[graylog2] Re: nxlog issue after some time sending logs properly

2016-07-25 Thread Steve Kuntz 
Switching to TCP helped.

On Monday, July 4, 2016 at 3:25:05 PM UTC-4, Steve Kuntz wrote:
>
> Hello All,
>
> I'm running the following on CentOS and am having issues with nxlog.
>
> collector-sidecar-0.0.8-1.x86_64 (Centos 6.5)
> nxlog-ce-2.9.1504-1.x86_64 (Centos 6.5)
> graylog-server-2.0.3-1.noarch (CentOS 7.2)
>
> When it start up it seems to work fine, then I get the error below. After 
> this it doesn't work until I restart the collector-sidecar (which restart 
> the nxlog). I'm not sure if it is time based or triggered by a log entry. I 
> have other servers connecting to this graylog server so I don't think there 
> are any connection issues. Any help would be appreciated.
>
> ERROR ### ASSERTION FAILED at line 52 in xm_gelf.c/xm_gelf_writer_udp(): 
> "deflate(, Z_FINISH) == Z_STREAM_END" ###
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/42ed6271-773f-47d0-906a-8e6268f2c934%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: mongod process using over 100% CPU slowing down graylog

2016-07-25 Thread Ariel Godinez 
Hello Jochen,

I am using WiredTiger and am not seeing any unusual messages in the 
mongod.log file, even when the mongod CPU usage spikes. Below are the top 
five collections in the graylog db, the sizes (in bytes) don't seem out of 
this world (to me atleast).

  
{ 
"name" : "alarmcallbackhistory",  
"count" : 486,
"size" : 249533   
},
{ 
"name" : "alerts",
"count" : 495,
"size" : 187138   
},
{ 
"name" : "sessions",  
"count" : 40, 
"size" : 31200
},
{ 
"name" : "inputs",
"count" : 8,  
"size" : 20421
},
{ 
"name" : "collector_configurations",  
"count" : 1,  
"size" : 18462
} 
] 

Let me know what you think.

Thanks for help,
Ari


On Monday, July 25, 2016 at 11:20:01 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Ariel,
>
> MongoDB shouldn't need much processing power when being used by Graylog.
>
> Are there any error messages in the logs of your MongoDB nodes? Are there 
> any unusually large collections in the MongoDB database used by Graylog?
>
> Which MongoDB storage engine (MMAPv1, WiredTiger) are you using?
>
>
> Cheers,
> Jochen
>
> On Tuesday, 19 July 2016 21:09:47 UTC+2, Ariel Godinez wrote:
>>
>> Hello,
>>
>> I am running the single node setup below:
>>
>> Graylog 2.0.3
>> MongoDB 3.2.7
>> Elasticsearch 2.3.3 
>> Red Hat Enterprise Linux Server 6.5
>> Java 8 
>> NXlog and Graylog Collector Sidecar for reading from local logs 
>>
>> On average graylog is reading about 50 logs per second. MongoDB is not 
>> being used for any other services other than graylog. Yet, occasionally I 
>> notice that the system is hanging and proceed to do a  *$top *where I 
>> see that the mongod process is consuming well over 100% CPU. I'm wondering 
>> if the load is just to heavy or if there is something wrong with my setup 
>> that is causing mongod to overload. 
>>
>> I am not seeing any warnings or errors in the graylog server logs or in 
>> the mongod.log file when I look after a slowdown has occurred. Any advice 
>> on how to further investigate would be much appreciated. 
>>
>> Thanks,
>> Ari
>>
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3f529b1d-8cb4-424f-89c4-009b736991c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Requesting help with setting up ssl with graylog 2.0.2. Error in getting pkcs5.pem key properly

2016-07-25 Thread ironmanmk42 
Env: 
graylog 2.0.2  / elasticsearch 2.3.2 
RHEL 6.8

So I have followed the graylog https setup  here 
http://docs.graylog.org/en/latest/pages/configuration/https.html and 
followed along to create a keystore, creating a self-signed cert and 
converting it to PKCS5 and exporting it out to a cert and key in use for 
graylog-server.

However, the issue faced is that the final key step is generating a file 
which looks invalid, presumably because the interim pkcs5 key step is not 
working. Can someone point me to what mistake I'm making and how to fix it? 

On side topic, I'm using haproxy load balancer with ssl pass through. 
((using it with ssl termination on load balancer failed as Firefox, Chrome 
etc. all complain about mixed content and I get the "
Server currently unavailable

We are experiencing problems connecting to the Graylog server running on... 
"

error


So I think I can only get proper ssl working if I do ssl end to end via ssl 
passthrough on load balancer. 

))


Here's the log of steps followed - 

create keystore for graylog - gen key and import into a new keystore
01. keytool -genkey -alias graylog-web01 -keyalg RSA -keysize 2048 
-validity 1000 -dname "CN=graylog-web01" -keystore 
graylog-web01KeyStore.p12 -storepass  -storetype pkcs12 

02. keytool -importkeystore -deststorepass "" -destkeypass "" 
-destkeystore graylog.keystore -srckeystore graylog-web01KeyStore.p12 
-srcstoretype PKCS12 -srcstorepass "" -alias graylog-web01

  
 create a self signed cert 
03. openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout 
pkcs5-plain.pem -out cert.pem

  convert key to pkcs8 format 
04. openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem

  convert keystore above to PKCS12 format so openssl can work with it
05. keytool -importkeystore -srckeystore  graylog-web01.keystore 
-destkeystore keystore.p12 -deststoretype PKCS12

 get the cert to use
06. openssl pkcs12 -in keystore.p12 -nokeys -out graylog-certificate.pem
 
 cat graylog-certificate.pem 
Bag Attributes
friendlyName: CN=graylog-web01
localKeyID: 54 69 6E 66 20 31 34 36 39 34 36 37 35 37 39 33 32 30 
subject=/CN=graylog-web01
issuer=/CN=graylog-web01
-BEGIN CERTIFICATE-

  get the key to use
07. openssl pkcs12 -in keystore.p12 -nocerts -out graylog-pkcs5.pem

   This is where the issue is - the pkcs5 key file doesn't seem to contain 
the actual key. I was expecting to see "BEGIN PRIVATE KEY" line in 
the file below 

cat graylog-pkcs5.pem

Bag Attributes
friendlyName: graylog2
localKeyID: 54 69 6E 66 20 31 34 36 39 34 36 38 35 35 32 30 33 36 
Key Attributes: 

but the file ends right there above at "Key Attributes" line. 

 
08. Consequently, this fails - 
openssl pkcs8 -in graylog-pkcs5.pem -topk8 -out graylog-key.pem
unable to load key
140626096863048:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

09. I understand that after this step 08 works above I still need to 


cp -a "${JAVA_HOME}/jre/lib/security/cacerts" /path/to/cacerts.jks
keytool -importcert -keystore /path/to/cacerts.jks -storepass changeit -alias 
graylog-self-signed -file cert.pem

to import this into the local JVM Trust store and point to it by adding these 
to the graylog-server GRAYLOG_SERVER_ARGS in /etc/sysconfig/graylog-server
(or JAVA_OPTS in /etc/init.d/graylog-server)

GRAYLOG_SERVER_ARGS="-Djavax.net.ssl.trustStore=/path/to/cacerts.jks 
-Djavax.net.ssl.trustStorePassword=secret"

and then restart graylog-server and it will be SSL ready. 


