion ?

Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/55f70574-1211-4161-a1d2-917e4845f352%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector (depricated) for graylog 2.0 connecting issues

[sam]

Hi All,

I installed graylog collector 0.5.0 version in client machine to send logs 
to my graylog server (2.0) version. When I start collector I see below 
errors. CAn anyone let me know where am I going wrong please.. !


2016-08-16T00:51:04.579-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: BufferProcessor [RUNNING]
2016-08-16T00:51:04.579-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: FileObserver [RUNNING]
2016-08-16T00:51:04.579-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: MemoryReporterService [RUNNING]
2016-08-16T00:51:04.579-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: MetricService [RUNNING]
2016-08-16T00:51:04.580-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: StdoutOutput{inputs='', id='console'}
2016-08-16T00:51:04.580-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: HeartbeatService [RUNNING]
2016-08-16T00:51:04.581-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: GelfOutput{client-send-buffer-size='-1', port='12201', inputs='', 
host='162.20.100.27', client-reconnect-delay='1000', 
client-tcp-no-delay='true', id='graylog-server', client-queue-size='512', 
client-connect-timeout='5000'}
2016-08-16T00:51:04.582-0400 INFO  [main] cli.commands.Run - Service 
RUNNING: FileInput{outputs='', content-splitter='NEWLINE', charset='UTF-8', 
message-fields='MessageFields{}', reader-buffer-size='102400', 
reader-interval='100', id='syslog', 
path-set='SinglePathSet{path=/var/log/jenkins/jenkins.log}'}
2016-08-16T00:51:09.557-0400 ERROR [gelfTcpTransport-1-1] 
gelfclient.transport.GelfTcpTransport - Connection failed: connection timed 
out: /162.20.100.27:12201
2016-08-16T00:51:15.562-0400 ERROR [gelfTcpTransport-1-1] 
gelfclient.transport.GelfTcpTransport - Connection failed: connection timed 
out: /162.20.100.27:12201
2016-08-16T00:51:19.310-0400 WARN  [HeartbeatService RUNNING] 
collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog 
server: SocketTimeoutException: connect timed out
2016-08-16T00:51:21.568-0400 ERROR [gelfTcpTransport-1-1] 
gelfclient.transport.GelfTcpTransport - Connection failed: connection timed 
out: /162.20.100.27:12201


My collector.conf file: 

server-url = "http://162.20.100.27:12900/;

collector-id = "file:/etc/graylog/collector/collector-id"

inputs {
  syslog {
type = "file"
path = "/var/log/jenkins/jenkins.log"
  }
}

outputs {
  graylog-server {
type = "gelf"
host = "162.20.100.27"
port = 12201
  }

// Prints all messages to STDOUT. Useful for debugging. Do not enable in 
production usage!
   console {
  type = "stdout"
}
}
~


Graylog server GELF TCP :



   - bind_address:
   0.0.0.0
   - max_message_size:
   2097152
   - override_source:
   **
   - port:
   12201
   - recv_buffer_size:
   1048576
   - tcp_keepalive:
   false
   - tls_cert_file:
   **
   - tls_client_auth:
   disabled
   - tls_client_auth_cert_file:
   **
   - tls_enable:
   false
   - tls_key_file:
   admin
   - tls_key_password:
   
   - use_null_delimiter:
   true
   

Thank you 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7004b479-236c-4284-b877-5e3c7c3d88f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector for linux x86_64 - graylog 2.0

[sam]

Hi All,


Can you let me know where can i find the collector for linux redhat 
graylog2.0 version?




Thank you 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c2ed832f-902f-4ee8-a34a-a9aca385f146%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] graylog-collector-sidecar issue

[Marius Sturm]

Dont forget to set the 'apache' tag on the top of the page and press
'Update tags'

On 25 July 2016 at 17:15, Marius Sturm  wrote:

> The defaults are pretty fine for a first test. Create a NXLog Gelf output
> with the IP and port of your Graylog's Gelf Input (typically Graylog's
> server IP and port 12201). Then create a NXLog file input and connect it
> with the output from above by setting the 'Forward to' drop-down. Set the
> right path to the Apache log file. That should be it.
>
> Marius
>
> On 25 July 2016 at 17:09, Tony  wrote:
>
>> Thank you Marius, as I am very newbie on the system can you please, write
>> me the correct GUI entries to configure it?
>> Thanks a lot
>>
>> Tony
>>
>> 2016-07-25 15:46 GMT+01:00 Marius Sturm :
>>
>>> Hi Tony,
>>> you have to create a configuration for the sidecar first. Go to 'Manage
>>> configurations' on the collectors page and set up the needed inputs and
>>> outputs of your nxlog instance.
>>>
>>> Cheers,
>>> Marius
>>>
>>>
>>> On 25 July 2016 at 15:56, Tony  wrote:
>>>
 Hello everybody,
 I would like to send my apache2 log files from a remote server to
 graylog server. Actually I using graylog-collector-sidecar on Debian 7 and
 my configuration files are:

 collectoe_sidecar.yaml---
 erver_url: http://10.5.10.242:12900
 node_id: graylog-collector-sidecar-nagios
 collector_id: file:/etc/graylog/collector-sidecar/collector-id
 log_rotation_time: 86400
 log_max_age: 86400
 tags: apache
 update_interval: 10
 log_path: /var/log/graylog/collector-sidecar
 backends:
 - name: nxlog
   enabled: true
   binary_path: /usr/bin/nxlog
   configuration_path:
 /etc/graylog/collector-sidecar/generated/nxlog.conf
 
 ---nxlog.conf---
 User nxlog
 Group nxlog
 Moduledir /usr/lib/nxlog/modules
 CacheDir /var/spool/collector-sidecar/nxlog
 PidFile /var/run/graylog/collector-sidecar/nxlog.pid
 define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
 LogFile %LOGFILE%
 LogLevel INFO

 
 Module  xm_fileop
 
 When@daily
 Execfile_cycle('%LOGFILE%', 7);
  
 
 ---
 This is the tree output
 /etc/graylog/collector-sidecar$ tree
 .
 ├── collector-id
 ├── collector_sidecar.yml
 └── generated
 └── nxlog.conf

 So now when I try to do graylog-collector-sidecar -c
 /etc/graylog/collector-sidecar/collector_sidecar.yml
 I got this
 INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532
 INFO[] Fetching configurations tagged by: [apache]
 INFO[] Starting collector supervisor
 INFO[] [nxlog] Starting
 INFO[0010] [RequestConfiguration] No configuration found for configured
 tags!
 INFO[0020] [RequestConfiguration] No configuration found for configured
 tags!
 INFO[0030] [RequestConfiguration] No configuration found for configured
 tags!

 But I see the instance in collectors in graylog server.

 Any idea how to fix it?

 Thanks in advance

 Tony

 --
 You received this message because you are subscribed to the Google
 Groups "Graylog Users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to graylog2+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> --
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com 
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Graylog Users" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/graylog2/ZGYlNd2IrO8/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> graylog2+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bc3NvQ0ZKa%2BFJhQJp9tSopmq0E0MGpJsS4n%3D51wRKM6Q%40mail.gmail.com
>>> 

Re: [graylog2] graylog-collector-sidecar issue

[Marius Sturm]

The defaults are pretty fine for a first test. Create a NXLog Gelf output
with the IP and port of your Graylog's Gelf Input (typically Graylog's
server IP and port 12201). Then create a NXLog file input and connect it
with the output from above by setting the 'Forward to' drop-down. Set the
right path to the Apache log file. That should be it.

