Hello,
How to captures logs that are stored on database systems? Is there any
collector for it?
Thank you!
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Jochen, thanks again.
I did as suggested, then checked the status and etcd was down. I deleted
/var/opt/graylog/data/etcd/* and executed graylog-ctl reconfigure and etcd
status is just fine now.
I still however see:
*Elasticsearch cluster is yellow.* Shards: 4 active, 0 initializing, 0
For my stream in pipeline I have customized function which creates message
in format acceptable by upstream server (Influx),
I am working custom plugin similar to Splunk output plugin to create
customised TCP output.
But how can I make output of my function in pipeline be forwarded to that
I have created dashboard on one of my GL servers for domain 1, would like
to have same dashboard for my GL server in domain2.
Is it possible to export dashboard settings and import them into another GL
server?
Thanks,
Eugene
--
You received this message because you are subscribed to the
Hi,
just choosing open source solution that is capable of multi tenancy. Does
anybody using graylog in MSSP environment? Have not found information
regarding multi tenancy.
Thank you for your answer!
Best Regards,
Jiri Kolb
--
You received this message because you are subscribed to the
Nice catch :)
Happened to me with my first pipeline rule.
On Thursday, January 5, 2017 at 9:44:30 AM UTC-6, Frank wrote:
>
> Well, adding a "when" does certainly help, My bad!
>
> rule "blacklist"
> when
> contains(to_string($message.message), "systemd")
> then
> drop_message();
> end
>
>
>
Hello All,
Due to limited functionality with statistical capabilities with graylog2 we
are looking to forward our modified logs to Splunk that has a limited
license.
Now, sending the raw data as an output from graylog is fairly easy with an
existing plugin on the marketplace.
However, we
As you can see in the error your desktop machine needs access to port
9000: ' http://172.16.124.48:9000/api/'
If that doesn't work the login will fail.
Cheers,
Marius
On 5 January 2017 at 16:54, wrote:
> I also started from scratch. did reboot after configuring IP.
I also started from scratch. did reboot after configuring IP. then sudo
graylog-ctl reconfigure, also tried sudo graylog-ctl restart.
The VM 172.16.124.48 is in an internal subnet which does not have Internet
access. My desktop is in different subnet. Firewall should not play a role
here,
Hi Leonardo,
On Thursday, 5 January 2017 16:21:38 UTC+1, Leonardo D'Angelo Gonçalves
wrote:
>
> How workaround this problem
>
Make sure that all timestamps in your syslog messages include a timezone.
See https://github.com/Graylog2/graylog-guide-syslog-linux#readme for
details about the
Victor,
can you check if port 9000 is blocked by your firewall? It should be
open from your desktop machine to the Graylog VM.
Cheers,
Marius
On 5 January 2017 at 16:42, wrote:
> Same here.
>
> sun@dev01 # md5sum graylog-2.1.2-1.ova
> 05d501b5fbc303a3f3b534985c8f069a
Well, adding a "when" does certainly help, My bad!
rule "blacklist"
when
contains(to_string($message.message), "systemd")
then
drop_message();
end
On Thursday, January 5, 2017 at 4:29:48 PM UTC+1, Frank wrote:
>
> Hi there,
>
> I'm just making my first steps with processing pipelines, and
Same here.
sun@dev01 # md5sum graylog-2.1.2-1.ova
05d501b5fbc303a3f3b534985c8f069a graylog-2.1.2-1.ova
Thanks
Victor
On Thursday, January 5, 2017 at 4:19:50 AM UTC-5, Nico Zanferrari wrote:
>
> Yes, 443 is down on my VM, too.
>
> With IE, I can browse to http://172.16.124.48 , and i get back
Hi there,
I'm just making my first steps with processing pipelines, and want to
create a rule that blacklists / drops certain messages.
I'm trying to add a rule that looks like this:
rule "blacklist"
contains(to_string($message), "systemd")
then
drop_message($message)
end
When I click
Hi, Jochen
First of all, thanks for advising...
I searched "in the future", and now I can see the messages, but this will
cause a lot of problems because dashboards will collect data from 2 hours a
go.
How workaround this problem
Em quinta-feira, 5 de janeiro de 2017 12:33:58 UTC-2,
This won't work in v2.1.2 without some modification since it was created
using a newer version of graylog. You must be running *Graylog v2.2.0 or
later* because of using the split function in the pipeline rules and some
other new features related to streams.
Here is the output. Because the VM is in internal subnet, it does not have
Internet access. So execute[apt-get-update-periodic] error can be ignored?
ubuntu@graylog:~$ sudo graylog-ctl reconfigure
Starting Chef Client, version 12.6.0
Compiling Cookbooks...
Recipe: graylog::default
*
Hi,
your issue sounds a lot
like https://github.com/Graylog2/graylog2-server/issues/1512 which will be
resolved in Graylog 2.2.0.
Cheers,
Jochen
On Thursday, 5 January 2017 14:03:21 UTC+1, Donal wrote:
>
> Hi,
>
> I'm running Graylog using docker and run all 3 containers for Graylog
>
Hi Jerri,
On Thursday, 5 January 2017 14:34:08 UTC+1, Jerri Son wrote:
>
> of that I am aware, alas, a SAN usually provides storage for a virtual
> infrastructure and as such acts as a "local" drive :)
>
The disk journal implementation makes heavy use of the disk (write-through)
cache to
Hi,
On Thursday, 5 January 2017 13:10:57 UTC+1, cyph...@gmail.com wrote:
>
> May I delete the disk journal now and how?