Where is the error happening? Does anyone have a straightforward list of 
steps to follow to get this working?

I have 2 graylog-web front ends in a cluster so I'm assuming in step 09 
above I need to add the cert from both graylog-web servers. 

Thanks, 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b206e420-7c6b-4d1f-bd1d-df6f091e279e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Web UI Output Indicator Bug (perhaps?)

2016-07-25 Thread Ryan Gelston 
Hello Graylog Users,

I recently set up an instance of Graylog on an EC2 instance. I've modified 
the conf file to set up admin accounts, port bindings for the web UI and 
REST API, mongodb, elasticsearch, and email alerts. 

I notice that when I send Graylog a GELF log over UDP, it shows in the UI 
that it's reviving a message as input and sending one as output, or rather 
the traffic indicator in the top right of the Graylog UI reads 'In 1 / Out 
1 msg/s'. No outputs have been created, so I see no reason why it displays 
that it's outputting a message.

Any suggestions as to why it's doing this or what I could do to help 
diagnose it. 

Thank you,
Ryan Gelston

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8e1f4080-de6d-47dd-8fe0-22592735bd86%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Extract multiple parts of the message in to one field

2016-07-25 Thread Steve Kuntz 
For anyone who was wondering how to do this, I was able to do it with a 
"Replace with regular expression" Extractor

On Friday, July 8, 2016 at 9:09:19 AM UTC-4, Steve Kuntz wrote:
>
> Hi,
>
> I have a message like below and I would like to extract the 
> lat=111=222 into a single field that I use the geolocation world map 
> on like 111,222. I've tried pipelines but have been unsuccessful trying to 
> concatenate the 2 together into a single field. Would a drool be required? 
> Anyone have any suggestions on how to do this another way?
>
> 2016-07-08 13:01:54 W3SVC1  10.10.205.166 GET 
> /api/searchv2/get.html 
> lat=42.8901=-79.1545=23.0=6a5fca84-e349-43e2-9e3d-dc6c700169cf=80049289624172739820731487445857674393=1467982916625=f8dbb865-35de-4d38-8707-b44ae7bf2e9f=f=ANDROID=HARDWARE_ANDROID_AD_ID
>  
> 443 - 104.224.105.37 HTTP/1.1 
> Dalvik/2.1.0+(Linux;+U;+Android+5.0.1;+SGH-I337M+Build/LRX22C) - -  
> 200 0 0 273 435 578
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dfd41ff0-2f43-4f4c-b9b7-778a031f4f21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] When to scale resources for Graylog???

2016-07-25 Thread robertocarna36 
People, I have a Graylog 1.3 server in just one Linux box (Debian 8), so I 
mean I have one Elasticsearch node.

Nowadays I'm receiveing about 4000/6000 logs/second. I had to increase the 
memory heap size of JVM, and used CPU x 10  and RAM x 40GB and after that 
everything seems OK, because I have near 200/800 unprocessed messages as 
maximum everytime.

When do you recommend to scale to more Elasticsearch nodes or to have 
diferent MongoDB's or somethinh like that???

Is there a logs/seg threshold meaning I have to scale to a distributed 
architecture???

Thanks a lot!!!

Roberto 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/46b85a17-54fb-4f99-8493-fdfa5add8c77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Disk Journal / Kafka Input / Throttling

2016-07-25 Thread Jochen Schalanda 
Hi Eli,

Graylog should already throttle message consumption from an external Kafka 
broker if processing cannot keep up and the disk journal and the processing 
buffer are running full.

Cheers,
Jochen

On Wednesday, 20 July 2016 04:10:36 UTC+2, Eli Jordan wrote:
>
> Thanks for the clarification Jochen.
>
> Do you know if its possible to throttle the kafka input, so that messages 
> are buffered in kafka rather than in GrayLogs internal journal? Enabling 
> throttling on the input didn't seem to slow down the rate at which messages 
> are consumed. (note: we are running 2.0.3)
>
> On Tuesday, 19 July 2016 22:04:59 UTC+10, Jochen Schalanda wrote:
>>
>> Hi Eli,
>>
>> On Tuesday, 19 July 2016 13:18:49 UTC+2, Eli Jordan wrote:
>>>
>>> My understanding is that the disk journal is just an internal Kafka 
>>> topic. Since we are already using Kafka to buffer messages, this seems 
>>> redundant. (Also, since we are running graylog in docker the journal is 
>>> transient without configuring appropriate docker volumes).
>>>
>>
>> That's not quite correct. Graylog is using the journal implementation 
>> from Apache Kafka internally but it's not a full-fledged Kafka broker, e. 
>> g. the whole Kafka networking stack is missing (it's there for the Kafka 
>> client in the Kafka inputs, of course).
>>
>> Cheers,
>> Jochen
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/be6219d1-27e2-4b10-847f-4b11054babab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: mongod process using over 100% CPU slowing down graylog

2016-07-25 Thread Jochen Schalanda 
Hi Ariel,

MongoDB shouldn't need much processing power when being used by Graylog.

Are there any error messages in the logs of your MongoDB nodes? Are there 
any unusually large collections in the MongoDB database used by Graylog?

Which MongoDB storage engine (MMAPv1, WiredTiger) are you using?


Cheers,
Jochen

On Tuesday, 19 July 2016 21:09:47 UTC+2, Ariel Godinez wrote:
>
> Hello,
>
> I am running the single node setup below:
>
> Graylog 2.0.3
> MongoDB 3.2.7
> Elasticsearch 2.3.3 
> Red Hat Enterprise Linux Server 6.5
> Java 8 
> NXlog and Graylog Collector Sidecar for reading from local logs 
>
> On average graylog is reading about 50 logs per second. MongoDB is not 
> being used for any other services other than graylog. Yet, occasionally I 
> notice that the system is hanging and proceed to do a  *$top *where I see 
> that the mongod process is consuming well over 100% CPU. I'm wondering if 
> the load is just to heavy or if there is something wrong with my setup that 
> is causing mongod to overload. 
>
> I am not seeing any warnings or errors in the graylog server logs or in 
> the mongod.log file when I look after a slowdown has occurred. Any advice 
> on how to further investigate would be much appreciated. 
>
> Thanks,
> Ari
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/49af2e8a-a179-466a-ac9c-79682d1fcbf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Several indices from 1 and 2 hours ago

2016-07-25 Thread Jochen Schalanda 
Hi Roberto,

this issue has been fixed in Graylog 
1.3.4: https://github.com/Graylog2/graylog2-server/pull/1693