Marius

On 25 July 2016 at 17:09, Tony  wrote:

> Thank you Marius, as I am very newbie on the system can you please, write
> me the correct GUI entries to configure it?
> Thanks a lot
>
> Tony
>
> 2016-07-25 15:46 GMT+01:00 Marius Sturm :
>
>> Hi Tony,
>> you have to create a configuration for the sidecar first. Go to 'Manage
>> configurations' on the collectors page and set up the needed inputs and
>> outputs of your nxlog instance.
>>
>> Cheers,
>> Marius
>>
>>
>> On 25 July 2016 at 15:56, Tony  wrote:
>>
>>> Hello everybody,
>>> I would like to send my apache2 log files from a remote server to
>>> graylog server. Actually I using graylog-collector-sidecar on Debian 7 and
>>> my configuration files are:
>>>
>>> collectoe_sidecar.yaml---
>>> erver_url: http://10.5.10.242:12900
>>> node_id: graylog-collector-sidecar-nagios
>>> collector_id: file:/etc/graylog/collector-sidecar/collector-id
>>> log_rotation_time: 86400
>>> log_max_age: 86400
>>> tags: apache
>>> update_interval: 10
>>> log_path: /var/log/graylog/collector-sidecar
>>> backends:
>>> - name: nxlog
>>>   enabled: true
>>>   binary_path: /usr/bin/nxlog
>>>   configuration_path:
>>> /etc/graylog/collector-sidecar/generated/nxlog.conf
>>> 
>>> ---nxlog.conf---
>>> User nxlog
>>> Group nxlog
>>> Moduledir /usr/lib/nxlog/modules
>>> CacheDir /var/spool/collector-sidecar/nxlog
>>> PidFile /var/run/graylog/collector-sidecar/nxlog.pid
>>> define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
>>> LogFile %LOGFILE%
>>> LogLevel INFO
>>>
>>> 
>>> Module  xm_fileop
>>> 
>>> When@daily
>>> Execfile_cycle('%LOGFILE%', 7);
>>>  
>>> 
>>> ---
>>> This is the tree output
>>> /etc/graylog/collector-sidecar$ tree
>>> .
>>> ├── collector-id
>>> ├── collector_sidecar.yml
>>> └── generated
>>> └── nxlog.conf
>>>
>>> So now when I try to do graylog-collector-sidecar -c
>>> /etc/graylog/collector-sidecar/collector_sidecar.yml
>>> I got this
>>> INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532
>>> INFO[] Fetching configurations tagged by: [apache]
>>> INFO[] Starting collector supervisor
>>> INFO[] [nxlog] Starting
>>> INFO[0010] [RequestConfiguration] No configuration found for configured
>>> tags!
>>> INFO[0020] [RequestConfiguration] No configuration found for configured
>>> tags!
>>> INFO[0030] [RequestConfiguration] No configuration found for configured
>>> tags!
>>>
>>> But I see the instance in collectors in graylog server.
>>>
>>> Any idea how to fix it?
>>>
>>> Thanks in advance
>>>
>>> Tony
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to graylog2+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Developer
>>
>> Tel.: +49 (0)40 609 452 077
>> Fax.: +49 (0)40 609 452 078
>>
>> TORCH GmbH - A Graylog Company
>> Poolstraße 21
>> 20335 Hamburg
>> Germany
>>
>> https://www.graylog.com 
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>> Geschäftsführer: Lennart Koopmann (CEO)
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Graylog Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/graylog2/ZGYlNd2IrO8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bc3NvQ0ZKa%2BFJhQJp9tSopmq0E0MGpJsS4n%3D51wRKM6Q%40mail.gmail.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from 

Re: [graylog2] graylog-collector-sidecar issue

[Marius Sturm]

Hi Tony,
you have to create a configuration for the sidecar first. Go to 'Manage
configurations' on the collectors page and set up the needed inputs and
outputs of your nxlog instance.

Cheers,
Marius


On 25 July 2016 at 15:56, Tony  wrote:

> Hello everybody,
> I would like to send my apache2 log files from a remote server to graylog
> server. Actually I using graylog-collector-sidecar on Debian 7 and my
> configuration files are:
>
> collectoe_sidecar.yaml---
> erver_url: http://10.5.10.242:12900
> node_id: graylog-collector-sidecar-nagios
> collector_id: file:/etc/graylog/collector-sidecar/collector-id
> log_rotation_time: 86400
> log_max_age: 86400
> tags: apache
> update_interval: 10
> log_path: /var/log/graylog/collector-sidecar
> backends:
> - name: nxlog
>   enabled: true
>   binary_path: /usr/bin/nxlog
>   configuration_path:
> /etc/graylog/collector-sidecar/generated/nxlog.conf
> 
> ---nxlog.conf---
> User nxlog
> Group nxlog
> Moduledir /usr/lib/nxlog/modules
> CacheDir /var/spool/collector-sidecar/nxlog
> PidFile /var/run/graylog/collector-sidecar/nxlog.pid
> define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
> LogFile %LOGFILE%
> LogLevel INFO
>
> 
> Module  xm_fileop
> 
> When@daily
> Execfile_cycle('%LOGFILE%', 7);
>  
> 
> ---
> This is the tree output
> /etc/graylog/collector-sidecar$ tree
> .
> ├── collector-id
> ├── collector_sidecar.yml
> └── generated
> └── nxlog.conf
>
> So now when I try to do graylog-collector-sidecar -c
> /etc/graylog/collector-sidecar/collector_sidecar.yml
> I got this
> INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532
> INFO[] Fetching configurations tagged by: [apache]
> INFO[] Starting collector supervisor
> INFO[] [nxlog] Starting
> INFO[0010] [RequestConfiguration] No configuration found for configured
> tags!
> INFO[0020] [RequestConfiguration] No configuration found for configured
> tags!
> INFO[0030] [RequestConfiguration] No configuration found for configured
> tags!
>
> But I see the instance in collectors in graylog server.
>
> Any idea how to fix it?
>
> Thanks in advance
>
> Tony
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bc3NvQ0ZKa%2BFJhQJp9tSopmq0E0MGpJsS4n%3D51wRKM6Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog-collector-sidecar issue

[Tony]

Hello everybody,
I would like to send my apache2 log files from a remote server to graylog 
server. Actually I using graylog-collector-sidecar on Debian 7 and my 
configuration files are:

collectoe_sidecar.yaml---
erver_url: http://10.5.10.242:12900
node_id: graylog-collector-sidecar-nagios
collector_id: file:/etc/graylog/collector-sidecar/collector-id
log_rotation_time: 86400
log_max_age: 86400
tags: apache
update_interval: 10
log_path: /var/log/graylog/collector-sidecar
backends:
- name: nxlog
  enabled: true
  binary_path: /usr/bin/nxlog
  configuration_path: 
/etc/graylog/collector-sidecar/generated/nxlog.conf

---nxlog.conf---
User nxlog
Group nxlog
Moduledir /usr/lib/nxlog/modules
CacheDir /var/spool/collector-sidecar/nxlog
PidFile /var/run/graylog/collector-sidecar/nxlog.pid
define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
LogFile %LOGFILE%
LogLevel INFO


Module  xm_fileop

When@daily
Execfile_cycle('%LOGFILE%', 7);
 

---
This is the tree output
/etc/graylog/collector-sidecar$ tree
.
├── collector-id
├── collector_sidecar.yml
└── generated
└── nxlog.conf

So now when I try to do graylog-collector-sidecar -c 
/etc/graylog/collector-sidecar/collector_sidecar.yml
I got this
INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532 
INFO[] Fetching configurations tagged by: [apache]  
INFO[] Starting collector supervisor
INFO[] [nxlog] Starting 
INFO[0010] [RequestConfiguration] No configuration found for configured 
tags! 
INFO[0020] [RequestConfiguration] No configuration found for configured 
tags! 
INFO[0030] [RequestConfiguration] No configuration found for configured 
tags! 

But I see the instance in collectors in graylog server.

Any idea how to fix it?

Thanks in advance

Tony

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog-collector not working on ubuntu 14.04.4

[dasitha]

I have installed the graylog on one server and start with the hello world 
kind of thing. But still server is not starting.

This is what i used.

server-url = "http://10.240.0.4:12900/;

inputs {
  syslog {
type = "file"
path = "/var/log/syslog"
  }
}

outputs {
  graylog-server {
type = "gelf"
host = "10.240.0.4"
port = 12900
  }
}

I started the server using sudo start graylog-collector. According to my 
undestanding server should run on port 12900. But when i checked using netstat 
-tulpn it want shows the listening port. Please assist me on this.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cfed3858-3f1c-451c-9779-6baefde5fb49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Kev Johnson]

Wireshark on the test server shows no packets being sent other than the 
TCP12900 poll too, so we can be reasonably happy that there's nothing on 
the network eating them.

Config file has updated based on the snippet that I've added, but it's 
almost as if the nxlog process is running without a config file at all. If 
I edit the nxlog.conf file in the nxlog install directory to use the same 
criteria as the deployed nxlog.conf (other than the output name) and 
reinstall then start the nxlog service I see traffic as expected.


In conclusion then: it looks like while there is an nxlog.conf file 
deployed to the collector machine and the nxlog process is running this 
process doesn't seem to be leveraging the nxlog.conf file. Any ideas as to 
how I could further troubleshoot this? We know that the contents of the 
config are good, we know that there's no firewall interfering, we know that 
the collector sidecar service is running, and it's called the nxlog process.


