hm.. Have you tried using simply (value1 OR value2) ?
Works for me in 0.20 rc3.
/Martin
On Monday, 17 February 2014 17:00:34 UTC+1, Tim wrote:
>
> Although in v0.92 of graylog I was able to define values in a rule such
> as...
>
> value1|value2
>
> ...in order to create a logical OR (because a
Hi,
Logical OR works for me with rc3 streams.
Create new stream, then add new stream rule.
Select required field, where you want to search for strings. It could be
either parsed field name, with strict values or it could be "message" (full
event). Both work well for me.
Select Type "match regul
Upgraded today, it went smoothly.
Untar both server & web, overwrite stock configs with my rc.2
configurations (web & server), stop services, update symlinks, start
services. Done.
I'm fairly certain I didn't screw it up:
> lrwxrwxrwx 1 root root 28 Feb 17 13:54 graylog2-server
I have set Authenticatin to Trace... Is this the same? (I assume so...)
09:47:33,276 TRACE [DefaultSecurityManager] Context already contains a
SecurityManager instance. Returning.
09:47:33,277 TRACE [DefaultSecurityManager] No identity
(PrincipalCollection) found in the context. Looking for a
Lennart
OK - no problem. I can sort out most of the blacklist filtering in
logstash anyway
Many thanks
T
On Tuesday, February 11, 2014 11:27:09 PM UTC, lennart wrote:
>
> Hey Tim,
>
> the blacklists were not re-implemented for 0.20.0 yet, but will come
> back in a way better implementation
Although in v0.92 of graylog I was able to define values in a rule such
as...
value1|value2
...in order to create a logical OR (because all rules were ANDed), this no
longer seems to work in v0.20.0-rc.3
I have tried
value1|value2
(value1|value2)
...but no joy. The rule always shows no
In graylog 0.92 I was able to define additional columns in stream views
I cannot seem to find how to do this in v0.20.0-rc.3. I can add a column
but cannot see any way to save the additional column as a permanent
addition to the stream view
has this feature been removed?
--
You received this
Hi Torch Team,
First off, I cannot complement you guys enough over the work you have done
for this product. This is a clear competitor with the likes of other SIEM
products out there and it will only get better with time. It is an honor
to be part of the initial user/customer base as I am loo
I'm still getting the same notifications after upgrading to Graylog2
0.20.0-rc.3.
Cheers,
Jochen
On 13.02.2014 16:05, Lennart Koopmann wrote:
> Thanks for your reports! I think this might be related to not waiting
> for a wrong MongoDB write concern and your systems being too fast. ;)
> Please
As soon as we have a little more time to spare we will try to set up
something to collect and share these kinds of things.
Many thanks for all your enthusiasm and collaboration!
cheers,
-k
On Fri, Feb 14, 2014 at 10:04 PM, Martin René Mortensen
wrote:
> Here is my rules file for cisco ASA, ACE
Hi!
Sorry for the late reply.
Could you please use the web interface's Logging section to increase
the log level of the "Security" subsection to TRACE?
ActiveDirectory uses the userPrincipalName attribute to perform the
bind, at least in all AD servers I've seen this far.
However the test login bu
Ok, thanks.
On my installation with nginx doing reverse proxy for graylog2 I have
invalid URL for the docs: http://10.31.1.40:12900/api-browser . All the
other URLs in the interface are working. Is it ok?
On Thursday, February 13, 2014 5:52:08 PM UTC+4, lennart wrote:
>
> That is an old documen
12 matches
Mail list logo
