[graylog2] Re: Graylog nodes unable to communicate with each other
I now have both servers using the same mongo, and as far as I can tell everything works. But I'm back to the same problem with an admin logged into the slave having the ability to accidentally or intentionally delete indices. The reader account is pretty much useless. I realize it's possible to create dashboards and streams to return some functionality. Up to now I had no reason or desire to do so. I have no reason to limit anyone from what they can search, and I want them to see the sources and stats. I would much prefer an account that looks almost identical to admin, but prevents one from changing various inputs/settings or deleting indices. I think we need a third superuser account type. I have seen similar feedback from others here. What to do? On Thursday, May 12, 2016 at 3:50:28 PM UTC-7, Mark Moorcroft wrote: > > > I'm having a similar issue. I have things to a point where neither > instance sees more than one "node". Both are seeing the elasticsearch > indicies (one local, one not). The master node seems mostly operational. I > set up a "slave" node for only one reason. The Graylog user levels made it > necessary to add another instance so users have full search capability but > no way to delete an index by mistake. It appears things have changed and > that strategy won't work anymore. The only step you mention that I haven't > done is clone the mongo. Right now my slave instance sees the indices, but > none of the searches ever load, and I see errors that no master is > selected, along with can't retrieve retention or rotation config. I presume > I'm reaching elasticsearch, but not the master graylog? I see no connection > errors in either mongo log. > >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/75475c80-4734-4a44-bb49-64946014901f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog nodes unable to communicate with each other
I'm having a similar issue. I have things to a point where neither instance sees more than one "node". Both are seeing the elasticsearch indicies (one local, one not). The master node seems mostly operational. I set up a "slave" node for only one reason. The Graylog user levels made it necessary to add another instance so users have full search capability but no way to delete an index by mistake. It appears things have changed and that strategy won't work anymore. The only step you mention that I haven't done is clone the mongo. Right now my slave instance sees the indices, but none of the searches ever load, and I see errors that no master is selected, along with can't retrieve retention or rotation config. I presume I'm reaching elasticsearch, but not the master graylog? I see no connection errors in either mongo log. On Wednesday, May 11, 2016 at 12:32:27 AM UTC-7, Jochen Schalanda wrote: > > Hi Ross, > > make sure that elasticsearch_network_host (see > https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L187-L194 > and > http://docs.graylog.org/en/2.0/pages/upgrade.html#default-network-host) > is set to an IP address (or host name) which the other Elasticsearch and > Graylog nodes can access. > > Additionally make sure that the two Graylog nodes are using the same > MongoDB database and the same password_secret (see > https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L9-L11 > ). > > Cheers, > Jochen > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ba8884d7-041f-4021-9b7a-ecbbf28f76f2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog nodes unable to communicate with each other
Hi Ross, you can of course create a MongoDB replica set and connect to this with both Graylog nodes. The MongoDB Java driver should be smart enough to send write requests only to the current MongoDB primary node. Cheers, Jochen On Wednesday, 11 May 2016 13:21:49 UTC+2, Ross wrote: > > Jochen- > > I misunderstood the architecture diagram and assumed the mongoDBs on each > node were just for per-node support, so that's probably the problem. > > On that note, I have a MongoDB question: I want to take in logs on both > graylog nodes. Do I point both nodes at the MongoDB on the master node? Is > a graylog node smart enough to know not to try to write to its own MongoDB > if it's not a master? > > Thanks for all the help! > > > > On Wednesday, May 11, 2016 at 3:32:27 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Ross, >> >> make sure that elasticsearch_network_host (see >> https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L187-L194 >> and >> http://docs.graylog.org/en/2.0/pages/upgrade.html#default-network-host) >> is set to an IP address (or host name) which the other Elasticsearch and >> Graylog nodes can access. >> >> Additionally make sure that the two Graylog nodes are using the same >> MongoDB database and the same password_secret (see >> https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L9-L11 >> ). >> >> Cheers, >> Jochen >> >> On Tuesday, 10 May 2016 23:17:45 UTC+2, Ross wrote: >>> >>> I've got a graylog cluster set up with two graylog server nodes on AWS. >>> Both of the nodes function fine on their own, but don't see each other. The >>> rest API endpoints are bound to their internal 10.x endpoint and both hosts >>> can communicate with each other. When I look at the elasticsearch cluster, >>> I see all the nodes I expect- three ES nodes, two Graylog nodes. In the >>> logs, I can even see the other node show up in the Elasticsearch cluster >>> join message. >>> >>> I can't specifically figure out where to start since neither of the >>> nodes are complaining about anything. Does anyone have advice on how to >>> troubleshoot graylog node connectivity? Not a whole lot to go on in the >>> docs. >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/45850800-e509-4f19-a519-9d9162d00643%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog nodes unable to communicate with each other
Jochen- I misunderstood the architecture diagram and assumed the mongoDBs on each node were just for per-node support, so that's probably the problem. On that note, I have a MongoDB question: I want to take in logs on both graylog nodes. Do I point both nodes at the MongoDB on the master node? Is a graylog node smart enough to know not to try to write to its own MongoDB if it's not a master? Thanks for all the help! On Wednesday, May 11, 2016 at 3:32:27 AM UTC-4, Jochen Schalanda wrote: > > Hi Ross, > > make sure that elasticsearch_network_host (see > https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L187-L194 > and > http://docs.graylog.org/en/2.0/pages/upgrade.html#default-network-host) > is set to an IP address (or host name) which the other Elasticsearch and > Graylog nodes can access. > > Additionally make sure that the two Graylog nodes are using the same > MongoDB database and the same password_secret (see > https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L9-L11 > ). > > Cheers, > Jochen > > On Tuesday, 10 May 2016 23:17:45 UTC+2, Ross wrote: >> >> I've got a graylog cluster set up with two graylog server nodes on AWS. >> Both of the nodes function fine on their own, but don't see each other. The >> rest API endpoints are bound to their internal 10.x endpoint and both hosts >> can communicate with each other. When I look at the elasticsearch cluster, >> I see all the nodes I expect- three ES nodes, two Graylog nodes. In the >> logs, I can even see the other node show up in the Elasticsearch cluster >> join message. >> >> I can't specifically figure out where to start since neither of the nodes >> are complaining about anything. Does anyone have advice on how to >> troubleshoot graylog node connectivity? Not a whole lot to go on in the >> docs. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7cd07f61-438a-4721-890a-284c43ab1c4e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog nodes unable to communicate with each other
Hi Ross, make sure that elasticsearch_network_host (see https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L187-L194 and http://docs.graylog.org/en/2.0/pages/upgrade.html#default-network-host) is set to an IP address (or host name) which the other Elasticsearch and Graylog nodes can access. Additionally make sure that the two Graylog nodes are using the same MongoDB database and the same password_secret (see https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L9-L11 ). Cheers, Jochen On Tuesday, 10 May 2016 23:17:45 UTC+2, Ross wrote: > > I've got a graylog cluster set up with two graylog server nodes on AWS. > Both of the nodes function fine on their own, but don't see each other. The > rest API endpoints are bound to their internal 10.x endpoint and both hosts > can communicate with each other. When I look at the elasticsearch cluster, > I see all the nodes I expect- three ES nodes, two Graylog nodes. In the > logs, I can even see the other node show up in the Elasticsearch cluster > join message. > > I can't specifically figure out where to start since neither of the nodes > are complaining about anything. Does anyone have advice on how to > troubleshoot graylog node connectivity? Not a whole lot to go on in the > docs. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d3a87963-c4fd-4c73-94fe-81834a5a6420%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