On Friday, 8 July 2016 10:19:52 UTC+1, Kev Johnson wrote:
>
> Ok - so I've built a clean Windows Server 2012 R2, disabled the firewall 
> and run through the same process with the same result - the only traffic 
> back to the Graylog server is the tcp 12900 poll from the collector - I've 
> tried logging out/in and rebooting the server which all *should* generate 
> some log data. At this point I'm reasonably happy that it's not McAfee 
> causing the issue.
>
> Next port of call is going to be adding some snippets from NXlog.conf 
> files that I know work, let's see if that makes any difference!
>
> On Friday, 8 July 2016 07:03:27 UTC+1, Kev Johnson wrote:
>>
>> Thanks Marius - I'll give that a go today. Thanks for sense checking my 
>> config and confirming I've not done anything silly!
>>
>> On Thursday, 7 July 2016 22:30:29 UTC+1, Marius Sturm wrote:
>>>
>>> Yeah, sounds possible to me. All configurations look correct. So some 
>>> Windows firewall might be the root cause. Maybe you can try with a test 
>>> host with all firewalls disabled.
>>>
>>> On 7 July 2016 at 20:38, Kev Johnson  wrote:
>>>

 
 Does this help? Given that we're getting nothing but the Sidecar 
 checking traffic back from the servers I'm still leaning toward this being 
 an issue on the server rather than on the Graylog side. Any known issues 
 with McAfee VirusScan Enterprise (beyond the obvious!) - I can't remove 
 it, 
 but if I need to tweak it some I probably can. Not 100% certain that this 
 would be the case though, as if I just use NXlog to send syslog all works 
 fine.

 On Thursday, 7 July 2016 19:27:47 UTC+1, Marius Sturm wrote:
>
> The generated config looks fine, maybe a screenshot of the Graylog 
> input puts some light on this?
>
> On 7 July 2016 at 19:50, Kev Johnson  wrote:
>
>> Thanks Marius - I've double checked the input port (and that it's 
>> running!), but even if it were a mismatch I'd expect tcpdump to show the 
>> packets hitting the interface. I suspect that this has to be down to the 
>> generated config, so I'm pasting the contents of one of the servers' 
>> configs below - I'm afraid that I'm not really sure how I would 
>> troubleshoot that, so I'm happy to be told that I've done something 
>> stupid!
>>
>> define ROOT C:\Program Files (x86)\nxlog
>>>
>>>
 
>>>
>>>   Module xm_gelf
>>>
>>> 
>>>
>>>



 
>>>
>>> Module im_msvistalog
>>>
>>> PollInterval 10
>>>
>>> SavePos True
>>>
>>> ReadFromLast True
>>>
>>> 
>>>
>>>


 
>>>
>>> Module om_udp
>>>
>>> Host 192.168.21.12
>>>
>>> Port 5414
>>>
>>> OutputType  GELF
>>>
>>> Exec $short_message = $raw_event; # Avoids truncation of the 
 short_message field.
>>>
>>> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';
>>>
>>> Exec $Hostname = hostname_fqdn();
>>>
>>> 
>>>
>>>


 
>>>
>>>   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3
>>>
>>> 
>>>
>>>


>> On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:
>>>
>>> Hi,
>>> you could check if the Gelf port on the Graylog side is exactly the 
>>> same as on the Nxlog sender side, usually 12201. Go to System->Inputs 
>>> (the 
>>> input should have a green badge 'running') verify the port number with 
>>> the 
>>> one you configured for nxlog in the collector configuration.
>>> Another thing, Windows is not sending logs all the time so maybe you 
>>> just need to create an 

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Kev Johnson]

Ok - so I've built a clean Windows Server 2012 R2, disabled the firewall 
and run through the same process with the same result - the only traffic 
back to the Graylog server is the tcp 12900 poll from the collector - I've 
tried logging out/in and rebooting the server which all *should* generate 
some log data. At this point I'm reasonably happy that it's not McAfee 
causing the issue.

Next port of call is going to be adding some snippets from NXlog.conf files 
that I know work, let's see if that makes any difference!

On Friday, 8 July 2016 07:03:27 UTC+1, Kev Johnson wrote:
>
> Thanks Marius - I'll give that a go today. Thanks for sense checking my 
> config and confirming I've not done anything silly!
>
> On Thursday, 7 July 2016 22:30:29 UTC+1, Marius Sturm wrote:
>>
>> Yeah, sounds possible to me. All configurations look correct. So some 
>> Windows firewall might be the root cause. Maybe you can try with a test 
>> host with all firewalls disabled.
>>
>> On 7 July 2016 at 20:38, Kev Johnson  wrote:
>>
>>>
>>> 
>>> Does this help? Given that we're getting nothing but the Sidecar 
>>> checking traffic back from the servers I'm still leaning toward this being 
>>> an issue on the server rather than on the Graylog side. Any known issues 
>>> with McAfee VirusScan Enterprise (beyond the obvious!) - I can't remove it, 
>>> but if I need to tweak it some I probably can. Not 100% certain that this 
>>> would be the case though, as if I just use NXlog to send syslog all works 
>>> fine.
>>>
>>> On Thursday, 7 July 2016 19:27:47 UTC+1, Marius Sturm wrote:

 The generated config looks fine, maybe a screenshot of the Graylog 
 input puts some light on this?

 On 7 July 2016 at 19:50, Kev Johnson  wrote:

> Thanks Marius - I've double checked the input port (and that it's 
> running!), but even if it were a mismatch I'd expect tcpdump to show the 
> packets hitting the interface. I suspect that this has to be down to the 
> generated config, so I'm pasting the contents of one of the servers' 
> configs below - I'm afraid that I'm not really sure how I would 
> troubleshoot that, so I'm happy to be told that I've done something 
> stupid!
>
> define ROOT C:\Program Files (x86)\nxlog
>>
>>
>>> 
>>
>>   Module xm_gelf
>>
>> 
>>
>>
>>>
>>>
>>>
>>> 
>>
>> Module im_msvistalog
>>
>> PollInterval 10
>>
>> SavePos True
>>
>> ReadFromLast True
>>
>> 
>>
>>
>>>
>>>
>>> 
>>
>> Module om_udp
>>
>> Host 192.168.21.12
>>
>> Port 5414
>>
>> OutputType  GELF
>>
>> Exec $short_message = $raw_event; # Avoids truncation of the 
>>> short_message field.
>>
>> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';
>>
>> Exec $Hostname = hostname_fqdn();
>>
>> 
>>
>>
>>>
>>>
>>> 
>>
>>   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3
>>
>> 
>>
>>
>>>
>>>
> On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:
>>
>> Hi,
>> you could check if the Gelf port on the Graylog side is exactly the 
>> same as on the Nxlog sender side, usually 12201. Go to System->Inputs 
>> (the 
>> input should have a green badge 'running') verify the port number with 
>> the 
>> one you configured for nxlog in the collector configuration.
>> Another thing, Windows is not sending logs all the time so maybe you 
>> just need to create an event that is triggering a log e.g. opening the 
>> control panel?
>>
>> If that doesn't help please post the generated nxlog configuration, 
>> maybe there is something obvious.
>>
>> On 7 July 2016 at 18:11, Kev Johnson  wrote:
>>
>>> Firstly: I love the idea of being able to push out updated 
>>> configuration files to my collectors. That said: I'm having issues 
>>> getting 
>>> logs to my Graylog box (deployed from the OVA)
>>>
>>> Steps taken so far are as follows
>>>
>>>
>>>- Installed NXlogCE
>>>- Uninstalled the NXlog service
>>>- Installed the Graylog Collector Sidecar
>>>- Edited the sidecar_collector.yml file to point to my Graylog 
>>>server, and remove the reference to IIS
>>>- Installed the Graylog Collector Sidecar service
>>>- Started the Graylog Collector Sidecar service
>>>- Created a configuration (Windows Logs, ship to the UDP GELF 
>>>Input defined on my Graylog box)
>>>- Created a tag called Windows and applied it to this 
>>>configuration
>>>
>>>
>>> I 

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Kev Johnson]

Thanks Marius - I'll give that a go today. Thanks for sense checking my 
config and confirming I've not done anything silly!

