Oups, wrong subject. Sent another one. :-D
On 21 April 2016 at 18:11, Bernd Ahlers <be...@graylog.com> wrote:
> Hey folks,
>
> we just released Graylog v2.0.0-rc.1. Read more in the release announcement:
>
> https://www.graylog.org/blog/54-announcing-graylog-v2-0-rc-1
>
Hey folks,
we released the fourth alpha of Graylog v2.0. As with the previous
alphas, this one is still not feature complete but we need early
feedback on the new features and architectural changes we made.
Small teaser: Graylog has a map widget and GeoIP filter plugin now!
More info in the
Hey everyone!
We released the third alpha of Graylog v2.0. This alpha is still not
feature complete but we need early feedback on the new features and
architectural changes we made.
Blog post:
https://graylog.org/blog/45-third-alpha-of-graylog-v2-0-released-with-3-new-features
We are looking
Patrick,
I am unable to reproduce this on a fresh Ubuntu 14.04. I have been using
the repo package to setup the repository.
https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb
Maybe "apt-get clean ; apt-get update" helps?
Regards,
Bernd
Patrick
Moin!
three days ago we released Graylog 1.2.2, which is a bugfix release for
the Graylog 1.2 series.
Please find the full release notes for 1.2.2 at
https://www.graylog.org/graylog-1-2-2-is-now-available/.
Regards,
Bernd
--
Developer
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609
Hey,
Groups have to be created in LDAP, then they will show up in Graylog.
Regards,
Bernd
Giovanni Butchez [Wed, Oct 07, 2015 at 07:47:31AM -0700] wrote:
>Hi,
>
>I examined graylog users & roles.
>
>We used graylog v1.1.3, so this version not supported roles. We use LDAP
>login. Create
Hi!
the repository packages for Debian 7 and 8 are currently not
upgradeable. Please remove the graylog-1.1-repository-debian7 first and
then install the graylog-1.2-repository-debian8 package.
Regards,
Bernd
Fisz [Tue, Sep 15, 2015 at 10:57:38PM -0700] wrote:
>Hello,
>I have problem
Hey Zulfikar,
Graylog cannot consume Kinesis streams yet. You could open a new feature
request in our ideas portal for this.
https://www.graylog.org/product-ideas/
Regards,
Bernd
Zulfikar Dharmawan [Wed, Aug 05, 2015 at 07:18:56AM -0700] wrote:
Hi all,
Just starting my journey with
Jesse,
if you still have that issue we would need the Graylog server logs to
see if anything is wrong.
Bernd
Jesse Skrivseth [Thu, Aug 06, 2015 at 11:02:34AM -0700] wrote:
Hello all. I upgraded from 1.1.4 to 1.1.6. There were/are about 100k
messages in the journal at the time. The upgrade went
Jason,
thank you for the report. We have a similar issue open:
https://github.com/Graylog2/graylog2-server/issues/1105
We haven't been able to reproduce this. I will try again with your
setup. Can you send us the syslog-ng configuration snippet for Graylog?
That would be helpful.
Thanks,
Alberto,
the Collector does not support wildcards in log file names yet, sorry.
This will be implemented very soon. See the corresponding issue in
GitHub for this. https://github.com/Graylog2/collector/issues/24
Regards,
Bernd
Alberto Hontoria [Thu, Jun 18, 2015 at 11:29:13AM -0700]
Chris,
we have a Windows configuration example in our documentation.
http://docs.graylog.org/en/1.1/pages/collector.html#windows
The example file shipped with the Collector is just to show some
examples.
Regarding the test-log entry you are right, the Collector will tail
the file.log and send
You can also download the packages with a web browser from here:
https://packages.graylog2.org/
Regards,
Bernd
GambitK [Tue, Jun 16, 2015 at 05:01:17AM -0700] wrote:
How can I get the deb packages for offline installation? I need to install
to an ubuntu server that doesn't have
Saulius,
please ensure that there are no unrelated files in the journal
directory.
Bernd
Saulius Zilis [Mon, Jun 15, 2015 at 06:41:38PM -0700] wrote:
The directory is 755 graylog:graylog, the file also has the same
permissions. I attempted changing permissions to 777 and still received the
Saulius,
this sounds like the directory permissions are wrong on your machine.
The /var/lib/graylog-server directory and its subdirectories should be
owned by the graylog user. Maybe something went wrong during the
installation of the packages or the permissions got changed afterwards.
The
Saulius,
thanks for the report. I will try to reproduce this and come back to
you.
Bernd
Saulius Zilis [Fri, Jun 12, 2015 at 01:13:39AM -0700] wrote:
I have 2 installations of graylog. The first version, fully working and
configured, has been created by following your instructions in the
Saulius,
the GRAYLOG_WEB_JAVA_OPTS handling in the graylog-web init script was
wrong and has been corrected in the graylog-web-1.1.2-4 packages.
Besides the /var/log/graylog-web/application.log, you also have
/var/log/graylog-web/console.log which should contain an error in your
case.
