[graylog2] Re: Function of graylog2-collector

2016-02-16 Thread Bernie Carolan
In comparison to the nxlog to logstash model, is it possible to suppress events that are not required? An example in nxlog would be: Module im_msvistalog Query\ \ *\ *[System[(EventID=4624 or EventID=4776 or EventID=4634 or EventID=4672 or

[graylog2] Re: I have no outgoing messages from Graylog

2016-02-16 Thread Jochen Schalanda
Hi Roberto, check your Elasticsearch logs, not the logs of your Graylog server. Cheers, Jochen On Tuesday, 16 February 2016 16:17:47 UTC+1, roberto...@gmail.com wrote: > > Dear Jochen, > > When I search for errors or warnings in the current graylog2.log, there > are no nothing. > > And /var is

[graylog2] Re: I have no outgoing messages from Graylog

2016-02-16 Thread Jochen Schalanda
Hi Roberto, there's something wrong with your Elasticsearch cluster (see http://docs.graylog.org/en/1.3/pages/configuring_es.html#cluster-status-explained for an explanation of the different Cluster Health States) which prevents Graylog from indexing more log messages. Check the logs of your

[graylog2] I have no outgoing messages from Graylog

2016-02-16 Thread robertocarna36
Dear, I have Graylog 1.2 but right now I have a lot of incoming messages but no outgoing messages at all, so my journal space is increasing a lot: *Processing 1500 incoming and 0 outgoing msg/s. 1,877,835 unprocessed messages* I can see just this error or warning: *Elasticsearch cluster is

[graylog2] Re: Help sending logs from server journald to graylog

2016-02-16 Thread Stephen Fox
BKeep, thanks for the helpful reply. So far I've been able to get 2 methods working. Installing rsyslog like you mentioned. And, SystemdJournal2Gelf. Both work. I wrote a quick blog post about these 2 methods:

[graylog2] Re: Sending http mail alerts

2016-02-16 Thread Anant Sawant
Thank You Jochen. On Thursday, 11 February 2016 19:38:51 UTC+5:30, Jochen Schalanda wrote: > > Hi Anant, > > the email alert callback can use any SMTP server accessible from the > system running Graylog. You don't need to install a local MTA like Postfix > or Exim to use it. > > > Cheers, >

[graylog2] Re: Elasticsearch cluster is red.

2016-02-16 Thread Steve Marks
Find the unassigned shards: curl -XGET http://:9200/_cat/shards | grep UNASSIGNED The resolution to this was the below command, change the index and shard number to any primary unassigned shards curl -XPOST ':9200/_cluster/reroute' -d '{"commands": [{"allocate": {"index": "graylog_400",