On Thursday, 7 July 2016 22:30:29 UTC+1, Marius Sturm wrote:
>
> Yeah, sounds possible to me. All configurations look correct. So some 
> Windows firewall might be the root cause. Maybe you can try with a test 
> host with all firewalls disabled.
>
> On 7 July 2016 at 20:38, Kev Johnson  > wrote:
>
>>
>> 
>> Does this help? Given that we're getting nothing but the Sidecar checking 
>> traffic back from the servers I'm still leaning toward this being an issue 
>> on the server rather than on the Graylog side. Any known issues with McAfee 
>> VirusScan Enterprise (beyond the obvious!) - I can't remove it, but if I 
>> need to tweak it some I probably can. Not 100% certain that this would be 
>> the case though, as if I just use NXlog to send syslog all works fine.
>>
>> On Thursday, 7 July 2016 19:27:47 UTC+1, Marius Sturm wrote:
>>>
>>> The generated config looks fine, maybe a screenshot of the Graylog input 
>>> puts some light on this?
>>>
>>> On 7 July 2016 at 19:50, Kev Johnson  wrote:
>>>
 Thanks Marius - I've double checked the input port (and that it's 
 running!), but even if it were a mismatch I'd expect tcpdump to show the 
 packets hitting the interface. I suspect that this has to be down to the 
 generated config, so I'm pasting the contents of one of the servers' 
 configs below - I'm afraid that I'm not really sure how I would 
 troubleshoot that, so I'm happy to be told that I've done something stupid!

 define ROOT C:\Program Files (x86)\nxlog
>
>
>> 
>
>   Module xm_gelf
>
> 
>
>
>>
>>
>>
>> 
>
> Module im_msvistalog
>
> PollInterval 10
>
> SavePos True
>
> ReadFromLast True
>
> 
>
>
>>
>>
>> 
>
> Module om_udp
>
> Host 192.168.21.12
>
> Port 5414
>
> OutputType  GELF
>
> Exec $short_message = $raw_event; # Avoids truncation of the 
>> short_message field.
>
> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';
>
> Exec $Hostname = hostname_fqdn();
>
> 
>
>
>>
>>
>> 
>
>   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3
>
> 
>
>
>>
>>
 On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:
>
> Hi,
> you could check if the Gelf port on the Graylog side is exactly the 
> same as on the Nxlog sender side, usually 12201. Go to System->Inputs 
> (the 
> input should have a green badge 'running') verify the port number with 
> the 
> one you configured for nxlog in the collector configuration.
> Another thing, Windows is not sending logs all the time so maybe you 
> just need to create an event that is triggering a log e.g. opening the 
> control panel?
>
> If that doesn't help please post the generated nxlog configuration, 
> maybe there is something obvious.
>
> On 7 July 2016 at 18:11, Kev Johnson  wrote:
>
>> Firstly: I love the idea of being able to push out updated 
>> configuration files to my collectors. That said: I'm having issues 
>> getting 
>> logs to my Graylog box (deployed from the OVA)
>>
>> Steps taken so far are as follows
>>
>>
>>- Installed NXlogCE
>>- Uninstalled the NXlog service
>>- Installed the Graylog Collector Sidecar
>>- Edited the sidecar_collector.yml file to point to my Graylog 
>>server, and remove the reference to IIS
>>- Installed the Graylog Collector Sidecar service
>>- Started the Graylog Collector Sidecar service
>>- Created a configuration (Windows Logs, ship to the UDP GELF 
>>Input defined on my Graylog box)
>>- Created a tag called Windows and applied it to this 
>>configuration
>>
>>
>> I see the nxlog.conf get created on the Windows server, I see 
>> nxlog.exe start up on server, but nothing is sent. TCPDump on the 
>> Graylog 
>> server shows only the TCP connections in on port 12900 from the Windows 
>> server.
>>
>> Any advice on troubleshooting this would be much appreciated!
>>
>> -- 
>> You received this message because you are subscribed to the Google 
>> Groups "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, 
>> send an email to graylog2+u...@googlegroups.com.
>> To view this discussion on the web visit 
>> 

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Marius Sturm]

Yeah, sounds possible to me. All configurations look correct. So some
Windows firewall might be the root cause. Maybe you can try with a test
host with all firewalls disabled.

On 7 July 2016 at 20:38, Kev Johnson  wrote:

>
> 
> Does this help? Given that we're getting nothing but the Sidecar checking
> traffic back from the servers I'm still leaning toward this being an issue
> on the server rather than on the Graylog side. Any known issues with McAfee
> VirusScan Enterprise (beyond the obvious!) - I can't remove it, but if I
> need to tweak it some I probably can. Not 100% certain that this would be
> the case though, as if I just use NXlog to send syslog all works fine.
>
> On Thursday, 7 July 2016 19:27:47 UTC+1, Marius Sturm wrote:
>>
>> The generated config looks fine, maybe a screenshot of the Graylog input
>> puts some light on this?
>>
>> On 7 July 2016 at 19:50, Kev Johnson  wrote:
>>
>>> Thanks Marius - I've double checked the input port (and that it's
>>> running!), but even if it were a mismatch I'd expect tcpdump to show the
>>> packets hitting the interface. I suspect that this has to be down to the
>>> generated config, so I'm pasting the contents of one of the servers'
>>> configs below - I'm afraid that I'm not really sure how I would
>>> troubleshoot that, so I'm happy to be told that I've done something stupid!
>>>
>>> define ROOT C:\Program Files (x86)\nxlog


> 

   Module xm_gelf

 


>
>
>
> 

 Module im_msvistalog

 PollInterval 10

 SavePos True

 ReadFromLast True

 


>
>
> 

 Module om_udp

 Host 192.168.21.12

 Port 5414

 OutputType  GELF

 Exec $short_message = $raw_event; # Avoids truncation of the
> short_message field.

 Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';

 Exec $Hostname = hostname_fqdn();

 


>
>
> 

   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3

 


>
>
>>> On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:

 Hi,
 you could check if the Gelf port on the Graylog side is exactly the
 same as on the Nxlog sender side, usually 12201. Go to System->Inputs (the
 input should have a green badge 'running') verify the port number with the
 one you configured for nxlog in the collector configuration.
 Another thing, Windows is not sending logs all the time so maybe you
 just need to create an event that is triggering a log e.g. opening the
 control panel?

 If that doesn't help please post the generated nxlog configuration,
 maybe there is something obvious.

 On 7 July 2016 at 18:11, Kev Johnson  wrote:

> Firstly: I love the idea of being able to push out updated
> configuration files to my collectors. That said: I'm having issues getting
> logs to my Graylog box (deployed from the OVA)
>
> Steps taken so far are as follows
>
>
>- Installed NXlogCE
>- Uninstalled the NXlog service
>- Installed the Graylog Collector Sidecar
>- Edited the sidecar_collector.yml file to point to my Graylog
>server, and remove the reference to IIS
>- Installed the Graylog Collector Sidecar service
>- Started the Graylog Collector Sidecar service
>- Created a configuration (Windows Logs, ship to the UDP GELF
>Input defined on my Graylog box)
>- Created a tag called Windows and applied it to this configuration
>
>
> I see the nxlog.conf get created on the Windows server, I see
> nxlog.exe start up on server, but nothing is sent. TCPDump on the Graylog
> server shows only the TCP connections in on port 12900 from the Windows
> server.
>
> Any advice on troubleshooting this would be much appreciated!
>
> --
> You received this message because you are subscribed to the Google
> Groups "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to graylog2+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



 --
 Developer

 Tel.: +49 (0)40 609 452 077
 Fax.: +49 (0)40 609 452 078

 TORCH GmbH - A Graylog Company
 Poolstraße 21
 20335 

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Kev Johnson]

Does this help? Given that we're getting nothing but the Sidecar checking 
traffic back from the servers I'm still leaning toward this being an issue 
on the server rather than on the Graylog side. Any known issues with McAfee 
VirusScan Enterprise (beyond the obvious!) - I can't remove it, but if I 
need to tweak it some I probably can. Not 100% certain that this would be 
the case though, as if I just use NXlog to send syslog all works fine.

On Thursday, 7 July 2016 19:27:47 UTC+1, Marius Sturm wrote:
>
> The generated config looks fine, maybe a screenshot of the Graylog input 
> puts some light on this?
>
> On 7 July 2016 at 19:50, Kev Johnson  > wrote:
>
>> Thanks Marius - I've double checked the input port (and that it's 
>> running!), but even if it were a mismatch I'd expect tcpdump to show the 
>> packets hitting the interface. I suspect that this has to be down to the 
>> generated config, so I'm pasting the contents of one of the servers' 
>> configs below - I'm afraid that I'm not really sure how I would 
>> troubleshoot that, so I'm happy to be told that I've done something stupid!
>>
>> define ROOT C:\Program Files (x86)\nxlog
>>>
>>>
 
>>>
>>>   Module xm_gelf
>>>
>>> 
>>>
>>>



 
>>>
>>> Module im_msvistalog
>>>
>>> PollInterval 10
>>>
>>> SavePos True
>>>
>>> ReadFromLast True
>>>
>>> 
>>>
>>>


 
>>>
>>> Module om_udp
>>>
>>> Host 192.168.21.12
>>>
>>> Port 5414
>>>
>>> OutputType  GELF
>>>
>>> Exec $short_message = $raw_event; # Avoids truncation of the 
 short_message field.
>>>
>>> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';
>>>
>>> Exec $Hostname = hostname_fqdn();
>>>
>>> 
>>>
>>>


 
>>>
>>>   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3
>>>
>>> 
>>>
>>>