Cheers,
Jochen

On Monday, 25 July 2016 17:00:18 UTC+2, roberto...@gmail.com wrote:
>
> Dear Jochen, I'm using this Graylog version on a Debian 8 server:
>
> graylog-server   1.3.3-1 all   
>Graylog server
> graylog-web  1.3.3-1 all   
>Graylog web
>
> My indices configuration in /etc/graylog/server/server.conf is:
>
> rotation_strategy = time
> elasticsearch_max_time_per_index = 3d
> elasticsearch_max_number_of_indices = 10
> retention_strategy = delete
>
> Please can you tell I'm OK ??? Do you say every time I reboot my server or 
> restart the graylog-server service I could have problems with the indices???
>
> Thanks a lot!!
>
>
> El lunes, 25 de julio de 2016, 11:32:31 (UTC-3), Jochen Schalanda escribió:
>>
>> Hi Roberto,
>>
>> which exact version of Graylog are you using?
>>
>> There were some versions of Graylog which would rotate the indices on 
>> startup if the time-based rotation strategy was being used, even if the 
>> shouldn't be rotated according to their age.
>>
>> Would it be feasible for you to upgrade to Graylog 2.x?
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 25 July 2016 16:22:31 UTC+2, Roberto Carna wrote:
>>>
>>> Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding 
>>> indices, to a new one. This new one Graylog virtual machine started 
>>> with the same indices, and after that I've deleted some of them. 
>>>
>>> But today I was analyzing the Graylog options, and I realized that the 
>>> indices don't respond in accordance to my current configuration: 
>>> "rotates the indices every 3 days and keeps a maximum number of 10 
>>> indices", as follow: 
>>>
>>> Graylog2_90: Contains messages up to a few seconds ago (1.8GiB / 
>>> 4,198,541 messages) 
>>>
>>> Graylog2_89: Contains messages from an hour ago up to in 3 hours 
>>> (2.3GiB / 6,943,219 messages) 
>>>
>>> Graylog2_88:  Contains messages from an hour ago up to in 2 hours 
>>> (307.7MiB / 887,500 messages) 
>>>
>>> Graylog2_87: Contains messages from an hour ago up to in 2 hours 
>>> (823.1MiB / 2,434,500 messages) 
>>>
>>> ... 
>>>
>>> Graylog2_81:  Contains messages from 5 days ago up to 4 days ago 
>>> (27.8GiB / 84,685,427 messages) 
>>>
>>> What can I do in order to have my indices matching the current 
>>> configuration I defined? 
>>>
>>> Thanks a lot, regards. 
>>>
>>> Roberto 
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4919af4d-8834-4f6e-b6f7-dddee4f2f9ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] graylog-collector-sidecar issue

2016-07-25 Thread Marius Sturm 
Dont forget to set the 'apache' tag on the top of the page and press
'Update tags'

On 25 July 2016 at 17:15, Marius Sturm  wrote:

> The defaults are pretty fine for a first test. Create a NXLog Gelf output
> with the IP and port of your Graylog's Gelf Input (typically Graylog's
> server IP and port 12201). Then create a NXLog file input and connect it
> with the output from above by setting the 'Forward to' drop-down. Set the
> right path to the Apache log file. That should be it.
>
> Marius
>
> On 25 July 2016 at 17:09, Tony  wrote:
>
>> Thank you Marius, as I am very newbie on the system can you please, write
>> me the correct GUI entries to configure it?
>> Thanks a lot
>>
>> Tony
>>
>> 2016-07-25 15:46 GMT+01:00 Marius Sturm :
>>
>>> Hi Tony,
>>> you have to create a configuration for the sidecar first. Go to 'Manage
>>> configurations' on the collectors page and set up the needed inputs and
>>> outputs of your nxlog instance.
>>>
>>> Cheers,
>>> Marius
>>>
>>>
>>> On 25 July 2016 at 15:56, Tony  wrote:
>>>
 Hello everybody,
 I would like to send my apache2 log files from a remote server to
 graylog server. Actually I using graylog-collector-sidecar on Debian 7 and
 my configuration files are:

 collectoe_sidecar.yaml---
 erver_url: http://10.5.10.242:12900
 node_id: graylog-collector-sidecar-nagios
 collector_id: file:/etc/graylog/collector-sidecar/collector-id
 log_rotation_time: 86400
 log_max_age: 86400
 tags: apache
 update_interval: 10
 log_path: /var/log/graylog/collector-sidecar
 backends:
 - name: nxlog
   enabled: true
   binary_path: /usr/bin/nxlog
   configuration_path:
 /etc/graylog/collector-sidecar/generated/nxlog.conf
 
 ---nxlog.conf---
 User nxlog
 Group nxlog
 Moduledir /usr/lib/nxlog/modules
 CacheDir /var/spool/collector-sidecar/nxlog
 PidFile /var/run/graylog/collector-sidecar/nxlog.pid
 define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
 LogFile %LOGFILE%
 LogLevel INFO

 
 Module  xm_fileop
 
 When@daily
 Execfile_cycle('%LOGFILE%', 7);
  
 
 ---
 This is the tree output
 /etc/graylog/collector-sidecar$ tree
 .
 ├── collector-id
 ├── collector_sidecar.yml
 └── generated
 └── nxlog.conf

 So now when I try to do graylog-collector-sidecar -c
 /etc/graylog/collector-sidecar/collector_sidecar.yml
 I got this
 INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532
 INFO[] Fetching configurations tagged by: [apache]
 INFO[] Starting collector supervisor
 INFO[] [nxlog] Starting
 INFO[0010] [RequestConfiguration] No configuration found for configured
 tags!
 INFO[0020] [RequestConfiguration] No configuration found for configured
 tags!
 INFO[0030] [RequestConfiguration] No configuration found for configured
 tags!

 But I see the instance in collectors in graylog server.

 Any idea how to fix it?

 Thanks in advance

 Tony

 --
 You received this message because you are subscribed to the Google
 Groups "Graylog Users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to graylog2+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> --
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com 
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Graylog Users" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/graylog2/ZGYlNd2IrO8/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> graylog2+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bc3NvQ0ZKa%2BFJhQJp9tSopmq0E0MGpJsS4n%3D51wRKM6Q%40mail.gmail.com
>>>

Re: [graylog2] graylog-collector-sidecar issue

2016-07-25 Thread Marius Sturm 
The defaults are pretty fine for a first test. Create a NXLog Gelf output
with the IP and port of your Graylog's Gelf Input (typically Graylog's
server IP and port 12201). Then create a NXLog file input and connect it
with the output from above by setting the 'Forward to' drop-down. Set the
right path to the Apache log file. That should be it.

Marius

On 25 July 2016 at 17:09, Tony  wrote:

