Hey, here are the details of the system:
I installes de dpkg files like in here on the Ubuntu 16.04 LTS
http://docs.graylog.org/en/2.0/pages/installation/os/ubuntu.html
Everything is running on one single VM Graylog and Elasticsearch.
VMware
1 Virtual Socket
2 Cores
Memory: 8GB RAM
HDD 800
Hey, here are the details of the system:
I installes de dpkg files like in here on the Ubuntu 16.04 LTS
http://docs.graylog.org/en/2.0/pages/installation/os/ubuntu.html
VMware
1 Virtual Socket
2 Cores
Memory: 8GB RAM
HDD 800 GB
root@ATLOG001:/home/ladmin# uname -a
Linux ATLOG001 4.4.0-28-g
Hey my Graylog just stoped processing messages from one input. But the
other Input is still working.
Everything looks finde for me:
I rebooted the Linux machine, Start Stop of the Input and so on. But
without success.
root@ATLOG001:/var/log/graylog-server# top
top - 08:14:49 up 16 min, 1 user,
Or if you have multiple message like this:
Actionnum
0
Content_Length
1436
Content_Type
application/x-compress
Destination_IP
104.96.91.41
facility
local4
level
4
message
1467954342 1 10.244.130.157 104.96.91.41 application/x-compress
10.244.130.157
http://update.nai.com/Products/CommonUpdater/C
Hey,
if I have multiple logs like this:
type=FWD|proto=TCP|srcIF=port7.101|srcIP=10.244.130.102|srcPort=54610|srcMAC=00:00:00:00:00:00|dstIP=104.96.151.235|dstPort=80|dstService=|dstIF=port7.910|rule=|info=Normal
Operation|srcNAT=80.120.142.196|dstNAT=104.96.151.235|duration=0|count=1|receivedB
:c8srcport52064
Is is also possible to remove the first entry?
I don't know why I get this:
BASE10NUM52064
Am Donnerstag, 30. Juni 2016 07:18:30 UTC+2 schrieb Keamas M:
>
> Hey,
>
> I log my firewall logs into Graylog.
>
> The log File looks like this:
>
>
> <
chrieb kaiser:
>>
>> Can you try:
>>
>> srcIP=%{IP:srcip}
>>
>> then
>>
>> scrPort=%{NUMBER:srcport}
>>
>> Is there any error on those patterns?
>>
>> If no errors are displayed can you try:
>> %{GREEDYDATA:UNWANTED}srcIP=
P=%{IP:srcip}\|scrPort=%{NUMBER:srcport}
>
>
>
> Le vendredi 1 juillet 2016 09:19:53 UTC+2, Keamas M a écrit :
>>
>> I also tried it to escape it with the \ and / ans so on... but it does
>> not work.
>> I always geht this message when I press try:
>>
>>
UTC+2 schrieb kaiser:
>
> '|' stands for a logic OR so you have to escape it with '\|'.
>
>
> srcIP=%{IP:srcip}\|scrPort=%{NUMBER:srcport}\|dstIP=%{IP:
> dstip}\|dstPort=%{NUMBER:dstport}
>
> Le jeudi 30 juin 2016 07:18:30 UTC+2, Keamas M a écrit :
>>
Hey,
I log my firewall logs into Graylog.
The log File looks like this:
<14>Jun 27 12:27:30 FW-02 2/C1/WN02/box_Firewall_Activity: Info C-WN02-FW
Detect: type=FWD|proto=TCP|srcIF=port7.101|srcIP=10.244.130.143|
srcPort=52365|srcMAC=00:00:00:00:00:00|dstIP=194.232.104.167|dstPort=80|
dstServi
Hello,
I am new to graylog. I used Splunk before but I reached the space limit of
splunk. Thats why I installed Graylog.
I want to log firewall Logs and create reports and graphs out of this Logs.
- how similar is the Search syntax between Splunk and Graylog? Is it
complicated to migrate t
11 matches
Mail list logo