[graylog2] Graylog log sources

Hello, How to captures logs that are stored on database systems? Is there any collector for it? Thank you! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [graylog2] Graylog stopped working

Jochen, thanks again. I did as suggested, then checked the status and etcd was down. I deleted /var/opt/graylog/data/etcd/* and executed graylog-ctl reconfigure and etcd status is just fine now. I still however see: *Elasticsearch cluster is yellow.* Shards: 4 active, 0 initializing, 0

[graylog2] Combining pipeline and output

For my stream in pipeline I have customized function which creates message in format acceptable by upstream server (Influx), I am working custom plugin similar to Splunk output plugin to create customised TCP output. But how can I make output of my function in pipeline be forwarded to that

[graylog2] Export and import dashboard

I have created dashboard on one of my GL servers for domain 1, would like to have same dashboard for my GL server in domain2. Is it possible to export dashboard settings and import them into another GL server? Thanks, Eugene -- You received this message because you are subscribed to the

[graylog2] Multi tenancy

Hi, just choosing open source solution that is capable of multi tenancy. Does anybody using graylog in MSSP environment? Have not found information regarding multi tenancy. Thank you for your answer! Best Regards, Jiri Kolb -- You received this message because you are subscribed to the

[graylog2] Re: Pipeline rule not working and throwing exception

Nice catch :) Happened to me with my first pipeline rule. On Thursday, January 5, 2017 at 9:44:30 AM UTC-6, Frank wrote: > > Well, adding a "when" does certainly help, My bad! > > rule "blacklist" > when > contains(to_string($message.message), "systemd") > then > drop_message(); > end > > >

[graylog2] Graylog to Splunk for statistical functions

Hello All, Due to limited functionality with statistical capabilities with graylog2 we are looking to forward our modified logs to Splunk that has a limited license. Now, sending the raw data as an output from graylog is fairly easy with an existing plugin on the marketplace. However, we

Re: [graylog2] problems connecting to the Graylog server with OVA

As you can see in the error your desktop machine needs access to port 9000: ' http://172.16.124.48:9000/api/' If that doesn't work the login will fail. Cheers, Marius On 5 January 2017 at 16:54, wrote: > I also started from scratch. did reboot after configuring IP.

Re: [graylog2] problems connecting to the Graylog server with OVA

I also started from scratch. did reboot after configuring IP. then sudo graylog-ctl reconfigure, also tried sudo graylog-ctl restart. The VM 172.16.124.48 is in an internal subnet which does not have Internet access. My desktop is in different subnet. Firewall should not play a role here,

[graylog2] Re: Graylog - Linux Clients Timezone

Hi Leonardo, On Thursday, 5 January 2017 16:21:38 UTC+1, Leonardo D'Angelo Gonçalves wrote: > > How workaround this problem > Make sure that all timestamps in your syslog messages include a timezone. See https://github.com/Graylog2/graylog-guide-syslog-linux#readme for details about the

Re: [graylog2] problems connecting to the Graylog server with OVA

Victor, can you check if port 9000 is blocked by your firewall? It should be open from your desktop machine to the Graylog VM. Cheers, Marius On 5 January 2017 at 16:42, wrote: > Same here. > > sun@dev01 # md5sum graylog-2.1.2-1.ova > 05d501b5fbc303a3f3b534985c8f069a

[graylog2] Re: Pipeline rule not working and throwing exception

Well, adding a "when" does certainly help, My bad! rule "blacklist" when contains(to_string($message.message), "systemd") then drop_message(); end On Thursday, January 5, 2017 at 4:29:48 PM UTC+1, Frank wrote: > > Hi there, > > I'm just making my first steps with processing pipelines, and

Re: [graylog2] problems connecting to the Graylog server with OVA

Same here. sun@dev01 # md5sum graylog-2.1.2-1.ova 05d501b5fbc303a3f3b534985c8f069a graylog-2.1.2-1.ova Thanks Victor On Thursday, January 5, 2017 at 4:19:50 AM UTC-5, Nico Zanferrari wrote: > > Yes, 443 is down on my VM, too. > > With IE, I can browse to http://172.16.124.48 , and i get back

