Re: [graylog2] is there a GELF over HTTPS option?

2015-09-01 Thread Kay Röpke
Hi Jason, please check out the 1.2 RC we published earlier today: https://www.graylog.org/announcing-graylog-1-2-rc/ It includes TLS support for HTTP as well as TCP keepalive. Each POST is still limited to a single GELF message, though.

[graylog2] Re: Autologin for Graylog Dashboard?

2015-09-01 Thread Drew Miranda
Hi Niklas, You can configure the session timeout per user (e.g. never timeout) via System -> Users -> Timeout if that is of use to you. Otherwise I think you would have to write a piece of code or script that could send the username/password as post data, but I'm not certain and havn't tested

[graylog2] Re: Graylog dashboard showing no messages for last 5 mins

2015-09-01 Thread Drew Miranda
Do you have your indicies rollover due to retention policies where older indices are deleted? Also does running "Recalculate Index Ranges" (System -> Indices -> Maintenance) help? On Tuesday, September 1, 2015 at 8:32:43 AM UTC-5, Sriranga Kulkarni wrote: > > Need help graylog dashboard not

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

2015-09-01 Thread Kevin Johnson
Hi Jochen, I did not create an extractor to parse the access logs. I have setup extractors on other inputs. How do I use the recognized date as the message timestamps? On Tuesday, September 1, 2015 at 4:21:55 AM UTC-4, Jochen Schalanda wrote: > > Hi Kevin, > > did you create an extractor (e.

[graylog2] Re: Define full_message extractor only when source=X

2015-09-01 Thread Drew Miranda
Looks like this is an idea submitted here: https://graylog.ideas.aha.io/ideas/GL2E-I-436 On Thursday, August 13, 2015 at 12:16:27 PM UTC-5, Jesse Skrivseth wrote: > > Perhaps I'll need drools rules for this, but I want to run a key=value > tokenizer extractor on messages from a source matching

[graylog2] Re: Selecting range via histogram returns zero results (More Timezone woes?)

2015-09-01 Thread Werner van der Merwe
It did indeed! Thanks very much On Wednesday, September 2, 2015 at 1:31:19 PM UTC+12, Drew Miranda wrote: > > Does running "Recalculate Index Ranges" (System -> Indices -> Maintenance) > help? > > On Sunday, August 30, 2015 at 6:43:00 PM UTC-5, Werner van der Merwe wrote: >> >> Further Updates:

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

2015-09-01 Thread Jochen Schalanda
Hi Kevin, you can extract the date from the log messages with a regex extractor and afterwards use a date or flexdate converter (see http://docs.graylog.org/en/1.1/pages/extractors.html#normalization) to convert it to an actual timestamp which you store in the timestamp field of your message.

[graylog2] Re: Service graylog2-server shuts down after start of CentOS

2015-09-01 Thread Karl Schleifenbaum
Hi Drew, thanks for starting me to search for logs. Finally I managed to get the latest graylog running. The problem turned out to be several things - etc/graylog/web/web.conf (missing password secret) - etc/graylog/server/server.conf (missing password secret and root_password_sha2) - Java 1.7

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

2015-09-01 Thread Jochen Schalanda
Hi Kevin, did you create an extractor (e. g. a grok or a regex extractor) to parse those access logs and use the recognized date as the message timestamp? If so, how do those extractors look like? Cheers, Jochen On Tuesday, 1 September 2015 02:50:57 UTC+2, Kevin Johnson wrote: > > Hi Jochen,

[graylog2] Re: Syslog UDP Input

2015-09-01 Thread daniel . schindler73
HI Jason, that was helpful, thank you very much. Regards Daniel Am Mittwoch, 26. August 2015 15:04:37 UTC+2 schrieb daniel.sc...@googlemail.com: > > Hello, > > first step I tried on my new graylog server is, to create a Syslog UDP > Input, in order to be able to receive > syslog messages on

[graylog2] /etc/issue is being overwritten

2015-09-01 Thread daniel . schindler73
Hi All, I changed the contents of /etc/issue and customize it a little bit. After reboot the changes are lost. How can I avoid that this file is being overwritten from my personal changes? Or is this the wrong file? Regards Daniel -- You received this message because you are subscribed to

[graylog2] Alerts never triggered

2015-09-01 Thread Jose Luis Gordo Romero
Hi, I have a 1.1.6 updated install (from 1.1rc), and in some update (I can't remember) alerts stop working (never triggered). I reviewed the mongo collections and server conf (from a fresh install), the server.log, ... (nothing different). So having a stream with +- 20 msg/sec, I configured

[graylog2] Re: /etc/issue is being overwritten

2015-09-01 Thread daniel . schindler73
Hi Jochen, the OVA Image. Regards Daniel Am Dienstag, 1. September 2015 12:40:16 UTC+2 schrieb daniel.sc...@googlemail.com: > > Hi All, > > I changed the contents of /etc/issue and customize it a little bit. > > After reboot the changes are lost. > > How can I avoid that this file is being

[graylog2] Autologin for Graylog Dashboard?

2015-09-01 Thread Niklas Grebe
Hi, I was wondering if it would be possible to get rid of re-entering the username/password credentials on our Graylog Dashboard after the session got invalidated. Is there a way to put the username/password in the url to automate this process? I don’t want to install a hole password manager

[graylog2] Graylog dashboard showing no messages for last 5 mins

2015-09-01 Thread Sriranga Kulkarni
Need help graylog dashboard not showing any messages for last 5 mins where as i am able to see messages for last 15 mins. I used to get messages for 5 mins before but donno what happened. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To