> Thank you Marius, as I am very newbie on the system can you please, write
> me the correct GUI entries to configure it?
> Thanks a lot
>
> Tony
>
> 2016-07-25 15:46 GMT+01:00 Marius Sturm :
>
>> Hi Tony,
>> you have to create a configuration for the sidecar first. Go to 'Manage
>> configurations' on the collectors page and set up the needed inputs and
>> outputs of your nxlog instance.
>>
>> Cheers,
>> Marius
>>
>>
>> On 25 July 2016 at 15:56, Tony  wrote:
>>
>>> Hello everybody,
>>> I would like to send my apache2 log files from a remote server to
>>> graylog server. Actually I using graylog-collector-sidecar on Debian 7 and
>>> my configuration files are:
>>>
>>> collectoe_sidecar.yaml---
>>> erver_url: http://10.5.10.242:12900
>>> node_id: graylog-collector-sidecar-nagios
>>> collector_id: file:/etc/graylog/collector-sidecar/collector-id
>>> log_rotation_time: 86400
>>> log_max_age: 86400
>>> tags: apache
>>> update_interval: 10
>>> log_path: /var/log/graylog/collector-sidecar
>>> backends:
>>> - name: nxlog
>>>   enabled: true
>>>   binary_path: /usr/bin/nxlog
>>>   configuration_path:
>>> /etc/graylog/collector-sidecar/generated/nxlog.conf
>>> 
>>> ---nxlog.conf---
>>> User nxlog
>>> Group nxlog
>>> Moduledir /usr/lib/nxlog/modules
>>> CacheDir /var/spool/collector-sidecar/nxlog
>>> PidFile /var/run/graylog/collector-sidecar/nxlog.pid
>>> define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
>>> LogFile %LOGFILE%
>>> LogLevel INFO
>>>
>>> 
>>> Module  xm_fileop
>>> 
>>> When@daily
>>> Execfile_cycle('%LOGFILE%', 7);
>>>  
>>> 
>>> ---
>>> This is the tree output
>>> /etc/graylog/collector-sidecar$ tree
>>> .
>>> ├── collector-id
>>> ├── collector_sidecar.yml
>>> └── generated
>>> └── nxlog.conf
>>>
>>> So now when I try to do graylog-collector-sidecar -c
>>> /etc/graylog/collector-sidecar/collector_sidecar.yml
>>> I got this
>>> INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532
>>> INFO[] Fetching configurations tagged by: [apache]
>>> INFO[] Starting collector supervisor
>>> INFO[] [nxlog] Starting
>>> INFO[0010] [RequestConfiguration] No configuration found for configured
>>> tags!
>>> INFO[0020] [RequestConfiguration] No configuration found for configured
>>> tags!
>>> INFO[0030] [RequestConfiguration] No configuration found for configured
>>> tags!
>>>
>>> But I see the instance in collectors in graylog server.
>>>
>>> Any idea how to fix it?
>>>
>>> Thanks in advance
>>>
>>> Tony
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to graylog2+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Developer
>>
>> Tel.: +49 (0)40 609 452 077
>> Fax.: +49 (0)40 609 452 078
>>
>> TORCH GmbH - A Graylog Company
>> Poolstraße 21
>> 20335 Hamburg
>> Germany
>>
>> https://www.graylog.com 
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>> Geschäftsführer: Lennart Koopmann (CEO)
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Graylog Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/graylog2/ZGYlNd2IrO8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bc3NvQ0ZKa%2BFJhQJp9tSopmq0E0MGpJsS4n%3D51wRKM6Q%40mail.gmail.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from

[graylog2] Re: Several indices from 1 and 2 hours ago

2016-07-25 Thread robertocarna36 
Dear Jochen, I'm using this Graylog version on a Debian 8 server:

graylog-server   1.3.3-1 all   
   Graylog server
graylog-web  1.3.3-1 all   
   Graylog web

My indices configuration in /etc/graylog/server/server.conf is:

rotation_strategy = time
elasticsearch_max_time_per_index = 3d
elasticsearch_max_number_of_indices = 10
retention_strategy = delete

Please can you tell I'm OK ??? Do you say every time I reboot my server or 
restart the graylog-server service I could have problems with the indices???

Thanks a lot!!


El lunes, 25 de julio de 2016, 11:32:31 (UTC-3), Jochen Schalanda escribió:
>
> Hi Roberto,
>
> which exact version of Graylog are you using?
>
> There were some versions of Graylog which would rotate the indices on 
> startup if the time-based rotation strategy was being used, even if the 
> shouldn't be rotated according to their age.
>
> Would it be feasible for you to upgrade to Graylog 2.x?
>
> Cheers,
> Jochen
>
> On Monday, 25 July 2016 16:22:31 UTC+2, Roberto Carna wrote:
>>
>> Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding 
>> indices, to a new one. This new one Graylog virtual machine started 
>> with the same indices, and after that I've deleted some of them. 
>>
>> But today I was analyzing the Graylog options, and I realized that the 
>> indices don't respond in accordance to my current configuration: 
>> "rotates the indices every 3 days and keeps a maximum number of 10 
>> indices", as follow: 
>>
>> Graylog2_90: Contains messages up to a few seconds ago (1.8GiB / 
>> 4,198,541 messages) 
>>
>> Graylog2_89: Contains messages from an hour ago up to in 3 hours 
>> (2.3GiB / 6,943,219 messages) 
>>
>> Graylog2_88:  Contains messages from an hour ago up to in 2 hours 
>> (307.7MiB / 887,500 messages) 
>>
>> Graylog2_87: Contains messages from an hour ago up to in 2 hours 
>> (823.1MiB / 2,434,500 messages) 
>>
>> ... 
>>
>> Graylog2_81:  Contains messages from 5 days ago up to 4 days ago 
>> (27.8GiB / 84,685,427 messages) 
>>
>> What can I do in order to have my indices matching the current 
>> configuration I defined? 
>>
>> Thanks a lot, regards. 
>>
>> Roberto 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/eb43727c-8bfa-42ea-b6d6-94e682c49b3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

2016-07-25 Thread Arief Hydayat 
Hi everyone,


First of all I would like to say many thanks for your support. Especially 
Jochen and Marius.
I'm still exploring the Graylog. Just create a simple dashboard so that I 
can see the visual data.

Just wondering, from the Dashboard that I've create is to sort by Level. So 
if I get the Error (Level 2) or Warning (Level 3) or maybe the Critical 
(level 1) message I can see the incremental from the percentage of each.
But somehow how could I can retrieve back all those messages?  Let say from 
the dashboard I can see 7.47% is from Level 3 message, but from the Count 
itself is 54.496 messages.
Do I need to search by query all those messages 1 by 1?



Really appreciate if you guys could explain to me how does it work or maybe 
dashboard able to represent more than I know :-)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c520a46e-63c0-4609-851a-01a9b1dcfd5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] graylog-collector-sidecar issue

2016-07-25 Thread Marius Sturm 
Hi Tony,
you have to create a configuration for the sidecar first. Go to 'Manage
configurations' on the collectors page and set up the needed inputs and
outputs of your nxlog instance.

Cheers,
Marius


On 25 July 2016 at 15:56, Tony  wrote:

> Hello everybody,
> I would like to send my apache2 log files from a remote server to graylog
> server. Actually I using graylog-collector-sidecar on Debian 7 and my
> configuration files are:
>
> collectoe_sidecar.yaml---
> erver_url: http://10.5.10.242:12900
> node_id: graylog-collector-sidecar-nagios
> collector_id: file:/etc/graylog/collector-sidecar/collector-id
> log_rotation_time: 86400
> log_max_age: 86400
> tags: apache
> update_interval: 10
> log_path: /var/log/graylog/collector-sidecar
> backends:
> - name: nxlog
>   enabled: true
>   binary_path: /usr/bin/nxlog
>   configuration_path:
> /etc/graylog/collector-sidecar/generated/nxlog.conf
> 
> ---nxlog.conf---
> User nxlog
> Group nxlog
> Moduledir /usr/lib/nxlog/modules
> CacheDir /var/spool/collector-sidecar/nxlog
> PidFile /var/run/graylog/collector-sidecar/nxlog.pid
> define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
> LogFile %LOGFILE%
> LogLevel INFO
>
> 
> Module  xm_fileop
> 
> When@daily
> Execfile_cycle('%LOGFILE%', 7);
>  
> 
> ---
> This is the tree output
> /etc/graylog/collector-sidecar$ tree
> .
> ├── collector-id
> ├── collector_sidecar.yml
> └── generated
> └── nxlog.conf
>
> So now when I try to do graylog-collector-sidecar -c
> /etc/graylog/collector-sidecar/collector_sidecar.yml
> I got this
> INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532
> INFO[] Fetching configurations tagged by: [apache]
> INFO[] Starting collector supervisor
> INFO[] [nxlog] Starting
> INFO[0010] [RequestConfiguration] No configuration found for configured
> tags!
> INFO[0020] [RequestConfiguration] No configuration found for configured
> tags!
> INFO[0030] [RequestConfiguration] No configuration found for configured
> tags!
>
> But I see the instance in collectors in graylog server.
>
> Any idea how to fix it?
>
> Thanks in advance
>
> Tony
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBb%2Bc3NvQ0ZKa%2BFJhQJp9tSopmq0E0MGpJsS4n%3D51wRKM6Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