[graylog2] Pipeline rule not working and throwing exception

Hi there, I'm just making my first steps with processing pipelines, and want to create a rule that blacklists / drops certain messages. I'm trying to add a rule that looks like this: rule "blacklist" contains(to_string($message), "systemd") then drop_message($message) end When I click

[graylog2] Re: Graylog - Linux Clients Timezone

Hi, Jochen First of all, thanks for advising... I searched "in the future", and now I can see the messages, but this will cause a lot of problems because dashboards will collect data from 2 hours a go. How workaround this problem Em quinta-feira, 5 de janeiro de 2017 12:33:58 UTC-2,

[graylog2] Re: Added BRO IDS Logs content pack on the marketplace

This won't work in v2.1.2 without some modification since it was created using a newer version of graylog. You must be running *Graylog v2.2.0 or later* because of using the split function in the pipeline rules and some other new features related to streams.

Re: [graylog2] problems connecting to the Graylog server with OVA

Here is the output. Because the VM is in internal subnet, it does not have Internet access. So execute[apt-get-update-periodic] error can be ignored? ubuntu@graylog:~$ sudo graylog-ctl reconfigure Starting Chef Client, version 12.6.0 Compiling Cookbooks... Recipe: graylog::default *

[graylog2] Re: Graylog Docker container and SMTP configuraiton

Hi, your issue sounds a lot like https://github.com/Graylog2/graylog2-server/issues/1512 which will be resolved in Graylog 2.2.0. Cheers, Jochen On Thursday, 5 January 2017 14:03:21 UTC+1, Donal wrote: > > Hi, > > I'm running Graylog using docker and run all 3 containers for Graylog >

[graylog2] Re: Very low message throughput after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5 + Error messages

Hi Jerri, On Thursday, 5 January 2017 14:34:08 UTC+1, Jerri Son wrote: > > of that I am aware, alas, a SAN usually provides storage for a virtual > infrastructure and as such acts as a "local" drive :) > The disk journal implementation makes heavy use of the disk (write-through) cache to

Re: [graylog2] Graylog stopped working

Hi, On Thursday, 5 January 2017 13:10:57 UTC+1, cyph...@gmail.com wrote: > > May I delete the disk journal now and how? > You can simply empty the journal directory while Graylog is not running, see http://docs.graylog.org/en/2.1/pages/configuration/file_location.html for the specific path for

[graylog2] Re: Graylog - Linux Clients Timezone

Hi Leonardo, try running a search "in the future", i. e. use an absolute time range and select a time in the future (more than 2 hours) as end of the time range. If you see your messages, it's a simple problem with the timezones of the message timestamps (i. e. it's probably missing from the

[graylog2] Graylog - Linux Clients Timezone

Hi I've installed Graylog (2.1.2) with linux clients (syslog) with 2 differents timezones (UTC and BRT), I noticed servers with UTC takes 2 hours (timezone BRT is -02:00 from UTC) to display messages on graylog console Anyone has this issue? User *admin*:2017-01-05 12:26:48 -02:00Your web

[graylog2] Re: Very low message throughput after upgrading from GL 1.3.4/ES 1.7.1 to GL2.1.1/ES 2.3.5 + Error messages

Hi Jochen, of that I am aware, alas, a SAN usually provides storage for a virtual infrastructure and as such acts as a "local" drive :) I´ve been trying to find the right settings for our environment for the last 2 days (amount of procs in the server.conf, output_batch_size, etc.) in order to

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi, On Thursday, 5 January 2017 14:20:53 UTC+1, Dinh Manh wrote: > > Hi Jochen. I check my certificate in /etc/ssl/certs/java/cacerts. It is > empty ! :( Do you have any suggestion? I'm not understand well about how to > configure java in Graylog :( > Simply install the ca-certificates-java

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi Jochen. I check my certificate in /etc/ssl/certs/java/cacerts. It is empty ! :( Do you have any suggestion? I'm not understand well about how to configure java in Graylog :( Vào 19:07:55 UTC+7 Thứ Năm, ngày 05 tháng 1 năm 2017, Jochen Schalanda đã viết: > > Hi, > > also see >

