Re: [graylog2] Re: syslog to graylog

Hi Sam, dont take ports which are already in use. Your netstat output shows that 9300 is in use. 5140 was a good choice. You should investigate why the graylog input does not listen on that port. Am 16.08.2016 9:36 nachm. schrieb "sam" : > Ha, > > > Now i did defined a port

[graylog2] Steps to upgrade to Graylog 2.0 and ElasticSearch 2.3 (from 1.3 and 1.7 respectively)

We currently have a cluster of ES 1.7 nodes and Graylog 1.3 servers, we are looking to upgrade all of it to the latest version while retaining all the data. I have looked at the documentations for upgrading both. Although the ElasticSearch 2.3 upgrade seems pretty straight forward, it looks

Re: [graylog2] Changing memory sizes in OVA

Hi Jamie, you have to make these changes on every node. Cheers, Marius On 16 August 2016 at 20:56, Jamie P wrote: > Hello. I was wondering, if I had a cluster setup where graylog and > mongodb is running on one ova, and elasticsearch is running on two other > boxes, do

[graylog2] ERROR: org.glassfish.jersey.server.ServerRuntime$Responder - An I/O error has occurred while writing a response message entity to the container output stream.

So what is this and what caused this?? My guess is something to do with gunzip 2016-08-16 16:18:38,605 ERROR: org.glassfish.jersey.server.ServerRuntime$Responder - An I/O error has occurred while writing a response message entity to the container output stream.

[graylog2] Re: Graylog and HIPAA

Take a look at the streams section for your alerts. You can setup criteria based off a number of factors such as what type of log and then set conditions on when to alert via email. On Tuesday, August 16, 2016 at 11:32:24 AM UTC-4, NoRearView wrote: > > Hello! > > I'm currently working on

Re: [graylog2] Re: syslog to graylog

Hi Sam, you cannot capture anything if nothing is listening on that port. I guess there is something wrong with your graylog input config. Mby you should have a look into the graylog log. Am 16.08.2016 9:04 nachm. schrieb "sam" : > Hi Ha, > > > below is the log fro tcpdumb

Re: [graylog2] Re: syslog to graylog

I am sorry Ha, Actually I am new to this stuff. trying to get into this. I am here with lot many questions :) CAn you suggest me any port that Can confiure in my graylog syslog_TCP input with ?? and ryslog.conf input port please Thank you On Tuesday, August 16, 2016 at 11:57:31 AM UTC-7,

Re: [graylog2] Re: syslog to graylog

Hi Ha, below is the log fro tcpdumb tcpdump -i eth0 port 5140 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 0 packets captured 1 packets received by filter 0 packets dropped by kernel Thank

Re: [graylog2] Re: syslog to graylog

Hi Sam, you can get your interface number with ifconfig -a you need the interface for the ip 162.20.100.27. Something like eth0, eth1. So the command should look like tcpdump -i eth0 port 5140 No you cannot use port 16001 because its in use. Mby you should double check your syslog input in

[graylog2] Changing memory sizes in OVA

Hello. I was wondering, if I had a cluster setup where graylog and mongodb is running on one ova, and elasticsearch is running on two other boxes, do I just follow the example below from the documentation on the master node (the one with graylog and mongodb installed to it) and will the

Re: [graylog2] Re: syslog to graylog

Hi Ha, I cant able to use this one : tcpdump -i ethX port 5140 where ; tcpdump -i eth162.20.100.27 port 5140 (Can you please let me know whether I am using the right one) Can I use 16001 to configure syslog to receive the logs ??? Thank you Ha On Tuesday, August 16, 2016 at

Re: [graylog2] Re: syslog to graylog

Hi Sam, there is nothing on port 5140. Am 16.08.2016 8:21 nachm. schrieb "sam" : > Hi Ha, > > below is the output for netstat -tulpen: where my graylog address is : > 162.20.100.27 > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address

[graylog2] message routed to stream but e-mail notification did not fire

I have OpenNMS writing all events to syslog and graylog2 is ingesting all syslog messages via logstash/gelf. The messages get into graylog2 fine and I can search them. I configured a stream and tested the e-mail with dummy e-mail and the e-mail makes it to me just fine. My stream uses a regex

Re: [graylog2] Re: syslog to graylog

Hi Ha, below is the output for netstat -tulpen: where my graylog address is : 162.20.100.27 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp0 0

[graylog2] Graylog and HIPAA

Hello! I'm currently working on getting our infrastructure up to date for a (voluntary) HIPAA audit. One area I need to improve is our logging capabilities. My end goal is to have a centralized location for my log files and also be notified of any failed login attempts or firewall alerts. A

[graylog2] CSV to field converter using whitespace delimiter

Hi, So it seems the CSV to field converter doesn't work with whitespace delimiters? Sample log: 2016-08-16 15:14:20 192.168.20.100 POST /Clients - 80 DOMAIN\user 192.168.30.171 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/52.0.2743.116+Safari/537.36

[graylog2] Re: Graylog rest api not positioning widgets on dashboard

Hi Jochen, I am manually using Graylog REST API to position widgets. It seems to work the first time i do it but if i was to delete and then re-add a widget and try to position using the REST API then the REST API put of positions fail The JSON body i am using for the position put is

[graylog2] rsyslog and TLS, newbie questions..