2016-07-25 Thread Arief Hydayat 
Hi Jochen,

Thanks for the URLs link. Let me read and understand it.
Seems the first link is great read for newbie like me. :-)

On Mon, Jul 25, 2016 at 9:30 PM, Jochen Schalanda 
wrote:

> Hi Arief,
>
> please refer to
> https://www.elastic.co/de/blog/elasticsearch-storage-the-true-story-2.0
> and
> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/index-modules.html#_static_index_settings
> for details about the Lucene compression codecs and disk space requirements
> for Elasticsearch indices.
>
> Cheers,
> Jochen
>
>
> On Wednesday, 20 July 2016 11:36:06 UTC+2, Arief Hydayat wrote:
>>
>> Hi Jochen,
>>
>> Thank you for your reply. After these 5 days the disk space utilization
>> increase quite high.
>> /dev/dm-0   212G   78G  126G  38% /
>>
>> Seems need to add more disk or just listed server that need to send all
>> those log to the OVA Graylog. What do you think?
>>
>> Anyway regarding to the "how well they can be compressed", by default
>> Graylog will compress the data under each index folder?
>> root@graylog:~# ls -lrt
>> /var/opt/graylog/data/elasticsearch/graylog/nodes/0/indices/graylog_7/0/index/
>> total 1946504
>> -rw--- 1 graylog graylog 0 Jul  8 05:59 write.lock
>> -rw--- 1 graylog graylog974182 Jul 10 16:55 _2pkd.fdx
>> -rw--- 1 graylog graylog 513513754 Jul 10 16:55 _2pkd.fdt
>> -rw--- 1 graylog graylog   5164198 Jul 10 16:58 _2pkd_Lucene50_0.tip
>> -rw--- 1 graylog graylog 404791138 Jul 10 16:58 _2pkd_Lucene50_0.tim
>> -rw--- 1 graylog graylog 590583874 Jul 10 16:58 _2pkd_Lucene50_0.pos
>> -rw--- 1 graylog graylog 436255903 Jul 10 16:58 _2pkd_Lucene50_0.doc
>> -rw--- 1 graylog graylog  3126 Jul 10 16:59 _2pkd_Lucene54_0.dvm
>> -rw--- 1 graylog graylog  31883485 Jul 10 16:59 _2pkd_Lucene54_0.dvd
>> -rw--- 1 graylog graylog98 Jul 10 16:59 _2pkd.nvm
>> -rw--- 1 graylog graylog  1843 Jul 10 16:59 _2pkd.nvd
>> -rw--- 1 graylog graylog  4707 Jul 10 16:59 _2pkd.fnm
>> -rw--- 1 graylog graylog   568 Jul 10 16:59 _2pkd.si
>> -rw--- 1 graylog graylog   230 Jul 14 03:18 segments_35
>>
>> Thank for the tools link. Been check between 30 - 50 messages/sec still
>> consider as High Availability setup :-|
>>
>> On Friday, July 15, 2016 at 4:49:58 PM UTC+8, Jochen Schalanda wrote:
>>>
>>> Hi Arief,
>>>
>>> That's impossible to say and depends on how many log messages those
>>> servers will send, how big they are, and how well they can be compressed.
>>> And of course it depends on how many indices with this number of documents
>>> you need to retain.
>>>
>>> You can get an educated guess about the hardware requirements at
>>> https://www.graylog.org/tools/sizing-estimator, so give it a try.
>>>
>>> Cheers,
>>> Jochen
>>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/lr2ckqnhcVg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/86c4c8a0-0898-46a7-a09b-42608b6f3812%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAHKvR%3DdV0L%3DRGq7ec6wcOwB5_A94F_GGMZ-gdaVqeahQY%2BFy4Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Several indices from 1 and 2 hours ago

2016-07-25 Thread Jochen Schalanda 
Hi Roberto,

which exact version of Graylog are you using?

There were some versions of Graylog which would rotate the indices on 
startup if the time-based rotation strategy was being used, even if the 
shouldn't be rotated according to their age.

Would it be feasible for you to upgrade to Graylog 2.x?

Cheers,
Jochen

On Monday, 25 July 2016 16:22:31 UTC+2, Roberto Carna wrote:
>
> Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding 
> indices, to a new one. This new one Graylog virtual machine started 
> with the same indices, and after that I've deleted some of them. 
>
> But today I was analyzing the Graylog options, and I realized that the 
> indices don't respond in accordance to my current configuration: 
> "rotates the indices every 3 days and keeps a maximum number of 10 
> indices", as follow: 
>
> Graylog2_90: Contains messages up to a few seconds ago (1.8GiB / 
> 4,198,541 messages) 
>
> Graylog2_89: Contains messages from an hour ago up to in 3 hours 
> (2.3GiB / 6,943,219 messages) 
>
> Graylog2_88:  Contains messages from an hour ago up to in 2 hours 
> (307.7MiB / 887,500 messages) 
>
> Graylog2_87: Contains messages from an hour ago up to in 2 hours 
> (823.1MiB / 2,434,500 messages) 
>
> ... 
>
> Graylog2_81:  Contains messages from 5 days ago up to 4 days ago 
> (27.8GiB / 84,685,427 messages) 
>
> What can I do in order to have my indices matching the current 
> configuration I defined? 
>
> Thanks a lot, regards. 
>
> Roberto 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cb675936-8e21-49bf-9c0a-a6b2704947c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Several indices from 1 and 2 hours ago

2016-07-25 Thread Roberto Carna 
Dear, I've cloned a Graylog 1.3 virtual machine with its corresponding
indices, to a new one. This new one Graylog virtual machine started
with the same indices, and after that I've deleted some of them.

But today I was analyzing the Graylog options, and I realized that the
indices don't respond in accordance to my current configuration:
"rotates the indices every 3 days and keeps a maximum number of 10
indices", as follow:

Graylog2_90: Contains messages up to a few seconds ago (1.8GiB /
4,198,541 messages)

Graylog2_89: Contains messages from an hour ago up to in 3 hours
(2.3GiB / 6,943,219 messages)

Graylog2_88:  Contains messages from an hour ago up to in 2 hours
(307.7MiB / 887,500 messages)

Graylog2_87: Contains messages from an hour ago up to in 2 hours
(823.1MiB / 2,434,500 messages)

...

Graylog2_81:  Contains messages from 5 days ago up to 4 days ago
(27.8GiB / 84,685,427 messages)

What can I do in order to have my indices matching the current
configuration I defined?

