Dear, my OUTPUT is too slow so the journal of my Graylog is increasing time
after time.
How can I speed up the OUTPUT in order to make it faster than the INPUT
always??
Thanks a lot,
Roberto
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
Dear, I'm using Graylog 1.3 with CPU x 10, RAM x 40GB and HD x 1.5 TB.
The input is about 4500 logs/second.
Today I have received this warning:
Journal utilization is too hig
Journal utilization is too high and may go over the limit soon. Please
verify that your Elasticsearch cluster is
People, I have a Graylog 1.3 server in just one Linux box (Debian 8), so I
mean I have one Elasticsearch node.
Nowadays I'm receiveing about 4000/6000 logs/second. I had to increase the
memory heap size of JVM, and used CPU x 10 and RAM x 40GB and after that
everything seems OK, because I
Dear Jochen, I'm using this Graylog version on a Debian 8 server:
graylog-server 1.3.3-1 all
Graylog server
graylog-web 1.3.3-1 all
Graylog web
My indices configuration in
Hi people, I have Graylog 1.3 as my syslog server. I have setup the
following strategy:
10 indices
3 days for indice
delete and not close
total: 30 days of data
I want to backup the indices to a Networker EMC server, but all the indices
I have in the Graylog web interface are not closed.
Can
Dear, I have GRaylog 1.3 and I setup a /var partition of 1.5 TB.
I define 10 indexes of 3 days each, and every index is deleted after that.
In despite of this strategy, the /var partition of Graylog server always
increases and when it reaches 95% aprox, the Graylog stop logging.
What can I do
Sorry, I've read that Graylog 1.3 is not compatible with Elasticsearch 2.x.
So I've installed Elasticsearch 1.7.5 and everything is OK.
Regards,
El jueves, 18 de febrero de 2016, 11:50:14 (UTC-3), roberto...@gmail.com
escribió:
>
> Dear, I've installed a syslog server with the last versions of
Dear, I have Graylog 1.2 but right now I have a lot of incoming messages
but no outgoing messages at all, so my journal space is increasing a lot:
*Processing 1500 incoming and 0 outgoing msg/s. 1,877,835 unprocessed
messages*
I can see just this error or warning:
*Elasticsearch cluster is
Dear, Ia have Graylog 1.2 with just one Elasticsearch node. I receive lots
of logs from different devices. After a pair of hours, I often notice that
incoming messages are higher than outgoing messages, and so the journal is
fullfilled and the message processing mechanism stops, and I have to
Dear, I have a Graylog 1.2 server which receives lot of messages per
seconds. I need to have a rotation strategy in order to mantain 6 months of
logs, and after that time the indexes will be deleted.
I think I have to add this lines to the /etc/graylog/server/server.conf
file:
Dear, I have Graylog 1.1 and today I have to remove all the files under
/var/lib/graylog-server/journal/.
I remove all the files without stopping any service (elasticsearch,
graylog-web and graylog-server).
After that, I reboot the server but the graylog-server doesn't start at
all, and I can
Dear, I've read the link about ASA's remote logging but it's the same I've
done.
The problem is that lot of ASA logs come to my Graylog server, I see them
with tcpdump, but just a little part of them are displayed on the web
interfaceIs it possible that all the logs arent't displayed but
From tcpdump I get lines like these, and I can see ICMP unreachable
messages but from Graylog to Cisco ASA I think they're not relevant:
10:22:44.814404 IP Cisco-ASA.syslog GRAYLOG.syslog: SYSLOG
local4.warning, length: 166
10:22:44.814445 IP GRAYLOG Cisco-ASA: ICMP GRAYLOG udp port syslog
Dear, I have Graylog 1.0.1 installed in a Debian Wheezy box. Everything
works OK, except the Cisco ASA incoming logs.
When I'm in Graylog terminal, I execute tcpdump pointing to Cisco ASA IP,
and I can see a lot of incoming logsbut when I'm in the Graylog web
interface, and choose the
In the /etc/init.d/graylog-server file I add the line:
/bin/sleep 20
and the graylog-server service starts perfectly.
Maybe graylog-server has to wait more time for any condition I don't know???
Regards,
Roberto
El jueves, 16 de abril de 2015, 10:46:06 (UTC-3), roberto...@gmail.com
Dear, I've installed Graylog 1.0.1. Elasticsearch and graylog-web start
automatically but graylog-server doesn't.
I edit /etc/rc.local with:
/etc/init.d/graylog-server start
but after reboot the graylog-server is stopped.
The only way to start the service is executing manually from terminal:
Dear, I've installed the current versions of Graylog and Elasticsearch:
graylog-server 1.0.1-1 / graylog-web 1.0.1-1 / graylog2-stream-dashboard
0.90.0-1 /elasticsearch 1.5.1
My server is Debian Wheezy, with 2 processors and 20 GB RAM (now I have 15
GB free).
Everything works OK, but because
Dear, I have Graylog as my syslog server with these packages:
graylog2-server 0.20.6-1
graylog2-stream-dashboard 0.90.0-1
graylog2-web 0.20.6-1
In /etc/init.d/elasticsearch, I also add:
*ES_MIN_MEM=2g*
Bernd, I've created a Raw INPUT as you said but after that all the sources
from Windows servers are bad.
So maybe I can correct de Cisco servers logs but I buy a new problem with
my Windows servers.
Is there any universal solution ? Maybe like Alejandro says, installing
just a syslog-ng for
Bernd, thanks a lot for your help...
Now I understand what you tell me, but just a comment:
When I created the new Syslog UDP INPUT, I chek the rDNS resolution
option. Because a don't have configured an internal DNS for reverse
resolution in my Graylog server, the source fields now are just
Dear, I have a Graylog2 version 0.20.6 as our syslog server of our company.
I defined an INPUT Syslog UDP running on port UDP/10514, and after that
we point several Windows and Linux servers to the Graylog2 with no problems.
But in the case of the Cisco ASA firewalls, we have a problem because
Dear, I have Graylog 0.20.6.
I receive logs from Linux and Windows servers very well, but my problem is
with Cisco ASA logs, in the source field I receive something like this and
not IP or hostname:
Source: %ASA-6-100881
Source: %link-up-1
etc.
What can I do in order to convert these
22 matches
Mail list logo
