Personally I changed all the references to graylog in the conf files back
to graylog2, and so far no issues with that stuff. All my indices came back
as expected.
On Thursday, May 12, 2016 at 11:52:22 PM UTC-7, kaiser wrote:
>
> Hello,
>
> I have updated graylog with current version 2.0
>
>
, but
prevents one from changing various inputs/settings or deleting indices. I
think we need a third superuser account type. I have seen similar feedback
from others here.
What to do?
On Thursday, May 12, 2016 at 3:50:28 PM UTC-7, Mark Moorcroft wrote:
>
>
> I'm having a similar issue. I ha
I'm having a similar issue. I have things to a point where neither instance
sees more than one "node". Both are seeing the elasticsearch indicies (one
local, one not). The master node seems mostly operational. I set up a
"slave" node for only one reason. The Graylog user levels made it
ALL messages are relevant to every user. And unless I don't have a firm
grasp of Streams, I found that option unacceptable. So I set up a second VM
with full search but no way to mess with the archived data or delete inputs
by mistake.
On Tuesday, June 16, 2015 at 1:18:53 AM UTC-7, Jochen
:50 UTC+2, Mark Moorcroft wrote:
I asked this back in April and I'm still looking for an answer.
I have a protected VM running graylog/mongo/elastic, and all of our
actual graylog usage takes place on a slave VM due to the way user accounts
work.
My question is about the slave graylog log
I asked this back in April and I'm still looking for an answer.
I have a protected VM running graylog/mongo/elastic, and all of our actual
graylog usage takes place on a slave VM due to the way user accounts work.
My question is about the slave graylog log events. They all show Received
by
When I did the 1.1.0 update it was essentially unusable. 1.1.1 at least
eliminated the null pointer errors in search but I couldn't figure out how
to see any detail on log entries. After installing 1.1.2 I am frankly
WOW'ed by the new interface now that it actually seems to be working. Kudos
please update to 1.1.1 and check if your problems are solved?
Bernd
Mark Moorcroft [Fri, Jun 05, 2015 at 04:13:52PM -0700] wrote:
BTW and FWIW I am running the Oracle 8U45 JRE on both servers. In case
that
matters.
On Thursday, June 4, 2015 at 8:42:08 PM UTC-7, Mark Moorcroft
common frames omitted
On Thursday, June 4, 2015 at 8:42:08 PM UTC-7, Mark Moorcroft wrote:
I yum updated both of my CentOS6 graylog servers to 1.1. The primary
server where all the ES indexes reside seemed to have worked no problem.
The second one that connects to the 1st seems to work perfectly
have no choice but to have some sort of local input now? So I guess the
question is, what is the best throw-away input to have, since there is no
reason for it to exist?
On Thursday, June 4, 2015 at 8:42:08 PM UTC-7, Mark Moorcroft wrote:
I yum updated both of my CentOS6 graylog servers to 1.1
Interestingly, if I increase the sleep period between random http messages
I still get the null pointer exception. I'm at 3000 milliseconds now and
I'm still getting the Oops.
On Friday, June 5, 2015 at 12:03:29 PM UTC-7, Mark Moorcroft wrote:
So the problem was that the only local input
statistics about the remote index values. I see details about the
remote index size in Indices. Nodes mentions only the local index. Sources
shows me info about all sources in the remote index.
On Thursday, June 4, 2015 at 8:42:08 PM UTC-7, Mark Moorcroft wrote:
I yum updated both of my CentOS6
$PromiseCompletingRunnable.run(Future.scala:24)
~[org.scala-lang.scala-library-2.10.4.jar:na]
... 6 common frames omitted
On Thursday, June 4, 2015 at 8:42:08 PM UTC-7, Mark Moorcroft wrote:
I yum updated both of my CentOS6 graylog servers to 1.1. The primary
server where all the ES indexes reside seemed to have
BTW and FWIW I am running the Oracle 8U45 JRE on both servers. In case that
matters.
On Thursday, June 4, 2015 at 8:42:08 PM UTC-7, Mark Moorcroft wrote:
I yum updated both of my CentOS6 graylog servers to 1.1. The primary
server where all the ES indexes reside seemed to have worked
I yum updated both of my CentOS6 graylog servers to 1.1. The primary server
where all the ES indexes reside seemed to have worked no problem. The
second one that connects to the 1st seems to work perfectly in every way,
BUT any attempt to Search results in the Oops message. I see no errors in
FWIW my solution to this was to create a second graylog virtual machine
where all users are admin level. The second instance uses the elasticsearch
index of the primary. This gives users full search ability without any way
to go deleting the inputs by mistake. So far it appears to be a
This morning I was seeing bunches of errors in the server.log. I think I
tracked them to a syslog/tcp input. My rsyslog entry on the client is as
follows.
# Graylog
$template GRAYLOGRFC5424,%PRI%%PROTOCOL-VERSION%
%TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID%
doesn't.
On Friday, May 1, 2015 at 4:29:49 PM UTC-7, Mark Moorcroft wrote:
This morning I was seeing bunches of errors in the server.log. I think I
tracked them to a syslog/tcp input. My rsyslog entry on the client is as
follows.