>> On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:
>>>
>>> Hi,
>>> you could check if the Gelf port on the Graylog side is exactly the same 
>>> as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input 
>>> should have a green badge 'running') verify the port number with the one 
>>> you configured for nxlog in the collector configuration.
>>> Another thing, Windows is not sending logs all the time so maybe you 
>>> just need to create an event that is triggering a log e.g. opening the 
>>> control panel?
>>>
>>> If that doesn't help please post the generated nxlog configuration, 
>>> maybe there is something obvious.
>>>
>>> On 7 July 2016 at 18:11, Kev Johnson  wrote:
>>>
 Firstly: I love the idea of being able to push out updated 
 configuration files to my collectors. That said: I'm having issues getting 
 logs to my Graylog box (deployed from the OVA)

 Steps taken so far are as follows


- Installed NXlogCE
- Uninstalled the NXlog service
- Installed the Graylog Collector Sidecar
- Edited the sidecar_collector.yml file to point to my Graylog 
server, and remove the reference to IIS
- Installed the Graylog Collector Sidecar service
- Started the Graylog Collector Sidecar service
- Created a configuration (Windows Logs, ship to the UDP GELF Input 
defined on my Graylog box)
- Created a tag called Windows and applied it to this configuration


 I see the nxlog.conf get created on the Windows server, I see nxlog.exe 
 start up on server, but nothing is sent. TCPDump on the Graylog server 
 shows only the TCP connections in on port 12900 from the Windows server.

 Any advice on troubleshooting this would be much appreciated!

 -- 
 You received this message because you are subscribed to the Google 
 Groups "Graylog Users" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to graylog2+u...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com
  
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> -- 
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com 
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving 

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Marius Sturm]

The generated config looks fine, maybe a screenshot of the Graylog input
puts some light on this?

On 7 July 2016 at 19:50, Kev Johnson  wrote:

> Thanks Marius - I've double checked the input port (and that it's
> running!), but even if it were a mismatch I'd expect tcpdump to show the
> packets hitting the interface. I suspect that this has to be down to the
> generated config, so I'm pasting the contents of one of the servers'
> configs below - I'm afraid that I'm not really sure how I would
> troubleshoot that, so I'm happy to be told that I've done something stupid!
>
> define ROOT C:\Program Files (x86)\nxlog
>>
>>
>>> 
>>
>>   Module xm_gelf
>>
>> 
>>
>>
>>>
>>>
>>>
>>> 
>>
>> Module im_msvistalog
>>
>> PollInterval 10
>>
>> SavePos True
>>
>> ReadFromLast True
>>
>> 
>>
>>
>>>
>>>
>>> 
>>
>> Module om_udp
>>
>> Host 192.168.21.12
>>
>> Port 5414
>>
>> OutputType  GELF
>>
>> Exec $short_message = $raw_event; # Avoids truncation of the
>>> short_message field.
>>
>> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';
>>
>> Exec $Hostname = hostname_fqdn();
>>
>> 
>>
>>
>>>
>>>
>>> 
>>
>>   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3
>>
>> 
>>
>>
>>>
>>>
> On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:
>>
>> Hi,
>> you could check if the Gelf port on the Graylog side is exactly the same
>> as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input
>> should have a green badge 'running') verify the port number with the one
>> you configured for nxlog in the collector configuration.
>> Another thing, Windows is not sending logs all the time so maybe you just
>> need to create an event that is triggering a log e.g. opening the control
>> panel?
>>
>> If that doesn't help please post the generated nxlog configuration, maybe
>> there is something obvious.
>>
>> On 7 July 2016 at 18:11, Kev Johnson  wrote:
>>
>>> Firstly: I love the idea of being able to push out updated configuration
>>> files to my collectors. That said: I'm having issues getting logs to my
>>> Graylog box (deployed from the OVA)
>>>
>>> Steps taken so far are as follows
>>>
>>>
>>>- Installed NXlogCE
>>>- Uninstalled the NXlog service
>>>- Installed the Graylog Collector Sidecar
>>>- Edited the sidecar_collector.yml file to point to my Graylog
>>>server, and remove the reference to IIS
>>>- Installed the Graylog Collector Sidecar service
>>>- Started the Graylog Collector Sidecar service
>>>- Created a configuration (Windows Logs, ship to the UDP GELF Input
>>>defined on my Graylog box)
>>>- Created a tag called Windows and applied it to this configuration
>>>
>>>
>>> I see the nxlog.conf get created on the Windows server, I see nxlog.exe
>>> start up on server, but nothing is sent. TCPDump on the Graylog server
>>> shows only the TCP connections in on port 12900 from the Windows server.
>>>
>>> Any advice on troubleshooting this would be much appreciated!
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to graylog2+u...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Developer
>>
>> Tel.: +49 (0)40 609 452 077
>> Fax.: +49 (0)40 609 452 078
>>
>> TORCH GmbH - A Graylog Company
>> Poolstraße 21
>> 20335 Hamburg
>> Germany
>>
>> https://www.graylog.com 
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>> Geschäftsführer: Lennart Koopmann (CEO)
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/0a3e44a6-5f60-4614-8b1c-e260c33edaec%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop 

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Kev Johnson]

Thanks Marius - I've double checked the input port (and that it's 
running!), but even if it were a mismatch I'd expect tcpdump to show the 
packets hitting the interface. I suspect that this has to be down to the 
generated config, so I'm pasting the contents of one of the servers' 
configs below - I'm afraid that I'm not really sure how I would 
troubleshoot that, so I'm happy to be told that I've done something stupid!

define ROOT C:\Program Files (x86)\nxlog
>
>
>> 
>
>   Module xm_gelf
>
> 
>
>
>>
>>
>>
>> 
>
> Module im_msvistalog
>
> PollInterval 10
>
> SavePos True
>
> ReadFromLast True
>
> 
>
>
>>
>>
>> 
>
> Module om_udp
>
> Host 192.168.21.12
>
> Port 5414
>
> OutputType  GELF
>
> Exec $short_message = $raw_event; # Avoids truncation of the short_message 
>> field.
>
> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5';
>
> Exec $Hostname = hostname_fqdn();
>
> 
>
>
>>
>>
>> 
>
>   Path 577e5a4bc745f2099c054dd5 => 577e6c75c745f2099c0561b3
>
> 
>
>
>>
>>
On Thursday, 7 July 2016 18:41:36 UTC+1, Marius Sturm wrote:
>
> Hi,
> you could check if the Gelf port on the Graylog side is exactly the same 
> as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input 
> should have a green badge 'running') verify the port number with the one 
> you configured for nxlog in the collector configuration.
> Another thing, Windows is not sending logs all the time so maybe you just 
> need to create an event that is triggering a log e.g. opening the control 
> panel?
>
> If that doesn't help please post the generated nxlog configuration, maybe 
> there is something obvious.
>
> On 7 July 2016 at 18:11, Kev Johnson  > wrote:
>
>> Firstly: I love the idea of being able to push out updated configuration 
>> files to my collectors. That said: I'm having issues getting logs to my 
>> Graylog box (deployed from the OVA)
>>
>> Steps taken so far are as follows
>>
>>
>>- Installed NXlogCE
>>- Uninstalled the NXlog service
>>- Installed the Graylog Collector Sidecar
>>- Edited the sidecar_collector.yml file to point to my Graylog 
>>server, and remove the reference to IIS
>>- Installed the Graylog Collector Sidecar service
>>- Started the Graylog Collector Sidecar service
>>- Created a configuration (Windows Logs, ship to the UDP GELF Input 
>>defined on my Graylog box)
>>- Created a tag called Windows and applied it to this configuration
>>
>>
>> I see the nxlog.conf get created on the Windows server, I see nxlog.exe 
>> start up on server, but nothing is sent. TCPDump on the Graylog server 
>> shows only the TCP connections in on port 12900 from the Windows server.
>>
>> Any advice on troubleshooting this would be much appreciated!
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0a3e44a6-5f60-4614-8b1c-e260c33edaec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

[Marius Sturm]

Hi,
you could check if the Gelf port on the Graylog side is exactly the same as
on the Nxlog sender side, usually 12201. Go to System->Inputs (the input
should have a green badge 'running') verify the port number with the one
you configured for nxlog in the collector configuration.
Another thing, Windows is not sending logs all the time so maybe you just
need to create an event that is triggering a log e.g. opening the control
panel?

If that doesn't help please post the generated nxlog configuration, maybe
there is something obvious.