Thanks a lot, regards.

Roberto

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAG2Qp6s92X8yJx_3%2Bc4QwSa%3DunCEmTAs58nr-aWAd0s37KQTjA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] How to remove Graylog set-external-ip

2016-07-25 Thread Arief Hydayat 
Hi Marius,

Thank for your reply. I did remove the the line that you've mentioned.
Everything working fine thru the internal IP now. Once again thanks a lot.


On Mon, Jul 25, 2016 at 4:25 PM, Marius Sturm  wrote:

> HI,
> you can reset the setting by deleting the line `external_rest_uri...` in
> /etc/graylog/graylog-settings.json. Afterwards run graylog-ctl reconfigure.
>
> Cheers,
> Marius
>
> On 25 July 2016 at 09:41, Arief Hydayat  wrote:
>
>> Hi everyone,
>>
>> Need your help. As I saw in the graylog-ctl script, I found command to
>> bind Graylog server with the external IP:
>>
>> sudo graylog-ctl set-external-ip http[s]://:port/
>>
>> Now I need to remove that setting. How I can do that? Simply by these
>> command?
>>
>> sudo graylog-ctl set-external-ip http[s]://:port/ remove
>>
>> I have tried and run the graylog-ctl reconfigure command but
>> unfortunately I can access the web-interface thru the private IP
>>
>>
>>
>>
>>
>>
>>
>>
>> *Error messageBad requestOriginal RequestPOST http://> IP>:12900/system/sessionsStatus codeundefinedFull error messageError:
>> Request has been terminatedPossible causes: the network is offline, Origin
>> is not allowed by Access-Control-Allow-Origin, the page is being unloaded,
>> etc.*
>>
>> Anyone can help me with these?
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/graylog2/bf3e15c5-085c-4411-9160-e4844fb288f1%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/SNa4GzeQ7NE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/CAMqbBbLdeVhNEU%2BV0URS6Rr8uHFitqAG6ZATrY2-CWPP47E3mA%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAHKvR%3DfpCYwiXybHLd1ZqshQy%3DjGG%2B5Ho42BgghTrxEYHuTkQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog-collector-sidecar issue

2016-07-25 Thread Tony 
Hello everybody,
I would like to send my apache2 log files from a remote server to graylog 
server. Actually I using graylog-collector-sidecar on Debian 7 and my 
configuration files are:

collectoe_sidecar.yaml---
erver_url: http://10.5.10.242:12900
node_id: graylog-collector-sidecar-nagios
collector_id: file:/etc/graylog/collector-sidecar/collector-id
log_rotation_time: 86400
log_max_age: 86400
tags: apache
update_interval: 10
log_path: /var/log/graylog/collector-sidecar
backends:
- name: nxlog
  enabled: true
  binary_path: /usr/bin/nxlog
  configuration_path: 
/etc/graylog/collector-sidecar/generated/nxlog.conf

---nxlog.conf---
User nxlog
Group nxlog
Moduledir /usr/lib/nxlog/modules
CacheDir /var/spool/collector-sidecar/nxlog
PidFile /var/run/graylog/collector-sidecar/nxlog.pid
define LOGFILE /var/log/graylog/collector-sidecar/nxlog.log
LogFile %LOGFILE%
LogLevel INFO


Module  xm_fileop

When@daily
Execfile_cycle('%LOGFILE%', 7);
 

---
This is the tree output
/etc/graylog/collector-sidecar$ tree
.
├── collector-id
├── collector_sidecar.yml
└── generated
└── nxlog.conf

So now when I try to do graylog-collector-sidecar -c 
/etc/graylog/collector-sidecar/collector_sidecar.yml
I got this
INFO[] Using collector-id: e3d0fefc-f8fd-4f4e-becd-894d7f813532 
INFO[] Fetching configurations tagged by: [apache]  
INFO[] Starting collector supervisor
INFO[] [nxlog] Starting 
INFO[0010] [RequestConfiguration] No configuration found for configured 
tags! 
INFO[0020] [RequestConfiguration] No configuration found for configured 
tags! 
INFO[0030] [RequestConfiguration] No configuration found for configured 
tags! 

But I see the instance in collectors in graylog server.

Any idea how to fix it?

Thanks in advance

Tony

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/27703308-3fe9-4a3f-8576-d54b70e2beaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog /var parition always increases

2016-07-25 Thread Roberto Carna 
Dear, following your requestes I have this...thanks in advance:

1) Output of curl http://localhost:9200/_cat/indices?v

health status index   pri rep docs.count docs.deleted store.size
pri.store.size
green  open   graylog2_67   4   045889570  1.5gb
   1.5gb
green  open   graylog2_71   4   0 7124470248.3mb
 248.3mb
green  open   graylog2_74   4   024345000823.1mb
 823.1mb
green  open   graylog2_76   4   048143510  2.3gb
   2.3gb
green  open   graylog2_72   4   0  2297588600 75.9gb
  75.9gb
green  open   graylog2_68   4   0   846854270 27.8gb
  27.8gb
green  open   graylog2_75   4   0 8875000307.6mb
 307.6mb
green  open   graylog2_70   4   0   148949710  4.9gb
   4.9gb
green  open   graylog2_73   4   041555000  1.4gb
   1.4gb
green  open   graylog2_69   4   0  585182147  190193.7gb
 193.7gb

2) du in /var

4   ./tmp
1196./backups
24  ./cache/ldconfig
20  ./cache/man/id
20  ./cache/man/pt_BR
28  ./cache/man/ru
4   ./cache/man/cat7
4   ./cache/man/sk/cat1
24  ./cache/man/sk
20  ./cache/man/tr
20  ./cache/man/cs
28  ./cache/man/fr
24  ./cache/man/pl
20  ./cache/man/zh_TW
4   ./cache/man/cat5
4   ./cache/man/cat6
20  ./cache/man/nl
4   ./cache/man/cat8
20  ./cache/man/ko
4   ./cache/man/zh/cat1
24  ./cache/man/zh
20  ./cache/man/fi
20  ./cache/man/da
24  ./cache/man/it
20  ./cache/man/sv
4   ./cache/man/cat2
20  ./cache/man/sl
20  ./cache/man/hu
28  ./cache/man/ja
4   ./cache/man/cat4
28  ./cache/man/de
24  ./cache/man/es
20  ./cache/man/pt
4   ./cache/man/hr/cat1
24  ./cache/man/hr
20  ./cache/man/zh_CN
4   ./cache/man/cat1
4   ./cache/man/ro/cat1
24  ./cache/man/ro
4   ./cache/man/cat3
1080./cache/man
6476./cache/debconf
2336./cache/apt/archives/partial
324900  ./cache/apt/archives
371892  ./cache/apt
472 ./cache/locate
379948  ./cache
216 ./lib/dpkg/alternatives
17816   ./lib/dpkg/info
4   ./lib/dpkg/parts
4   ./lib/dpkg/updates
28  ./lib/dpkg/triggers
18960   ./lib/dpkg
8   ./lib/snmp/mib_indexes
16  ./lib/snmp
44  ./lib/systemd/catalog
4   ./lib/systemd/coredump
4   ./lib/systemd/deb-systemd-helper-enabled/sockets.target.wants
4   ./lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants
4   ./lib/systemd/deb-systemd-helper-enabled/paths.target.wants
4   ./lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants
4   ./lib/systemd/deb-systemd-helper-enabled/local-fs.target.wants
92  ./lib/systemd/deb-systemd-helper-enabled
148 ./lib/systemd
4   ./lib/update-rc.d
4   ./lib/container
4   ./lib/insserv
8   ./lib/sudo/ts
4   ./lib/sudo/lectured
16  ./lib/sudo
12  ./lib/sgml-base
193676  ./lib/graylog-server/journal/messagejournal-0
193688  ./lib/graylog-server/journal
193692  ./lib/graylog-server
4   ./lib/os-prober
4   ./lib/misc
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/1/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/1/translog
78652   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/1/index
78672   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/1
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/0/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/0/translog
77852   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/0/index
77872   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/0
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/3/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/3/translog
78740   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/3/index
78760   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/3
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/2/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/2/translog
79952   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/2/index
79972   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75/2
315288  ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_75
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/1/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/1/translog
7294164 ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/1/index
7294184 ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/1
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/0/_state
8   ./lib/elasticsearch/graylog2/nodes/0/indices/graylog2_68/0/translog
7297900