--
You received this message because you are subscribed
-server
update.
On Friday, May 1, 2015 at 4:29:49 PM UTC-7, Mark Moorcroft wrote:
This morning I was seeing bunches of errors in the server.log. I think I
tracked them to a syslog/tcp input. My rsyslog entry on the client is as
follows.
# Graylog
$template GRAYLOGRFC5424,%PRI%%PROTOCOL
So this is an undocumented (as of yet) method to have graylog filter an
input as it feeds the elasticsearch index? If I do a search on the graylog
site for drool I get nothing.
On Thursday, April 30, 2015 at 10:43:38 PM UTC-7, temo tsurtsumia wrote:
import org.graylog2.plugin.Message
rule
I asked a similar question recently (title Exclude strategy), but I never
got any reply.
On Thursday, April 30, 2015 at 12:59:21 PM UTC-7, temo tsurtsumia wrote:
How to apply simply blacklist rules for dropping unnecessary messages
--
You received this message because you are subscribed
I have graylog/mongo/elastic installed via repo (RPM) on CentOS6. What I'm
seeing is any time I reboot the VM graylog-server fails to start. It seems
it tries to start up before elasticsearch has a chance to stabilize,
because if I service graylog-server restart later it will work. The problem
I'm wondering if anyone can suggest a strategy for eliminating certain
classes of collected logged events. In particular I have 3 compute
clusters. Each one does NAT DHCP for the compute nodes. I prefer that the
head nodes continue to collect logged compute node traffic, but I have no
need to
The elasticsearch wisdom seems to be to use the Oracle JRE. But has anyone
figured out how to keep the Oracle JRE updated on a standalone elastic
server that never runs a browser. I can't seem to find any documentation
about this. And I can't find any reference to a java command that checks
of the time, as it increases the
garbage collection time. What are you trying to achieve with this?
Cheers,
Jochen
On Thursday, 16 April 2015 00:06:03 UTC+2, Mark Moorcroft wrote:
From my kickstart:
sed -i -e 's/-Xms1g -Xmx1g -XX:NewRatio=1 -XX:PermSize=128m
-XX:MaxPermSize=256m -server
This is probably a dumb newb question, but at this moment it's not obvious
to me. If I have a saved search like:
dropping event AND queue is full
Is it possible to see the list of Sources with the number of logged
events per source ONLY, instead of 10 pages of results? I guess you could
Not exactly a Graylog issue, but yum update elasticsearch seems to fail
entirely. It simply never finds any updates. I never noticed until just
now. I updated the repo file to the 1.5 series, and it still found no
updates pending. Finally I just downloaded the 1.4.4 and 1.5.1 RPM's and
rpm
When I initially set out to replace free Splunk with Graylog the
requirements were as follows:
Create a central log collector with write access granted to only one person
(non-tech manager) for compliance and forensics. The collected data
includes about 8 CentOS boxes sending auditd and
and secondary graylog VM's:
# we don't want the graylog2 server to store any data, or be master node
elasticsearch_node_master = false
elasticsearch_node_data = false
On Monday, March 30, 2015 at 12:15:39 PM UTC-7, Mark Moorcroft wrote:
Initially I set up 2 completely separate Graylog VM's
to the graylog interface isn't
used, the more memory I give it, the more it will use.
Also, I switched from OpenJDK to Oracle today. It complains that
-XX:PermSize=128m -XX:MaxPermSize=256m from /etc/sysconfig/graylog-server
are no longer supported.
On Wednesday, March 25, 2015 at 7:31:38 PM UTC-7, Mark
078
TORCH GmbH - A Graylog company
Steckelhörn 11
20457 Hamburg
Germany
Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)
On 26 Mar 2015, at 01:28, Mark Moorcroft plak...@gmail.com wrote:
Nice...
BTW, I have been getting
, but that index is totally empty. The default
dynamically named index is filling, and I have increased the heap size
there in /etc/sysconfig/elasticsearch. So the web interface is showing me
status on the unused index (node).
On Wednesday, March 25, 2015 at 7:31:38 PM UTC-7, Mark Moorcroft wrote
In looking at trying to increase the heap size today after a general
overhaul of our logging system I was reminded about a few things I never
seemed to get answers to in the past. Some of these statements are in fact
questions.
Setting mlockall in elasticsearch apparently does NOT set it for
Nice...
BTW, I have been getting This exception has been logged with id
6libgij97. quite a bit today when I click on the nodes link. This is
happening on both of my graylog servers.
On Monday, March 16, 2015 at 8:00:44 AM UTC-7, Jochen Schalanda wrote:
Hi,
I'm delighted to announce the
:+CMSClassUnloadingEnabled-XX:+UseParNewGC
-XX:-OmitStackTraceInFastThrow
But this at least seems to give you double the heap space. It's still not
obvious how you should set mlockall. Or if I should even try.
On Wednesday, March 25, 2015 at 7:31:38 PM UTC-7, Mark Moorcroft wrote:
In looking at trying to increase
It still says 1.0.0 for graylog-web at the bottom of the interface despite
yum reporting 1.0.1.