Please
Jeremy,
there is only a file and a windows-eventlog input right now. The
documentation for them is not really there right know. We have an issue
on GitHub that lists the missing items.
https://github.com/Graylog2/collector/issues/25
The current documentation is here:
Alex,
these requests are metrics requests that are used to update the dynamic
throughput counter and other statistics. (i.e. on the System/Nodes page)
There will be one request per second per open browser tab.
You can only disable the frequent POST requests by enabling websockets
for the web
Mark,
we released version 1.1.1 to fix some urgent issues. One of them was a
NullPointerException during search.
https://www.graylog.org/graylog-v1-1-1-is-now-available/
Can you please update to 1.1.1 and check if your problems are solved?
Bernd
Mark Moorcroft [Fri, Jun 05, 2015 at 04:13:52PM
Jesse,
thank you for the update. I created an issue in GitHub for this with a
link to this mailing list thread.
https://github.com/Graylog2/graylog2-server/issues/1192
I also started to test with the detailed data you submitted but did not
see any problems. I was testing on 1.1.0-rc.1 though.
Arie,
thank you for the report! I created an issue in GitHub for this:
https://github.com/Graylog2/graylog2-server/issues/1194
It will be fixed in 1.1.0-rc.2 or later.
Thanks,
Bernd
On 29 May 2015 at 16:27, Arie satyava...@gmail.com wrote:
Hi,
When starting graylog with the following
:
%PROCRUN% //IS//%SERVICE_NAME% .. etc.
No errors before.
Op woensdag 27 mei 2015 22:25:02 UTC+2 schreef Bernd Ahlers:
Arie,
can you please check if this script works for you?
https://gist.github.com/bernd/d26366422d42154534db
Thanks!
Bernd
Arie [Wed, May 27, 2015 at 07:02
, 2015 at 07:12:30AM -0700] wrote:
Hi Bernd,
Just installed and tried it, the error is still there.
Tested it with a windows and linux collector, and in both cases, no results.
Arie.
On Thursday, May 28, 2015 at 3:58:56 PM UTC+2, Bernd Ahlers wrote:
Arie,
thanks for the report. Do you still
On Monday, March 2, 2015 at 1:54:53 PM UTC+1, Bernd Ahlers wrote:
Hey,
if you want to send GELF messages from your PHP application, you might
want to look at https://github.com/bzikarsky/gelf-php/.
This is a ready to use PHP GELF library which also supports chunking.
Hope that helps!
Regards
On Friday, February 27, 2015 at 2:02:08 PM UTC+1, Bernd Ahlers wrote:
Johan, Henrik,
I tried to track this problem down.The problem is that the JVM does
not cache reverse DNS lookups. The available JVM DNS cache settings
like networkaddress.cache.ttl only affect forward DNS lookups
Hey,
if you want to send GELF messages from your PHP application, you might
want to look at https://github.com/bzikarsky/gelf-php/.
This is a ready to use PHP GELF library which also supports chunking.
Hope that helps!
Regards,
Bernd
On 1 March 2015 at 19:31, Jesús Alberto Vidal Cortés
listening on port UDP/.
How can I connect the raw input with the syslog input ??? I got lost...
Thanks in advance,
Roberto
El viernes, 27 de febrero de 2015, 13:57:08 (UTC-3), Bernd Ahlers escribió:
Roberto,
the Cisco ASA does not send valid Syslog, unfortunately. You have to
create
servers and forward the logs after that to graylog??
Thanks again,
Roberto
El lunes, 2 de marzo de 2015, 7:58:30 (UTC-3), Bernd Ahlers escribió:
Roberto,
you replace the Syslog input with a Raw input. The extractors are
applied to the Raw input to parse the logs then.
In your setup, remove
will investigate if there is a sane way to cache the reverse
lookups ourselves. In the meantime I suggest to test with a DNS cache
installed on the Graylog server nodes to see if that helps or to
disable the force_rdns setting.
Regards,
Bernd
On 25 February 2015 at 18:00, Bernd Ahlers be...@graylog.com wrote
Roberto,
the Cisco ASA does not send valid Syslog, unfortunately. You have to
create a Raw input and create extractors.
There is a blog post about this here:
http://spottedhyena.co.uk/2015/01/graylog2-cisco-asa-cisco-catalyst/
Hope that helps!
Regards,
Bernd
On 27 February 2015 at 15:57,
nodes during the upgrade :
http://5.9.37.177/graylog_cluster_cpu_idle.png
We went from ~20% CPU utilisation to ~100% CPU utilisation across
~200 cores and things only settled down after disabling force_rdns.
On 25 Feb 2015, at 11:55, Bernd Ahlers be...@graylog.com wrote:
Johan,
the only
are still seeing evaluated CPU utilisation but we are attributing that
to the fact that 0.92 was loosing messages in our setup.
On 25 Feb 2015, at 17:37, Bernd Ahlers be...@graylog.com wrote:
Henrik,
uh, okay. I suppose it worked for you in 0.92 as well?