Re: [graylog2] Re: Elasticsearch cluster unhealthy (RED)

2016-07-25 Thread Jochen Schalanda 
Hi Arief,

please refer to 
https://www.elastic.co/de/blog/elasticsearch-storage-the-true-story-2.0 
and 
https://www.elastic.co/guide/en/elasticsearch/reference/2.3/index-modules.html#_static_index_settings
 
for details about the Lucene compression codecs and disk space requirements 
for Elasticsearch indices.

Cheers,
Jochen

On Wednesday, 20 July 2016 11:36:06 UTC+2, Arief Hydayat wrote:
>
> Hi Jochen,
>
> Thank you for your reply. After these 5 days the disk space utilization 
> increase quite high. 
> /dev/dm-0   212G   78G  126G  38% /
>
> Seems need to add more disk or just listed server that need to send all 
> those log to the OVA Graylog. What do you think?
>
> Anyway regarding to the "how well they can be compressed", by default 
> Graylog will compress the data under each index folder?
> root@graylog:~# ls -lrt 
> /var/opt/graylog/data/elasticsearch/graylog/nodes/0/indices/graylog_7/0/index/
> total 1946504
> -rw--- 1 graylog graylog 0 Jul  8 05:59 write.lock
> -rw--- 1 graylog graylog974182 Jul 10 16:55 _2pkd.fdx
> -rw--- 1 graylog graylog 513513754 Jul 10 16:55 _2pkd.fdt
> -rw--- 1 graylog graylog   5164198 Jul 10 16:58 _2pkd_Lucene50_0.tip
> -rw--- 1 graylog graylog 404791138 Jul 10 16:58 _2pkd_Lucene50_0.tim
> -rw--- 1 graylog graylog 590583874 Jul 10 16:58 _2pkd_Lucene50_0.pos
> -rw--- 1 graylog graylog 436255903 Jul 10 16:58 _2pkd_Lucene50_0.doc
> -rw--- 1 graylog graylog  3126 Jul 10 16:59 _2pkd_Lucene54_0.dvm
> -rw--- 1 graylog graylog  31883485 Jul 10 16:59 _2pkd_Lucene54_0.dvd
> -rw--- 1 graylog graylog98 Jul 10 16:59 _2pkd.nvm
> -rw--- 1 graylog graylog  1843 Jul 10 16:59 _2pkd.nvd
> -rw--- 1 graylog graylog  4707 Jul 10 16:59 _2pkd.fnm
> -rw--- 1 graylog graylog   568 Jul 10 16:59 _2pkd.si
> -rw--- 1 graylog graylog   230 Jul 14 03:18 segments_35
>
> Thank for the tools link. Been check between 30 - 50 messages/sec still 
> consider as High Availability setup :-|
>
> On Friday, July 15, 2016 at 4:49:58 PM UTC+8, Jochen Schalanda wrote:
>>
>> Hi Arief,
>>
>> That's impossible to say and depends on how many log messages those 
>> servers will send, how big they are, and how well they can be compressed. 
>> And of course it depends on how many indices with this number of documents 
>> you need to retain.
>>
>> You can get an educated guess about the hardware requirements at 
>> https://www.graylog.org/tools/sizing-estimator, so give it a try.
>>
>> Cheers,
>> Jochen
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/86c4c8a0-0898-46a7-a09b-42608b6f3812%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Feature request - SSL validator as an option

2016-07-25 Thread Jan Doberstein 
Hej Mathieu,


I have upgraded my platform to Graylog 2.0.3 and changed some 
configuration items and my reverse proxies to use both the web interface 
and the REST one. 

As a consequence the web interface now uses a signed SSL certificate 
(https://graylog.example.com) and the webservices gateway does not 
(self-signed one, https://graylog-ws.example.com).

wouldn’t help this in your situation?

http://docs.graylog.org/en/2.0/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store


With kind regards
Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/etPan.5795e60d.39274516.a87%40jalogisch.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Message signed with OpenPGP using AMPGpg

[graylog2] Feature request - SSL validator as an option

2016-07-25 Thread Grzybek Mathieu CNE (GAE BCQ STIG CTGN) 

Dear all,

I have upgraded my platform to Graylog 2.0.3 and changed some 
configuration items and my reverse proxies to use both the web interface 
and the REST one.


As a consequence the web interface now uses a signed SSL certificate 
(https://graylog.example.com) and the webservices gateway does not 
(self-signed one, https://graylog-ws.example.com). Many error messages 
are now written in the server.log file:


WARN  [ProxiedResource] Unable to call 
https://***/system/metrics/multiple on node 
<9c0311bc-3d18-44bd-8011-2952926f0f7c>, caught exception: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target (class 
javax.net.ssl.SSLHandshakeException)


Two ideas come to my mind :
1. beeing able to skip the certificate validation (bad idea...)
2. beeing able to give the certificate details to the Graylog node to 
pass the validation process


What do you think ?

Mathieu

--
Le capitaine Mathieu GRZYBEK
COMSOPGN / STIG / BCQ / GAE
Fort de Rosny
Avenue Théophile Sueur
93111 Rosny-sous-Bois Cedex
France
Tel: +33 (0) 158 665 225

--
Message envoyé grâce à OBM , la Communication Libre par 
Linagora 


--
You received this message because you are subscribed to the Google Groups "Graylog 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5795DF4D.9060204%40gendarmerie.interieur.gouv.fr.
For more options, visit https://groups.google.com/d/optout.
Ce message électronique et tous les fichiers attachés qu'il contient sont 
confidentiels et destinés exclusivement à l'usage de la personne à laquelle ils 
sont adressés. Si vous avez reçu ce message par erreur, merci de le retourner à 
son émetteur. La publication, l'usage, la distribution, l'impression ou la 
copie non autorisée de ce message et des attachements qu'il contient sont 
strictement interdits.

En cas d'urgence, composez le 17 ou le 112.
Afin de contribuer au respect de l'environnement, merci de n'imprimer cet 
e-mail qu'en cas de necessite.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the individual to whom it is addressed. If you have 
received this email in error please send it back to the person that sent it to 
you. Unauthorized publication, use, dissemination, forwarding, printing or 
copying of this email and its associated attachments is strictly prohibited.