>
You can simply empty the journal directory while Graylog is not running,
see http://docs.graylog.org/en/2.1/pages/configuration/file_location.html
for the specific path for
Hi Leonardo,
try running a search "in the future", i. e. use an absolute time range and
select a time in the future (more than 2 hours) as end of the time range.
If you see your messages, it's a simple problem with the timezones of the
message timestamps (i. e. it's probably missing from the
Hi
I've installed Graylog (2.1.2) with linux clients (syslog) with 2
differents timezones (UTC and BRT), I noticed servers with UTC takes 2
hours (timezone BRT is -02:00 from UTC) to display messages on graylog
console
Anyone has this issue?
User *admin*:2017-01-05 12:26:48 -02:00Your web
Hi Jochen,
of that I am aware, alas, a SAN usually provides storage for a virtual
infrastructure and as such acts as a "local" drive :)
I´ve been trying to find the right settings for our environment for the
last 2 days (amount of procs in the server.conf, output_batch_size, etc.)
in order to
Hi,
On Thursday, 5 January 2017 14:20:53 UTC+1, Dinh Manh wrote:
>
> Hi Jochen. I check my certificate in /etc/ssl/certs/java/cacerts. It is
> empty ! :( Do you have any suggestion? I'm not understand well about how to
> configure java in Graylog :(
>
Simply install the ca-certificates-java
Hi Jochen. I check my certificate in /etc/ssl/certs/java/cacerts. It is
empty ! :( Do you have any suggestion? I'm not understand well about how to
configure java in Graylog :(
Vào 19:07:55 UTC+7 Thứ Năm, ngày 05 tháng 1 năm 2017, Jochen Schalanda đã
viết:
>
> Hi,
>
> also see
>
Hi Jochen, thanks for your answer. Here is my java version :
openjdk version "1.8.0_111"
OpenJDK Runtime Environment (build 1.8.0_111-8u111-b14-3~14.04.1-b14)
OpenJDK 64-Bit Server VM (build 25.111-b14, mixed mode)
Vào 19:06:03 UTC+7 Thứ Năm, ngày 05 tháng 1 năm 2017, Jochen Schalanda đã
viết:
Hi,
I'm running Graylog using docker and run all 3 containers for Graylog
(Graylog, MongoDB, ElasticSearch) using Docker Compose. Here is my .yml file
version: '2'
services:
mongo:
restart: always
image: "mongo:3"
volumes:
- /volumes/docker/graylog/data/mongo:/data/db
Hello,
after deleting the notification for "*Elasticsearch cluster unhealthy (RED)
(triggered 6 days ago)"* and rebooting the server I didn't get notified of
this problem again.
I still see:
*Elasticsearch clusterThe possible Elasticsearch cluster states and more
related information is
Hi,
also
see
https://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus
for a related answer on StackOverflow.
tl;dr: The CA store (truststore) of your JVM is empty or broken.
Cheers,
Jochen
On Thursday, 5 January 2017
Hi,
which exact version of Java are you using and which JRE?
Cheers,
Jochen
On Thursday, 5 January 2017 12:47:53 UTC+1, Dinh Manh wrote:
>
> Hello, i am using Graylog 2.1 and i can't send email alert ( even test
> mail ).
> Firstly, i configure postfix mail to send a test email, everything
Hi,
On Thursday, 5 January 2017 12:54:41 UTC+1, SawWinn Naung wrote:
>
> Can't import in Graylog v2.1.2
>
If you provided some information about the problem or even created a ticket
in the corresponding GitHub repository
at https://github.com/alias454/graylog-bro-content-pack/issues, people
Can't import in Graylog v2.1.2
On Sunday, December 18, 2016 at 10:34:33 PM UTC+6:30, BKeep wrote:
>
> For anyone interested, I added a new content pack:
> BRO IDS content pack contains pipeline rules, a stream, a dashboard
> displaying interesting activity, and a syslog tcp input to capture and
Hello, i am using Graylog 2.1 and i can't send email alert ( even test mail
).
Firstly, i configure postfix mail to send a test email, everything seem to
be allright. Here is my main.cfg :
http://paste.openstack.org/show/593977/ .
I send a test email using echo command : echo "This is a test."
Just for a Update
I made a test with the graylog server changing the timezone from Linux
(graylog was always restarted when I changed linux timezone)
2017-01-04 17:41:56.000 - The graylogserver was in BRT Timezone
After that time 2017-01-04 17:41:56.000 I stoped graylog server changed
the
Hi Guys,
I've installed a new graylog server and configurated only Linux clients
(syslog), I have clients with differents timezones (UTC and BRT -03:00) but
I noticed something wrong, if the server (graylog-server) is configurated
to UTC (date command out), I just can see messages from client
Yes, 443 is down on my VM, too.
With IE, I can browse to http://172.16.124.48 , and i get back the login
page. After entering admin/admin in it, I'm in the Graylog console on the
page http://172.16.124.48/search
I don't know what's wrong in your installation. Maybe it's easier to start
it again
Hi,
Port 443 is not up running.
>
If you didn't configure the OVA to use HTTPS, it will only start an HTTP
listener.
Generally, please post the output of the sudo graylog-ctl reconfigure
command.
Cheers,
Jochen
--
You received this message because you are subscribed to the Google Groups
37 matches
Mail list logo