I will create an issue on GitHub
Ed,
as Tristan already said, if you constantly sending in more messages
than Graylog or Elasticsearch can process, you will always fill up
your journal.
Disabling the journal does not really fix the problem, because you
will now lose messages.
Please check the node details page (System - Nodes -
UTC+1, Bernd Ahlers wrote:
Johan,
this sounds very strange indeed. Can you provide us with some more
details?
- What kind of messages are you pouring into Graylog via UDP? (GELF,
raw, syslog?)
- Do you have any extractors or grok filters running for the messages
coming in via UDP?
- Any
Curtis,
that depends which version you are currently running. Anything from
0.20, 0.90, 0.91, and 0.92 should be fine.
Please see the Upgrade section in our release announcement.
https://www.graylog.org/announcing-graylog-v1-0-ga/
Regards,
Bernd
On 19 February 2015 at 23:47, Curtis Starnes
Hey,
please see the manual setup documentation on how to setup Graylog.
http://docs.graylog.org/en/1.0/pages/installation.html#the-manual-setup
You might also try the OS packages or one of the virtual machine images.
Josh,
the current alerting implementation does not support that
unfortunately. There are some possibilities to achive that
functionality.
1. Use a HTTP alarm callback to send the alert including some messages
to a custom HTTP server that handles the alerting.
2. Use something like riemann to
Dale,
there is currently no way to do DNS reverse lookups on arbitrary fields. Sorry!
You can always do that with a custom plugin, but that requires writing
one in Java. (http://docs.graylog.org/en/1.0/pages/plugins.html)
Regards,
Bernd
On 18 February 2015 at 20:35, DH d...@dghartung.com wrote:
Arie,
you mean it actually deleted the old files (/etc/graylog2.con and files
in /etc/graylog2/server) even though you modified them?
Bernd
Arie [Thu, Feb 19, 2015 at 11:39:48PM -0800] wrote:
Congrats,, happy too,
but updating my rpms throwed my old graylog configs away.
on centos the old
You're welcome! :)
Bernd
On 20 February 2015 at 14:01, Arie satyava...@gmail.com wrote:
You are absolutely right about that, missed that in the diff
thank you.
On Friday, February 20, 2015 at 1:56:20 PM UTC+1, Bernd Ahlers wrote:
I think you have to adjust the node-id setting in your
Do you have any old instances of Graylog running?
Also please make sure there are no directories in
/var/lib/graylog-server/journal other than the ones created by
Graylog.
Bernd
On 20 February 2015 at 13:40, Arie satyava...@gmail.com wrote:
And found this to in the output:
Caused by:
I think you have to adjust the node-id setting in your
/etc/graylog/server/server.conf to point to the new directory.
(/etc/graylog/server/)
Bernd
On 20 February 2015 at 13:51, Arie satyava...@gmail.com wrote:
Problem solved partially.
graylog seems to rely on an old directory as mentioned
Hi everyone,
we just released the third release candidate of Graylog v1.0. (1.0.0-rc.3)
Changes since 1.0.0-rc.2:
- Fixed compatibility with MongoDB version 2.2. SERVER#941
- Fixed performance regression in process buffer handling. SERVER#944
- Fixed data type for the max_size_per_index config
Hey everybody,
we just released two bug fix releases of Graylog2.
Please find all information about the changes in the release
announcement:
http://www.graylog2.org/news/post/0006-two-new-graylog2-releases
Thanks,
Bernd (In the name of the whole Graylog2 team)
--
Developer
Tel.: +49 (0)40
Hey Denny,
Denny Gebel [Wed, Jul 30, 2014 at 03:07:49AM -0700] wrote:
is it possible do update my current instance of graylog2 (0.20.1) directly
to 0.20.6 without losing any data/configuration?
Is there anything I have to be aware of?
Yes, there should be no problems doing that.
If you use
Hey Ankit,
Ankit Mittal [Sat, Jul 19, 2014 at 05:35:34AM -0700] wrote:
I report a issue few days ago. That we are getting messages of second
stream in mail alert for stream first.if the
is this issue #628 or some earlier one?
Please let me know if the above issue is resolved or not.
Issue
Hey everybody,
a new bug fix release, Graylog2 v0.20.6, has been released.
This server release includes a fix for a notification problem for deleted
streams, a resource leak fix as well as some better defaults for AMQP
inputs.
For the web interface this release fixes a XSS vulnerability in the
Hey Cornelius,
cornelius.r...@gmail.com [Thu, Jul 03, 2014 at 09:12:48AM -0700] wrote:
2014-07-03 18:04:39,251 WARN :
org.graylog2.periodical.IndexerClusterCheckerThread - Indexer node
graylog2-server-itu open file limit is too low: [-1]. Set it to at least
64000.
Where does -1 come from?
I
Hey Robert,
Robert Logan [Fri, Jul 04, 2014 at 02:19:31AM -0700] wrote:
Fired this up today on two systems 0.20.4 server and web, both show the
same error on any search, coming from the application.log of the web
interface:
[...]
Caused by: java.lang.RuntimeException: No highlight ranges for
50 matches
Mail list logo