FYI
On Monday, March 16, 2015 at 8:00:44 AM UTC-7, Jochen Schalanda wrote:
Hi,
I'm delighted to announce the release of Graylog 1.0.1 into the wild. This
is purely a bug-fix release and
How long until I can yum update?
On Monday, December 1, 2014 1:58:12 AM UTC-8, Jochen Schalanda wrote:
Hi everyone,
after an extended beta and release candidate phase we just released
Graylog2 0.92.0.
--
You received this message because you are subscribed to the Google Groups
.noarch
Then you can add the new one:
rpm -Uvh
https://packages.graylog2.org/repo/packages/graylog2-0.92-repository-el6_latest.rpm
Finally, yum update graylog2-server
On Wednesday, December 3, 2014 9:07:13 PM UTC-5, Mark Moorcroft wrote:
How long until I can yum update?
On Monday
messages to
the instance users can run searches on.
If you were sending the log messages to both Graylog2 instances directly,
you would need to set up filters and extractors on both of them and keep
them in sync.
Cheers,
Jochen
Am Mittwoch, 12. November 2014 22:06:48 UTC+1 schrieb Mark
Question for the room:
If I have a need to provide a LOCKED down graylog server for compliance,
and second one that someone can actually use to do searches and monitor our
systems. Is it considered a best practice to mirror the outputs from all of
the systems to two nearly identical VM's? We
Thanks, in my haste I had failed to single quote the input. And changing
the password allowed me to get away without doing so. Obviously PEBKAC
though, and not a bug.
Apologies
On Friday, November 7, 2014 1:19:53 AM UTC-8, Jochen Schalanda wrote:
Hi Mark,
I just tried to reproduce this
Generally true, but when you are setting something up to hand off to a
manager the game changes. So I just use a long random hash that he can
store in case it's needed some day.
On Fri, Nov 7, 2014 at 1:19 AM, Jochen Schalanda joc...@torch.sh wrote:
The password for the authentication against
I am in the process of resetting all the passwords on our graylog server to
hand over to the system owner. My old password works with the shasum
instructions provided, but the new 14 character random one fails every
time. Both the old and the new have special characters, but the new one
will
Looks like you can't use $.
On Thursday, November 6, 2014 1:40:01 PM UTC-8, Mark Moorcroft wrote:
I am in the process of resetting all the passwords on our graylog server
to hand over to the system owner. My old password works with the shasum
instructions provided, but the new 14
I had a dollar in the password itself. Since removing the dollar I have it
working. Now I get to go back and change it in mongo and other places :-(
On Thu, Nov 6, 2014 at 2:03 PM, Jochen Schalanda joc...@schalanda.name
wrote:
Hi Mark
On 06.11.2014 22:46, Mark Moorcroft wrote:
Looks like
You have to be an admin to configure or save a dashboard. There seems to be
no way to have control of the search without having access to disable or
remove inputs. It makes no sense to me at all.
On Monday, November 3, 2014 2:15:46 PM UTC-8, Mave Zero wrote:
Hello, we are looking into how we
OK, disregard, I will be reporting to the backuppc forum since it appears
any file in /var/log may abort the process. If I filter out /var/log I get
success.
On Tuesday, October 21, 2014 1:57:46 PM UTC-7, Mark Moorcroft wrote:
I am just now discovering that I can't rsync backup my
I rebooted my graylog2 box today and now I get the following:
[root@graylog ~]# service graylog2-server start
Starting graylog2-server: [ OK ]
[root@graylog ~]# Exception in thread main java.lang.AssertionError: data
were read beyond record size, check your
Thanks, I reverted my VM image and solved it that way.
On Wednesday, October 22, 2014 3:58:50 PM UTC-7, lennart wrote:
Hey Mark,
can you post those Java errors/stacktraces?
Thanks,
Lennart
On Thu, Oct 23, 2014 at 12:10 AM, Mark Moorcroft pla...@gmail.com
javascript: wrote:
I
Amen, I agree 100%.
On Monday, July 28, 2014 11:44:44 PM UTC-7, Dennis Brouwer wrote:
Hi All,
We are seriously looking into Graylog but for archiving purposes we would
like to export the logging in Graylog back to normal Syslog format so we
can GZIP it (we need to save logging for a
Running the repo RPM version of GL2 from yesterday.
I finally got around to adding our non-admin accounts in GL. When you log
in there is no “Search” function anywhere to be found. And if you enter a
search URL:
I have wondered that myself.
On Friday, August 22, 2014 7:48:33 AM UTC-7, Foobar Geez wrote:
A few questions:
- What is the typical release cycle or how soon GL2 typically supports new
Elasticsearch versions? I see from GL2 release notes that it supports
v0.90 of Elasticsearch and the
All CentOS here.
On Tue, Aug 26, 2014 at 11:05 AM, Lennart Koopmann lenn...@torch.sh wrote:
Another think to look at when on Ubuntu:
http://manpages.ubuntu.com/manpages/hardy/man1/authbind.1.html
On Tue, Aug 26, 2014 at 8:02 PM, Mark Moorcroft plak...@gmail.com wrote:
I have read
53 matches
Mail list logo