In case of emergency, dial number 17 or 112.
To contribute to the environmental protection, please print this e-mail only if 
necessary. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5795DF4D.9060204%40gendarmerie.interieur.gouv.fr.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Proffesional support query

2016-07-25 Thread Anant Sawant 
Hi,

I went through the Graylog professional support information at 
"https://www.graylog.org/professional-support; and have the following 
queries regarding the professional support  provided for Graylog.

Q1.Does the professional support include consultation, issue resolving in 
regards to Graylog's source code compilation?
Q2 In "Development graylog-server nodes" what kind/level of development is 
supported e.g new custom functionality or branding etc??

If there is any documentation which can help me understand the professional 
support in details please provide here or you can also mail me at 
"ana...@leotechnosoft.net".

Thanks in advance!!
Anant Sawant

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b1f8f6a6-46d5-4f10-9e60-c68115fe21ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Changing map theme for geolocation

2016-07-25 Thread Aykisn 
Thought as much ^^ Thank you, will do.

On Monday, July 25, 2016 at 12:28:15 PM UTC+4, Jochen Schalanda wrote:
>
> Hi Aykisn,
>
> that's currently not possible but feel free to open a feature request for 
> this at https://github.com/Graylog2/graylog-plugin-map-widget/issues.
>
> Cheers,
> Jochen
>
> On Monday, 25 July 2016 08:11:05 UTC+2, Aykisn wrote:
>>
>> Hello,
>>
>> I am using the free GeoLite2 database and I was wondering if there was 
>> any way to change the default map theme we have n the graylog user 
>> interface please ?
>>
>> Thanks.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6f1e61d5-378f-4c6f-a392-5a3865717a0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Input shows running but no messages getting retrieved

2016-07-25 Thread Jochen Schalanda 
Hi Thara,

I think your rsyslog configuration is incorrect. "." will not match any 
messages, I think you mean "*.*" instead.

Please refer 
to 
https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md#rsyslog
 
for instructions how to configure rsyslog.

Cheers,
Jochen

On Friday, 22 July 2016 16:50:57 UTC+2, Thara Savio wrote:
>
>
>
> vim /etc/rsyslog.d/90-graylog2.conf
> *.* @142.1.121.128:5149;RSYSLOG_SyslogProtocol23Format
> I added the above in ubuntu desktop
> IN graylog server , i launched syslog-UDP , put the port no. as 5149 
> client is Ubnutu 16.04 desktop
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b7486088-4f1a-444f-80e1-3fb2a2bb898a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Changing map theme for geolocation

2016-07-25 Thread Jochen Schalanda 
Hi Aykisn,

that's currently not possible but feel free to open a feature request for 
this at https://github.com/Graylog2/graylog-plugin-map-widget/issues.

Cheers,
Jochen

On Monday, 25 July 2016 08:11:05 UTC+2, Aykisn wrote:
>
> Hello,
>
> I am using the free GeoLite2 database and I was wondering if there was any 
> way to change the default map theme we have n the graylog user interface 
> please ?
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b406b61b-ef1a-4cfd-9243-c9288309d812%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Removing some help messages on the web interface

2016-07-25 Thread Jochen Schalanda 
Hi Aykisn,

those hints can currently not be removed without forking Graylog and 
modifying the web interface yourself.

Cheers,
Jochen

On Monday, 25 July 2016 09:24:39 UTC+2, Aykisn wrote:
>
> Hello,
>
> I didn't find any info on this. I was wondering i there was any way to 
> remove some of the help displayed on the web interface, especially this one 
> (found in the dashboard) :
>
>
> 
>
>
>
> I know it sounds stupid but it would help us gain some space in this page.
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8090e7d8-b452-408d-896e-85a3f82ad9a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] How to remove Graylog set-external-ip

2016-07-25 Thread Marius Sturm 
HI,
you can reset the setting by deleting the line `external_rest_uri...` in
/etc/graylog/graylog-settings.json. Afterwards run graylog-ctl reconfigure.

Cheers,
Marius

On 25 July 2016 at 09:41, Arief Hydayat  wrote:

> Hi everyone,
>
> Need your help. As I saw in the graylog-ctl script, I found command to
> bind Graylog server with the external IP:
>
> sudo graylog-ctl set-external-ip http[s]://:port/
>
> Now I need to remove that setting. How I can do that? Simply by these
> command?
>
> sudo graylog-ctl set-external-ip http[s]://:port/ remove
>
> I have tried and run the graylog-ctl reconfigure command but unfortunately
> I can access the web-interface thru the private IP
>
>
>
>
>
>
>
>
> *Error messageBad requestOriginal RequestPOST http:// IP>:12900/system/sessionsStatus codeundefinedFull error messageError:
> Request has been terminatedPossible causes: the network is offline, Origin
> is not allowed by Access-Control-Allow-Origin, the page is being unloaded,
> etc.*
>
> Anyone can help me with these?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/bf3e15c5-085c-4411-9160-e4844fb288f1%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbLdeVhNEU%2BV0URS6Rr8uHFitqAG6ZATrY2-CWPP47E3mA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] has anyone got a plugin for reading Google Apps APIs?

2016-07-25 Thread Jason Haar 
Hi there

We're using Google Apps and I can see a wide range of VERY interesting
audit information I'd love to flow into graylog: successful/failed login
events, gdrive transaction logs, admin events, etc. Sort of the Google Apps
equivalent of AWS CloudTrails

They have an API and with my poor programming skills I did manage to get a
python demo script successfully pulling down admin login events - but
that's about my limits - so I'm hoping someone has done a deeper
integration and just hasn't got around to publishing it on the graylog
market? :-)

Thanks

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgK-vJWW%2Bp5_TriWpg1RnUzjv%2B4cwTMCvr-_TVK8QUoXmw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] How to remove Graylog set-external-ip

2016-07-25 Thread Arief Hydayat 
Hi everyone,

Need your help. As I saw in the graylog-ctl script, I found command to bind 
Graylog server with the external IP:

sudo graylog-ctl set-external-ip http[s]://:port/

Now I need to remove that setting. How I can do that? Simply by these 
command?

sudo graylog-ctl set-external-ip http[s]://:port/ remove

I have tried and run the graylog-ctl reconfigure command but unfortunately 
I can access the web-interface thru the private IP








*Error messageBad requestOriginal RequestPOST http://:12900/system/sessionsStatus codeundefinedFull error messageError: 
Request has been terminatedPossible causes: the network is offline, Origin 
is not allowed by Access-Control-Allow-Origin, the page is being unloaded, 
etc.*

Anyone can help me with these?


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bf3e15c5-085c-4411-9160-e4844fb288f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Changing map theme for geolocation

2016-07-25 Thread Aykisn 
Hello,

I am using the free GeoLite2 database and I was wondering if there was any 
way to change the default map theme we have n the graylog user interface 
please ?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2b89f890-4a8e-43b0-984f-e0bd8e7cb940%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Change map themes for geolocation ?

2016-07-25 Thread Aykisn 
Hello,

I am using the free GeoLite2 city geolocation database, and I was wondering 
if there w

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/38b59ff9-4c4c-4014-986f-16564bf31fc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.