On 7 July 2016 at 18:11, Kev Johnson  wrote:

> Firstly: I love the idea of being able to push out updated configuration
> files to my collectors. That said: I'm having issues getting logs to my
> Graylog box (deployed from the OVA)
>
> Steps taken so far are as follows
>
>
>- Installed NXlogCE
>- Uninstalled the NXlog service
>- Installed the Graylog Collector Sidecar
>- Edited the sidecar_collector.yml file to point to my Graylog server,
>and remove the reference to IIS
>- Installed the Graylog Collector Sidecar service
>- Started the Graylog Collector Sidecar service
>- Created a configuration (Windows Logs, ship to the UDP GELF Input
>defined on my Graylog box)
>- Created a tag called Windows and applied it to this configuration
>
>
> I see the nxlog.conf get created on the Windows server, I see nxlog.exe
> start up on server, but nothing is sent. TCPDump on the Graylog server
> shows only the TCP connections in on port 12900 from the Windows server.
>
> Any advice on troubleshooting this would be much appreciated!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbK1e1oArQZ2L710LhHZAsdt4kT6qE0UUNozdUBu48ijug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Collector Sidecar - no logs being shipped

[Kev Johnson]

Firstly: I love the idea of being able to push out updated configuration 
files to my collectors. That said: I'm having issues getting logs to my 
Graylog box (deployed from the OVA)

Steps taken so far are as follows


   - Installed NXlogCE
   - Uninstalled the NXlog service
   - Installed the Graylog Collector Sidecar
   - Edited the sidecar_collector.yml file to point to my Graylog server, 
   and remove the reference to IIS
   - Installed the Graylog Collector Sidecar service
   - Started the Graylog Collector Sidecar service
   - Created a configuration (Windows Logs, ship to the UDP GELF Input 
   defined on my Graylog box)
   - Created a tag called Windows and applied it to this configuration


I see the nxlog.conf get created on the Windows server, I see nxlog.exe 
start up on server, but nothing is sent. TCPDump on the Graylog server 
shows only the TCP connections in on port 12900 from the Windows server.

Any advice on troubleshooting this would be much appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/526b544e-bf0b-4383-9819-61ae5f3ebfcd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog-collector-sidecar

['Joshua Humpich' via Graylog Users]

Hi folks,
I'm trying to get these collector-sidecar running on my linux.
Did the installation of nxlog and the collector-sidecar.rpm file.
My graylog server is running on another machine.
First of all the error message when runnning the collector-sidecar binary 
with the conf file

graylog-collector-sidecar -c 
/etc/graylog/collector-sidecar/collector_sidecar.yml

INFO[] Using collector-id: 72a5ed2b-f5ae-46dc-88e9-a1029f57c545 
INFO[] Fetching configurations tagged by: [daisy]   
INFO[] Starting collector supervisor
INFO[] [nxlog] Starting 
ERRO[] [nxlog] Collector exits immediately, this should not happen! 
Please check your collector configuration! 
ERRO[0019] [UpdateRegistration] Failed to report collector status to 
server: invalid character '<' looking for beginning of value 
ERRO[0039] [RequestConfiguration] Bad response status from Graylog server: 
504 Gateway Time-out 


Now the conf file (pls notice the server_url section there is a normal ip 
address and no <> stuff considering the error message ;-))

server_url: http://:12900
tls_skip_verify: true
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
tags:
- test
log_path: /var/log/graylog/collector-sidecar
update_interval: 10
backends:
- name: nxlog
  enabled: true
  binary_path: /usr/bin/nxlog
  configuration_path: 
/etc/graylog/collector-sidecar/generated/nxlog.conf


The collector-sidecar did not fetch any config from the graylog server so 
the generated dir is empty.

Does anybody faces the same problem?


Regards,
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/68785c0a-6a7a-4cbd-96c6-5d97eb41b1df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] GRAYLOG collector centos rpm packages

[sikender]

Hi , 

Do we have GRAYLOG collector that we install on agent machine, any rpm packages 
for REDHAT 6.0 ?? 

When I install it manually like unzip, when I run the collector it pop out with 
logs in between.. 



Thank you
Sikandar

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dcdab649-23e1-484c-ab54-d92b44d46ad4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog collector and cpu load

[hasan akgöz]

Hello community,

I just wonder , if the service stops graylog-server or elasticsearch . Does 
it make load in the log source?

have a nice day.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/97458d9b-c715-4f2f-b36a-8df3b09929fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector

[Drew Miranda]

Check out the collector documentation page here

http://docs.graylog.org/en/1.3/pages/collector.html


You can define what log files to ship to graylog in the collector configuration 
file.

Configuring steam rules is done via the gray log web interface. Hope that helps.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6cb218be-26ad-4354-ae22-c1400aa5261b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector

[sikender . mohammad]

HI all, I have some queries regarding graylog; 



Do we need root access to install graylog-collector in agent machine? 

1) How can we handle different log names in graylog ?

2) Can I able to stream particular error messages into streaming 

CAn you please do reply me .. !!



Thank you 
Sikender 


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f194ead8-97e6-4e15-bd01-6775cca06f71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] graylog-collector on AIX stops sending logs suddenly with no errors?

[Joi Owen]

What size are the logs files?  Do they stop running when they reach a
certain size, or when the collector has transferred a certain amount of
data?  I'm wondering about bugs in the java from using INTs or something
too small to handle the size of the files, 2G or 4G numbers come to mind.
Do small files fail as well, or just large ones?  Does the service creating
those files ever truncate them?

Does your aix host have an lsof command?  Can it tell you if java still has
the log file open, and the pid?  If so, can you strace (or equivalent) on
that pid and see what it's doing?  Can you tell if the collect is stuck
reading from the log, or is it stuck trying to write it to the graylob
service?



On Mon, Apr 11, 2016 at 9:26 AM, Mirza Dedic 
wrote:

> Hi Joi,
>
> This happens randomly after the graylog-collector has started (usually
> within a couple of hours of running). The logs being monitored do not have
> any rotation on them (they grow forever) so I don't think it is a rotation
> issue.
>
> Any other ideas to try? I am stuck and I really need the graylog-collector
> to run on our AIX box.
>
> On Friday, April 8, 2016 at 9:35:23 AM UTC-7, Joi Owen wrote:
>>
>> What time does this normally happen?  Is it after logrotate has run?
>> Does collector know it needs to re-open the logs after they're rotated?  It
>> may be trying to read from the old inodes and doesn't realize it needs to
>> switch.
>>
>> It is possible to configure logrotate to deal with this on its own
>> without changing the inode.
>>
>>
>> On Fri, Apr 8, 2016 at 11:20 AM, Mirza Dedic 
>> wrote:
>>
>>> Hello,
>>>
>>> We are using graylog-collector v0.4.2 on AIX 7.1 and we can start the
>>> logger and it works for awhile (couple of hours) and then it suddenly stops
>>> sending logs with no error messages in the logs..
>>>
>>> I also changed the COLLECTOR_JAVA_DEFAULTS to -Xms512m -Xmx768m but no
>>> luck.
>>>
>>> On the graylog-server the collector is visible while it is working, when
>>> it stops sending logs the collector is no longer visible on the server side
>>> but the graylog-collector process is still running in AIX with no errors in
>>> logs. I have to kill the process (kill -9 since kill -15 does not stop it)
>>> and then restart the process.
>>>
>>> Any idea how to troubleshoot the cause of this?
>>>
>>> *The collector.conf consists of this..*
>>> server-url = "http://172.16.x.x:12900;
>>> enable-registration = true
>>> collector-id = "file:config/collector-id"
>>>
>>> inputs {
>>>   1 {
>>> type = "file"
>>> path = "/usr1/dbs/1.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>   2 {
>>> type = "file"
>>> path = "/usr1/dbs/2.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>   3 {
>>> type = "file"
>>> path = "/usr1/dbs/3.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>   4 {
>>> type = "file"
>>> path = "/usr1/dbs/4.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>   5 {
>>> type = "file"
>>> path = "/usr1/dbs/5.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>   6 {
>>> type = "file"
>>> path = "/usr1/dbs/6.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>7 {
>>> type = "file"
>>> path = "/usr1/dbs/7.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>>   8 {
>>> type = "file"
>>> path = "/usr1/dbs/8.lg"
>>> outputs = "gelf-tcp"
>>>   }
>>> }
>>>
>>> outputs {
>>>   gelf-tcp {
>>> type = "gelf"
>>> host = "172.16.x.x"
>>> port = 12201
>>> client-tls = false
>>> client-queue-size = 5120
>>> client-connect-timeout = 1
>>> client-reconnect-delay = 2000
>>> client-tcp-no-delay = true
>>> client-send-buffer-size = 32768
>>>   }
>>> }
>>>
>>> *In the log all we see is...*
>>> [main] cli.commands.Run - Starting Collector v0.4.2 (commit 2609a38)
>>> [main] cli.commands.Run - Running on AIX AIX 7.1 (ppc64)
>>> [main] collector.utils.CollectorId - Collector ID:
>>> 19c8fecb-0f04-4503-9943-15cfbac98458
>>> [main] outputs.gelf.GelfOutput - Starting GELF transport:
>>> org.graylog2.gelfclient.GelfConfiguration@3c8510bd
>>> [main] cli.commands.Run - Service RUNNING: BufferProcessor [RUNNING]
>>> [main] cli.commands.Run - Service RUNNING: FileObserver [RUNNING]
>>> [main] cli.commands.Run - Service RUNNING: MetricService [RUNNING]
>>> [main] cli.commands.Run - Service RUNNING: MemoryReporterService
>>> [RUNNING]
>>> [main] cli.commands.Run - Service RUNNING: HeartbeatService [RUNNING]
>>> [main] cli.commands.Run - Service RUNNING: FileInput{id='1',
>>> path-set='SinglePathSet{path=/usr1/dbs/1.lg}', reader-buffer-size='102400',
>>> message-fields='MessageFields{}', charset='UTF-8', outputs='gelf-tcp',
>>> content-splitter='NEWLINE', reader-interval='100'}
>>> [main] cli.commands.Run - Service RUNNING: FileInput{id='2',
>>> path-set='SinglePathSet{path=/usr1/dbs/2.lg}', reader-buffer-size='102400',
>>> message-fields='MessageFields{}', charset='UTF-8', outputs='gelf-tcp',
>>> content-splitter='NEWLINE', 