Hello everyone! I am a brand new user of graylog and I am in the middle of setup. I have read http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_client.html and I can't find information about what I want to do. I am not sure that what I want to do is even possible. I want to set up

[graylog2] Re: Debian/Ubuntu SHA1Removal causing error when updating package list from graylog repo

Hi Stefan, please create a GitHub issue for this at https://github.com/Graylog2/fpm-recipes/issues/ and make sure to link to https://github.com/Graylog2/fpm-recipes/issues/58 in your comment. Cheers, Jochen On Tuesday, 16 August 2016 13:12:10 UTC+2, Stefan Ioan wrote: > > Hello, > > Please

[graylog2] Debian/Ubuntu SHA1Removal causing error when updating package list from graylog repo

Hello, Please forgive me if this issue has already been posted (I could not find it by searching for it) or if this is not the proper place for this kind of issue. Does anyone have a problem using the "deb https://packages.graylog2.org/repo/debian/ stable 2.1" repo ? I'm using Debian

Re: [graylog2] Pipeline Rule Regex not working

Yup, it's fixed in this version. So, not sure if should bother filing as a bug for the stable version or not. I know pipelines were experimental for 2.0.x. On Tuesday, August 16, 2016 at 3:54:28 AM UTC-5, Edmundo Alvarez wrote: > > Hello James, > > There were quite a few changes on the

[graylog2] Re: Graylog collector (depricated) for graylog 2.0 connecting issues

Hi Sam, make sure that there is not packet filter or firewall blocking access to the host 162.20.100.27 on port 12201/tcp and that packets to 162.20.100.27 can be routed correctly by the machine running Graylog Collector. Cheers, Jochen On Tuesday, 16 August 2016 06:59:30 UTC+2, sam wrote: >

[graylog2] Re: Graylog rest api not positioning widgets on dashboard

Hi Alex, how exactly are you using the Graylog REST API and which requests do you send to it? Cheeres, Jochen On Monday, 15 August 2016 22:19:03 UTC+2, Alex Stanek wrote: > > Hello, > I am currently trying to position dashboard widgets using Graylog 2.0 rest > api with no such luck on the

[graylog2] Re: Graylog and switch Alcatel Lucent

Hi Jordan, please make sure that you have started a matching Syslog input (UDP or TCP) in Graylog and that your network appliances have access to the provided IP address. Additionally, it is possible that the output of your network appliances is not conforming to RFC 3164 or RFC 5424. In this

[graylog2] Re: Redirect python print output to graylog2

Hi Jan, you have to provide the specific IP address or host name of Graylog to the Docker daemon with the gelf-address configuration setting. "0.0.0.0" is not a specific IP address but is evaluated as a "wildcard" which has to be resolved somehow. Cheers, Jochen On Sunday, 14 August 2016

[graylog2] Re: Issue with API port when using 2 network interfaces

Use web_endpoint_uri. On Monday, August 15, 2016 at 6:09:43 PM UTC+2, Fred Blaise wrote: > > Hello, > > I am using the openstack 2.0.3 qcow2 image on a single instance. I am > having issues when specifying the rest_listen_uri to http://0.0.0.0:12900. > I need to have the API port available for

[graylog2] Re: Local graylog users but getting password auth from ldap ?

Hi, if Graylog has been configured with the necessary LDAP settings, it will sync user information from the directory service to the local user database and re-sync information on every login. So in the end, it's already working the way you want it to. Cheers, Jochen On Friday, 12 August

Re: [graylog2] Pipeline Rule Regex not working

I'll give that a shot and post back with results. On Tuesday, August 16, 2016 at 3:54:28 AM UTC-5, Edmundo Alvarez wrote: > > Hello James, > > There were quite a few changes on the pipelines for 2.1.0, so I was trying > to reproduce this issue in 2.1.0-beta.3 but I couldn't. Could you please >

Re: [graylog2] Pipeline Rule Regex not working

Hello James, There were quite a few changes on the pipelines for 2.1.0, so I was trying to reproduce this issue in 2.1.0-beta.3 but I couldn't. Could you please take a look and see if you still have the same problem in the latest beta? Here is the link if you want to take a look:

[graylog2] Pipeline Rule Regex not working

I have the following setup: 1 source 3 streams (iptables events, snort events, ssh events) 3 pipeline rules (iptables extraction, snort extraction, ssh extraction) 3 pipelines (iptables pipeline, snort pipeline, ssh pipeline) I have the rules set so the streams do basic matching of events to

Re: [graylog2] Re: syslog to graylog

Hi Sam please make sure that graylog is listening on the right port. give us the output for netstat -tulpen Please make sure that you are sending data on that port with tcpdump -i ethX port 5140 Replace the x with your interface. Am 16.08.2016 6:53 vorm. schrieb "sam" :