Figured it all out with help on github, the rule should look like this:
rule "drop headers cron job"
when
contains(to_string($message.message), "COMMAND=/var/www/bin/header.sh")
then
drop_message();
end
--
You received this message because you are subscribed to the Google Groups
I am seeing this message reported about every 20-30 minutes.
I only have one graylog2 server and in its config it is specified as master
= true
I did search and most replies where that this is due to time being out of
sync.
This server is a LXC and automatically gets the correct time from the
I will do that right now, for now I assumed it was me screwing up with my
nginx reverse
proxy: https://groups.google.com/forum/#!topic/graylog2/Plxz6FY3kRo
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
I have followed this
tutorial:
http://docs.graylog.org/en/2.0/pages/configuring_webif.html?highlight=proxy
and graylog2 is working fine but I cannot save any new rule for the
pipelining. As soon as I click the save button I get this error:
Could not save processing rule ""
> Saving rule ""
Thanks Jochen, that looks exactly like what I need.
Unfortunately I cannot save that rule, have to figure this one out now:
Could not save processing rule ""
> Saving rule "" failed with status: cannot POST
>
I'm only playing with Graylog2, not using it for anything productive but I
am very impressed and slightly overwhelmed with the possibilities.
Is there a showcase somewhere of what other users are productively using it
for and how?
--
You received this message because you are subscribed to the
I seem to have solved this when I found this tutorial showing one should
use nginx as reverse proxy: http://www.fluentd.org/guides/recipes/graylog2
I will eventually change this so nginx uses https too for proxying.
--
You received this message because you are subscribed to the Google Groups
Any help here, I am kinda lost.
I even went ahead and got myself real certificates from startssl - can I
use the same for the rest api and for the web interface?
The web interface is now unreachable: http://edgar.ict-consult.co.za:9000/
seeing these last few lines when restarting graylog:
On this page:
http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html there
is a broken link:
http://docs.oracle.com/javase/8/docs/technotes/tools/solaris/keytool.html
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To
Looks like simply enabling this is not enough, are there default keys and
certificates or do I need my own?
rest_enable_tls = true
Enabling that and
web_enable_tls = true
kinda works, I am able to reach the web interface via https but cannot log
in. Checking my console with chrome I see:
OK, I get it. This test machine is on a virtual machine on the internet
publicly accessible.
So what is the best practice? Edit server.conf and enable HTTPS everywhere?
Would that suffice?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To
Thanks. FYI this is where I got the other option from in case you'd like to
correct it:
http://docs.graylog.org/en/2.0/pages/getting_started/rsyslog.html
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
I've found 2 different methods and was wondering which one is the suggested
one:
a) *.* @127.0.0.1:5140
b) *.* @127.0.0.1:5140;RSYSLOG_SyslogProtocol23Format
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
Thanks Jochen, here are some more questions:
a) why is it not respecting this setting though: web_listen_uri =
http://edgar.ict-consult.co.za/
I tried: http://edgar.ict-consult.co.za/ - doesn't work and
http://edgar.ict-consult.co.za:9000/ seems to work.
b) if I set it up like this does that
Oh, I haven't thought about caching issues. Have reset the config and tried
another browser and even emptied its cache before hand.
=> http://pastebin.com/puPzwEN1
Problem still persists as above.
Btw. I had downloaded your alpha5 appliance and converted the VMDK into a
Proxmox compatible
No idea what happened but I'll reset the VM and start fresh. So on a fresh
Debian 8 install:
Partially followed these instructions too although they are for v 1.x
=>
https://www.digitalocean.com/community/tutorials/how-to-install-graylog-1-x-on-ubuntu-14-04
as the original instructions
Hi Jochen,
I had tried the last link you gave already but it seems it installs this
version: *graylog-web-interface v1.3.4 (0d67a80)*
If you want to install Graylog yourself, you should go with the official OS
> packages (DEB or RPM) which work on the most used Linux distributions:
>
I'm slightly confused by all these manuals and docs, I played around with
the virtual appliance of the alpha5 and would now like to install the beta
in a fresh VM manually. Anyone got the right link for me?
--
You received this message because you are subscribed to the Google Groups
"Graylog
Can I upgrade from alpha 5 to beta 1 with these instructions
=>
http://docs.graylog.org/en/1.3/pages/installation/graylog_ctl.html#upgrade-graylog
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop
19 matches
Mail list logo