[graylog2] Graylog Collector: 'Unable to send heartbeat...'

[ob1]

Hi Folks,

Running latest graylog beta on Centos 6.7.  I have graylog-collector-0.4.2 
running on a separate Centos 6.7 server. 

My collector is not appearing in System/Collectors in the UI and throws the 
following warnings:

2016-04-06T15:48:42.962+ WARN  [HeartbeatService RUNNING] 
collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog 
server, result was: 404 - Not Found
2016-04-06T15:48:47.961+ WARN  [HeartbeatService RUNNING] 
collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog 
server, result was: 404 - Not Found
2016-04-06T15:48:52.962+ WARN  [HeartbeatService RUNNING] 
collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog 
server, result was: 404 - Not Found
2016-04-06T15:48:57.963+ WARN  [HeartbeatService RUNNING] 
collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog 
server, result was: 404 - Not Found

Indeed, curl'ing yields this (I guess it proves that it's at least getting 
a response):

#curl x.x.x.x:12900
{"type":"ApiError","message":"HTTP 404 Not Found"}

Within the Graylog UI, I manually configured a Gelf TCP input (TCP:12201) 
and can see incoming messages, but shouldn't my collector automatically 
register with graylog and appear in System/Collectors?

Here's what I've configured in graylog-collector:

server-url = "http://x.x.x.x:12900;

inputs {
  local-syslog {
type = "file"
path = "/var/log/messages"
charset = "utf-8"
content-splitter = "newline"
  }
  local-maillog {
type = "file"
path = "/var/log/maillog"
charset = "utf-8"
content-splitter = "newline"
  }

outputs {
  gelf-tcp {
type = "gelf"
host = "x.x.x.x"
port = 12201
  }
  console {
type = "stdout"
  }
}


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f0a13e1e-44c6-448b-b6ca-343e8318e606%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog collector not working as a service, but fine in cmd

[markjwarner]

Dear All, 

I recently setup a graylog2 server on ubuntu 14.04

I am testing the graylog collector and have it working, and sending logs to 
the graylog server when running it from command line: 

graylog-collector.bat run -f collector.conf

I can see the message in the stout in the cmd prompt, and can see the event 
log messages coming into the server. 

Using the same configuration file as above, I install as a service with the 
following command: 

graylog-collector-service.bat install GraylogCollector
graylog-collector-service.bat start GraylogCollector

However, as a service I see no events hitting the graylog server and in the 
stderr in logs I receive: 

2016-04-06 14:49:43 Commons Daemon procrun stderr initialized
Exception in thread "EventLogThread" Exception in thread "EventLogThread" 
Exception in thread "EventLogThread" java.lang.UnsatisfiedLinkError: 
org.hyperic.sigar.win32.EventLog.close()V
at org.hyperic.sigar.win32.EventLog.close(Native Method)
at org.hyperic.sigar.win32.EventLogThread.run(EventLogThread.java:175)
at java.lang.Thread.run(Unknown Source)
java.lang.UnsatisfiedLinkError: org.hyperic.sigar.win32.EventLog.close()V
at org.hyperic.sigar.win32.EventLog.close(Native Method)
at org.hyperic.sigar.win32.EventLogThread.run(EventLogThread.java:175)
at java.lang.Thread.run(Unknown Source)
java.lang.UnsatisfiedLinkError: org.hyperic.sigar.win32.EventLog.close()V
at org.hyperic.sigar.win32.EventLog.close(Native Method)
at org.hyperic.sigar.win32.EventLogThread.run(EventLogThread.java:175)
at java.lang.Thread.run(Unknown Source)

I hope someone has run into this issue before and can help. 

BR

Mark

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0f7e38fb-7f22-489a-9cc5-403e4bacf1b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog collector 0.4.2 Exception in thread "ChunkProcessor" java.lang.IndexOutOfBoundsException

[Jhong ARen]

Hi,
When we use graylog collector 0.4.2 on Red Hat Enterprise 6.4, we sometimes 
meet exception in thread "ChunkProcessor" as below , then graylog collector 
can't send log to server util we restart collector.Because of this problem 
we can not collect complete log.Would we pass this exception to continue 
recevie log ?

Server Side:
* Graylog Version:1.3.3
* Elasticsearch Version:1.7.3
* MongoDB Version:v2.4.9

Exception:
Exception in thread "ChunkProcessor" java.lang.IndexOutOfBoundsException: 
readerIndex(164) + length(1) exceeds writerIndex(164): 
CompositeByteBuf(ridx: 164, widx: 164, cap: 164, components=1)
at 
io.netty.buffer.AbstractByteBuf.checkReadableBytes(AbstractByteBuf.java:1166)
at 
io.netty.buffer.AbstractByteBuf.readByte(AbstractByteBuf.java:570)
at 
org.graylog.collector.file.splitters.NewlineChunkSplitter$1$1.computeNext(NewlineChunkSplitter.java:53)
at 
org.graylog.collector.file.splitters.NewlineChunkSplitter$1$1.computeNext(NewlineChunkSplitter.java:32)
at 
com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143)
at 
com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138)
at 
org.graylog.collector.file.ChunkProcessor.createMessages(ChunkProcessor.java:89)
at 
org.graylog.collector.file.ChunkProcessor.process(ChunkProcessor.java:85)
at 
org.graylog.collector.file.ChunkProcessor.run(ChunkProcessor.java:51)
at 
com.google.common.util.concurrent.AbstractExecutionThreadService$1$2.run(AbstractExecutionThreadService.java:60)
at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:95)
at java.lang.Thread.run(Thread.java:804)
2016-03-08T11:19:43.063+0800 ERROR [gelfTcpTransport-1-1] 
gelfclient.transport.GelfTcpTransport - Exception caught
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.7.0]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:51) 
~[?:1.7.0]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:235) 
~[?:1.7.0]
at sun.nio.ch.IOUtil.read(IOUtil.java:204) ~[?:1.7.0]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:409) 
~[?:1.7.0]
at 
io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:447)
 
~[graylog-collector.jar:?]
at 
io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881) 
~[graylog-collector.jar:?]
at 
io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242)
 
~[graylog-collector.jar:?]
at 
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119)
 
[graylog-collector.jar:?]
at 
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) 
[graylog-collector.jar:?]
at 
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
 
[graylog-collector.jar:?]
at 
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) 
[graylog-collector.jar:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) 
[graylog-collector.jar:?]
at 
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
 
[graylog-collector.jar:?]
at 
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
 
[graylog-collector.jar:?]
at java.lang.Thread.run(Thread.java:804) [?:1.7.0]
2016-03-08T11:19:43.066+0800 ERROR [gelfTcpTransport-1-1] 
gelfclient.encoder.GelfMessageJsonEncoder - JSON encoding error
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.7.0]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:51) 
~[?:1.7.0]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:235) 
~[?:1.7.0]
at sun.nio.ch.IOUtil.read(IOUtil.java:204) ~[?:1.7.0]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:409) 
~[?:1.7.0]
at 
io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:447)
 
~[graylog-collector.jar:?]
at 
io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881) 
~[graylog-collector.jar:?]
at 
io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242)
 
~[graylog-collector.jar:?]
at 
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119)
 
[graylog-collector.jar:?]
at 
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) 
[graylog-collector.jar:?]
at 
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
 
[graylog-collector.jar:?]
at 
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) 
[graylog-collector.jar:?]
at 

[graylog2] GrayLog collector

[Warriors]

Can we collect the weblogic logs and fwd to graylog server with pout 
installing Graylog collector on the client machine?

-- 
DISCLAIMER: This message, including any attachments, contains confidential 
information 
intended for a specific individual and purpose, and is protected by law. If 
you are not the intended recipient, please contact the sender immediately 
by reply e-mail and destroy all copies. You are hereby notified that any 
disclosure, copying, or distribution of this message, or the taking of any 
action based on it, is strictly prohibited.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/42b6c037-e34e-4d86-aea0-379b633f94d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Collector Failed to Start

[Clay Beyer]

This is my server and the message I get when trying to start or run the 
Graylog Collector.

Linux lamp 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) 
x86_64

Welcome to Lamp, TurnKey GNU/Linux 14.0 / Debian 8.3 Jessie

System information (as of Wed Feb 24 15:43:39 2016)
  System load: 0.84 Memory usage: 12%
  Processes: 99 Swap usage: 0%
  Usage of /: 4.0% of 96.34GB IP address for eth0: 192.168.100.7

TKLBAM: Backup ID #1, Updated Wed 2016-02-24 06:57

root@lamp ~# systemctl start graylog-collector
Failed to start graylog-collector.service: Unit graylog-collector.service 
failed to load: No such file or directory

My config file: 

// Graylog Collector configuration.

server-url = "http://10.1.0.48:12900;

enable-registration = true

collector-id = "file:/etc/graylog/collector/collector-id"

inputs {
  apache-access {
type = "file"
path-glob-root = "/var/log/apache2"
path-glob-pattern = "*.access.log"
 }
 
outputs {
  gelf-tcp {
type = "gelf"
host = "127.0.0.1"
port = 12201
  }
  
  console {
type = "stdout"
inputs = "apache-access"
  }
}

How do I get the collector to start?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c35b7b9c-0c0f-41eb-9679-a69f2e848ebe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog collector not giving right format data for tomcat

[Amit Sharma]

Hi

I am not getting right format data for tomcat in graylog console through 
graylog collector

attached snapshot shows you the format i am getting in graylog console.

please help 

thanks 
amit sharma

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/02fc2849-7480-4459-ae3f-3464789a3b23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Collector Configuration Settings

[Sean McGurk]

Hi all,

I have configured a graylog collector with the following settings:

server-url = "http://xxx.xxx.xxx.xxx:12900/;

collector-id = /etc/graylog/collector/collector-id

inputs {

  syslog {

type = "file"

path = "/var/log/syslog"

  }

  apache-logs {

  type = "file"

  // /var/log/apache2/**/*.{access,error}.log

  path-glob-root = "/var/log/apache2"

  path-glob-pattern = "**/*.{access,error}.log"

  }

}

outputs {

  graylog-server {

type = "gelf"

host = "xxx.xxx.xxx.xxx"

port = 12201

  }

}



And have created an input on the server have configured a graylog collector 
with the following settings:


   - recv_buffer_size: 1048576
   - port: 12201
   - tls_key_file: graylog-user
   - tls_key_password: ***
   - use_null_delimiter: true
   - tls_client_auth_cert_file:
   - max_message_size: 2097152
   - tls_client_auth: disabled
   - override_source:
   - bind_address: xxx.xxx.xxx.xxx
   - tls_cert_file:

And while I am able to see syslog messages sent in by the collector, I am 
unable to see apache log messages.

Does anyone know where I am going wrong?

Thanks,

Seán


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/21c071d4-2fd8-43cd-bf11-1a6c7153dc4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector and timestamp

[Alex B.]

Hello, using graylog 1.2.2 and collector 0.4.1, there is a big difference 
between graylog timestamp and log file timestamp.

A line in a logfile with a 17:11:34,887 timestamp can have a 17:11:53.328 
timestamp in graylog, which is a 20 seconds difference !

I'm currently testing collector to replace nxlog, don't have this problem 
with nxlog as you can apply parsedate on date field and send it as event 
time.

Ty

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7c20ce44-6c6d-412e-aa0b-b8f0d8f2031f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector cannot parse Security log

[Mehmet Ali Büyükkarakaş]

Hi everybody.

I'm trying graylog collector with my Win8 PC. I cant collect security event 
logs. I tried the same with my Win2008 server and same results.

Any idea about that ?
Thank you in advance.



---

2015-10-06 23:26:00 Commons Daemon procrun stdout initialized
2015-10-06T23:26:01.317+0300 INFO  [main] cli.commands.Run - Starting 
Collector v0.4.1 (commit 36a0856)
2015-10-06T23:26:01.319+0300 INFO  [main] cli.commands.Run - Running on 
Windows 8 Windows 8 6.2 (amd64)
2015-10-06T23:26:02.246+0300 INFO  [main] collector.utils.CollectorId - 
Collector ID: ca5d95f8-60cc-44ed-a2e6-efe09194ec14
2015-10-06T23:26:02.273+0300 INFO  [main] outputs.gelf.GelfOutput - 
Starting GELF transport: org.graylog2.gelfclient.GelfConfiguration@3d93cfcb
2015-10-06T23:26:02.455+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: BufferProcessor [RUNNING]
2015-10-06T23:26:02.455+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: FileObserver [RUNNING]
2015-10-06T23:26:02.455+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: MemoryReporterService [RUNNING]
2015-10-06T23:26:02.456+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: MetricService [RUNNING]
2015-10-06T23:26:02.456+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: HeartbeatService [RUNNING]
2015-10-06T23:26:02.458+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: GelfOutput{port='12201', id='gelf-tcp', 
client-send-buffer-size='-1', host='192.168.2.94', inputs='', 
client-reconnect-delay='1000', client-connect-timeout='5000', 
client-tcp-no-delay='true', client-queue-size='512'}
2015-10-06T23:26:02.461+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: WindowsEventlogInput{pollInterval='1000', 
id='win-eventlog-application', sourceName='Application', 
message-fields='MessageFields{}', outputs=''}
2015-10-06T23:26:02.461+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: WindowsEventlogInput{pollInterval='1000', 
id='win-eventlog-security', sourceName='Security', 
message-fields='MessageFields{}', outputs=''}
2015-10-06T23:26:02.462+0300 INFO  [main] cli.commands.Run - Service 
RUNNING: WindowsEventlogInput{pollInterval='1000', 
id='win-eventlog-system', sourceName='System', 
message-fields='MessageFields{}', outputs=''}

--

015-10-06 18:30:08 Commons Daemon procrun stderr initialized

2015-10-06 18:33:29 Commons Daemon procrun stderr initialized

2015-10-06 23:26:00 Commons Daemon procrun stderr initialized




-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/51f68a9b-29a6-43c3-a960-309015c3cbc0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Collector Not working

[ANKUR GOYAL]

Hello ,

I have already configured the graylog latest version 1.1.2 with the help of 
virtual machine provided on graylog site. One server is running graylog 
server, mongodb and elasticsearch, 2nd one is running elasticsearch, 3rd 
one is running graylogweb interface.  Now I want to add a ubuntu 14.04  to 
graylog server  using graylog collector . I have installed it via .deb 
package and the process provided on the website, but still  I am not able 
to see this client in graylog server. Please help me in this.



Regards,

Ankur Goyal

-- 
You received this message because you are subscribed to the Google Groups 
Graylog Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6f94d235-ecb9-44fa-9913-9e680aab5919%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog collector and iis logs

[Alberto Hontoria]

Hi friends

  We are trying to get iis logs by graylog collector. 

  We have this config

  iis-access {
type = file
path = E:\\Logs IIS\\W3SVC1\\?.log
poll-interval = 5s
  }


  Iis log name changes each day hour, the real format of the log is 
u_exDDMMHH.log

  If we test it with the complete path of a file, it works.

  But how to retrieve all logs in a directory? We have tested with 
u_ex*.log, or the directory path without sucess

  Any clue?

  Regards
  

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog collector and iis logs

[Bernd Ahlers]

Alberto,

the Collector does not support wildcards in log file names yet, sorry.

This will be implemented very soon. See the corresponding issue in
GitHub for this. https://github.com/Graylog2/collector/issues/24

Regards,
Bernd

Alberto Hontoria [Thu, Jun 18, 2015 at 11:29:13AM -0700] wrote:
Hi friends

  We are trying to get iis logs by graylog collector. 

  We have this config

  iis-access {
type = file
path = E:\\Logs IIS\\W3SVC1\\?.log
poll-interval = 5s
  }


  Iis log name changes each day hour, the real format of the log is 
u_exDDMMHH.log

  If we test it with the complete path of a file, it works.

  But how to retrieve all logs in a directory? We have tested with 
u_ex*.log, or the directory path without sucess

  Any clue?

  Regards
  

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog company
Steckelhörn 11
20457 Hamburg
Germany

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.