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi Jochen, thanks for your answer. Here is my java version : openjdk version "1.8.0_111" OpenJDK Runtime Environment (build 1.8.0_111-8u111-b14-3~14.04.1-b14) OpenJDK 64-Bit Server VM (build 25.111-b14, mixed mode) Vào 19:06:03 UTC+7 Thứ Năm, ngày 05 tháng 1 năm 2017, Jochen Schalanda đã viết:

[graylog2] Graylog Docker container and SMTP configuraiton

Hi, I'm running Graylog using docker and run all 3 containers for Graylog (Graylog, MongoDB, ElasticSearch) using Docker Compose. Here is my .yml file version: '2' services: mongo: restart: always image: "mongo:3" volumes: - /volumes/docker/graylog/data/mongo:/data/db

Re: [graylog2] Graylog stopped working

Hello, after deleting the notification for "*Elasticsearch cluster unhealthy (RED) (triggered 6 days ago)"* and rebooting the server I didn't get notified of this problem again. I still see: *Elasticsearch clusterThe possible Elasticsearch cluster states and more related information is

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi, also see https://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus for a related answer on StackOverflow. tl;dr: The CA store (truststore) of your JVM is empty or broken. Cheers, Jochen On Thursday, 5 January 2017

[graylog2] Re: Email alert Graylog 2.1 error !!!

Hi, which exact version of Java are you using and which JRE? Cheers, Jochen On Thursday, 5 January 2017 12:47:53 UTC+1, Dinh Manh wrote: > > Hello, i am using Graylog 2.1 and i can't send email alert ( even test > mail ). > Firstly, i configure postfix mail to send a test email, everything

[graylog2] Re: Added BRO IDS Logs content pack on the marketplace

Hi, On Thursday, 5 January 2017 12:54:41 UTC+1, SawWinn Naung wrote: > > Can't import in Graylog v2.1.2 > If you provided some information about the problem or even created a ticket in the corresponding GitHub repository at https://github.com/alias454/graylog-bro-content-pack/issues, people

[graylog2] Re: Added BRO IDS Logs content pack on the marketplace

Can't import in Graylog v2.1.2 On Sunday, December 18, 2016 at 10:34:33 PM UTC+6:30, BKeep wrote: > > For anyone interested, I added a new content pack: > BRO IDS content pack contains pipeline rules, a stream, a dashboard > displaying interesting activity, and a syslog tcp input to capture and

[graylog2] Email alert Graylog 2.1 error !!!

Hello, i am using Graylog 2.1 and i can't send email alert ( even test mail ). Firstly, i configure postfix mail to send a test email, everything seem to be allright. Here is my main.cfg : http://paste.openstack.org/show/593977/ . I send a test email using echo command : echo "This is a test."

[graylog2] Re: Timezone Clients

Just for a Update I made a test with the graylog server changing the timezone from Linux (graylog was always restarted when I changed linux timezone) 2017-01-04 17:41:56.000 - The graylogserver was in BRT Timezone After that time 2017-01-04 17:41:56.000 I stoped graylog server changed the

[graylog2] Timezone Clients

Hi Guys, I've installed a new graylog server and configurated only Linux clients (syslog), I have clients with differents timezones (UTC and BRT -03:00) but I noticed something wrong, if the server (graylog-server) is configurated to UTC (date command out), I just can see messages from client

Re: [graylog2] problems connecting to the Graylog server with OVA

Yes, 443 is down on my VM, too. With IE, I can browse to http://172.16.124.48 , and i get back the login page. After entering admin/admin in it, I'm in the Graylog console on the page http://172.16.124.48/search I don't know what's wrong in your installation. Maybe it's easier to start it again

Re: [graylog2] problems connecting to the Graylog server with OVA

Hi, Port 443 is not up running. > If you didn't configure the OVA to use HTTPS, it will only start an HTTP listener. Generally, please post the output of the sudo graylog-ctl reconfigure command. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups