I'm not an employee of graylog. This falls into the realm of nxlog and not
Graylog. You will have to post on nxlog's forums for an answer. While I'm
not the best at this. Your Route looks interesting to me you have listed
and I used (as a lot of other configs I have seen as
well as mine).
> I'm going to continue pursing how to do that because it would be useful
> just to have both source and destination fields.
>
> On Monday, November 21, 2016 at 11:31:35 AM UTC-5, Jamie P wrote:
>>
>> Oh after reading what you said further, no I did not. I just kept t
Oh after reading what you said further, no I did not. I just kept that in
the "message field" The only thing that is extracted IP wise is the IP of
the firewall itself that's sending the log under the "source" field.
On Monday, November 21, 2016 at 11:27:59 AM UTC-5
along with any attachments, from your
> computer.
>
>
> 1301 Riverplace Blvd
> Suite 2300
> Jacksonville, FL 32207
>
>
>
> On Fri, Nov 18, 2016 at 3:08 PM, Jamie P > wrote:
>
>> Hey David,
>>
>> I used this ASA content pack on my graylog insta
oad. Once uploaded select the
content pack and choose "apply content pack". Make sure to send ASA logs
to the input that was created, and see if the logs are "formatted" to meet
your needs.
Jamie P.
On Wednesday, November 16, 2016 at 8:15:04 AM UTC-5, David Coleman wrote:
&
ble "internal logging" in the Graylog OVA
> as described at
> http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html#configuration-commands
> .
>
> Cheers,
> Jochen
>
> On Thursday, 20 October 2016 13:51:38 UTC+2, Jamie P wrote:
>>
>>
When looking at my logs I came across some messages that I havent seen
before that were generated by the Graylog server itself. The numbers after
"factory:" were all different but the messages stayed the same. I was
curious if this is something to be concerned about? Here's a copy of one:
I'm not a developer of Graylog, but the requirements alone for
ElasticSearch removes Raspberry Pi as a host for Graylog. It's the
equivalent of Elephant riding on grasshopper.
On Friday, October 7, 2016 at 3:44:40 AM UTC-4, Dietmar Schurr wrote:
>
> Hello,
>
> I wonder if somebody else tried th
info in manually and then then everything
saved.
On Wednesday, August 31, 2016 at 10:03:17 AM UTC-4, Jamie P wrote:
>
> I followed the instructions provided in the graylog documentation for
> adding an extra hard drive for extra space in the OVA. For some reason now
> after I ha
I followed the instructions provided in the graylog documentation for
adding an extra hard drive for extra space in the OVA. For some reason now
after I have added the space and the OVA shows the space now and everything
the Journal is not processing incoming messages now. I've attached a
scr
:11:49 PM UTC-4, Jamie P wrote:
>
> I have 2 domain controllers using nxlog to forward logs to our graylog
> instance. I am using the exact conf file on both servers. Both servers
> are using the same input on the server (the default appliance gelf input
> that comes with the OVA),
I have 2 domain controllers using nxlog to forward logs to our graylog
instance. I am using the exact conf file on both servers. Both servers
are using the same input on the server (the default appliance gelf input
that comes with the OVA), one domain controller's event logs come through
with
Makes much more sense to me now. Many thanks to the both of you.
On Thursday, August 18, 2016 at 5:40:13 AM UTC-4, Jan Doberstein wrote:
>
> Hej Jamie,
>
> On to my question. I have a graylog server that is only doing graylog and
> mongodb that I spun up from the ova. I have setup two seperate
First off I wanted stay, thanks so much for all the assistance while I have
been working with graylog. Great product and help.
On to my question. I have a graylog server that is only doing graylog and
mongodb that I spun up from the ova. I have setup two seperate ova
instances to be elastic
Thank you very much Marius Sturm
On Tuesday, August 16, 2016 at 2:56:12 PM UTC-4, Jamie P wrote:
>
> Hello. I was wondering, if I had a cluster setup where graylog and
> mongodb is running on one ova, and elasticsearch is running on two other
> boxes, do I just follow the exampl
Take a look at the streams section for your alerts. You can setup criteria
based off a number of factors such as what type of log and then set
conditions on when to alert via email.
On Tuesday, August 16, 2016 at 11:32:24 AM UTC-4, NoRearView wrote:
>
> Hello!
>
> I'm currently working on get
Hello. I was wondering, if I had a cluster setup where graylog and mongodb
is running on one ova, and elasticsearch is running on two other boxes, do
I just follow the example below from the documentation on the master node
(the one with graylog and mongodb installed to it) and will the changes
Also wanted to point out you need to make sure your gpos are set to log the
events and that they are logging successes and failures.
On Monday, August 15, 2016 at 10:31:22 AM UTC-4, Jordan Grondin wrote:
>
> Hello Jamie,
>
> Have you managed to see all the logs of your domain controller?
>
> I fa
I will take a look. That is good to know Linwood, and I appreciate the
response.
Jordan, I am not able to see all the logs yet. I'm getting quite a bit,
but I'm not getting events relating to groups (additions, modifications,
and deletions) and some other stuff. If you managed to fix yours
I don't work for graylog, but I found a content pack that I uploaded into
our graylog instance for our Network Admins and they really liked how their
messages were showing up. It automatically sets up an input with
extractors and I'm not sure if it does a dashboard or not, but take a look.
htt
Are there any corrections that I should make to this config to ensure all
Windows Events from a server are being sent to a graylog instance?
On Wednesday, August 10, 2016 at 3:20:19 PM UTC-4, Jamie P wrote:
>
> I wanted to make sure if the following config would have nxlog send all
> e
I wanted to make sure if the following config would have nxlog send all
event logs on a Windows Server (Domain Controller or otherwise) to a
graylog instance.
## This is a sample configuration file. See the nxlog reference manual
about the
## configuration options. It should be installed locall
report collector status.
>>
>> I appreciate the help that I have gotten already. You guys are great! :)
>>
>>
>>
>> On Wednesday, July 27, 2016 at 4:04:52 PM UTC-4, Jamie P wrote:
>>>
>>> Under the generated folder the nxlog.conf file
ram Files
> (x86)\graylog\collector-sidecar\generated\ ?
>
> I recall needing to do that. Check the location collector-sidecar is
> looking for nxlog.conf in in the collector_sidecar.yml file, backends
> section.
>
> John
>
> On Wednesday, July 27, 2016 at 11:54:3
The nxlog_stderr.log file has nothing in it. nxlog_stdout.log shows only 2
lines and both lines are as follows:
2016-07-27 11:44:14 INFO nxlog-ce-2.9.1504 started
2016-07-27 11:51:22 INFO nxlog-ce-2.9.1504 started
On Wednesday, July 27, 2016 at 12:03:03 PM UTC-4, Jamie P wrote:
>
>
Hello,
I installed the sidecar and nxlog on a Windows machine and I am able to
push logs to my graylog instance and see the messages and it continues to
update logs as I log on and off from the server and other things so I know
it's pushing data and I can see it on graylog, but when I go to col
That worked! For some reason I skimmed right over that info. Thanks Jan
and Dietmar.
On Friday, July 1, 2016 at 3:38:43 PM UTC-4, Jamie P wrote:
>
> Hello,
>
> I have been researching on how to expand the hard drive in the OVA. I am
> needing to extend it to 100G from the 2
Hello,
I have been researching on how to expand the hard drive in the OVA. I am
needing to extend it to 100G from the 20G minimum, and I keep running into
brick walls trying to do this. Some of the links that I keep clicking on
go to articles that are no longer on the web. Any direction to a
Yes you are correct in your assumption. Apologies for not clarifying.
Thanks for all the info. I will take all of this into consideration.
Thanks again.
Jamie P.
On Tuesday, June 28, 2016 at 1:56:30 PM UTC-4, Frederic Desjarlais wrote:
>
>
> I'm assuming you're referrin
I have looked this group over and did some Google searches to no avail. My
question is, at what point do you consider using a clustered setup vs. a
single server instance? I know it's based off of how many servers and
devices will be reporting to the server but I can't find any info that
sugg
30 matches
Mail list logo