[graylog2] Re: Multiple nodes in a cluster

As well some additional logs form the nodes are [NodePingThread] Did not find meta info of this node. Re-registering. I have changed all IPs appropriately in the configuration of the 3rd node. On Wednesday, August 24, 2016 at 4:15:02 PM UTC-4, Steve Kuntz wrote: > > I have 2 nodes running in a

[graylog2] Multiple nodes in a cluster

I have 2 nodes running in a cluster, one master and one slave. When I look at the nodes collection in Mongo I see the 2 nodes. I have added a 3rd node as a slave and when this node is running I end up with an issue where the cluster is complaining that there isn't a master node. When I look at

[graylog2] Removing a Graylog node from the cluster

Hi, I've been unable to find any documentation around this. How do I completely remove a graylog node from the cluster? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an

[graylog2] Re: Graylog Failing jvm Allocation Failure [jvm] [graylog-4e9a7285-48ce-468c-8604-6b2bf613eafd] [gc][old][501][37] duration [38.6s],

Hey Jochen, tried with Xmx=30Gb changed the GC algo and i still have big pauses... 2016-08-24T17:06:30.042Z WARN [GarbageCollectionWarningThread] Last GC run with G1 Young Generation took longer than 1 second (last duration=10443 milliseconds) 2016-08-24T17:06:30.042Z WARN [jvm]

[graylog2] Re: Graylog 2.0.3 recommended MongoDB version

Thank you! On Wednesday, August 24, 2016 at 6:21:19 PM UTC+3, Jochen Schalanda wrote: > > Hi Aleksey, > > while we recommend using the latest stable version of MongoDB for Graylog > 2.x, MongoDB 2.6.x from EPEL should also work fine. > > > Cheers, > Jochen > > On Wednesday, 24 August 2016

[graylog2] Re: Issues parsing incomming fields in a good way

Hi, looking at the bash snippet you've posted, it should be fairly easy to iterate over the scanned/infected files and create a separate GELF message for each. If you need to know, which infected files were found by the same scan, you can simply add a unique identifier to the GELF messages

[graylog2] Re: Graylog 2.0.3 recommended MongoDB version

Hi Aleksey, while we recommend using the latest stable version of MongoDB for Graylog 2.x, MongoDB 2.6.x from EPEL should also work fine. Cheers, Jochen On Wednesday, 24 August 2016 16:00:33 UTC+2, Aleksey Chudov wrote: > > Hi, > > In accodrance with current documentation >

Re: [graylog2] Sidecar vs nxlog only?

Great, I thought that was the case but wasn't sure if there was more to Sidecar or not. Thanks! Nathan On Wednesday, August 24, 2016 at 10:31:08 AM UTC-4, Marius Sturm wrote: > > Hi Nathan, > it's basically a configuration layer. With Sidecar in between you can > control nxlog from within the

Re: [graylog2] Sidecar vs nxlog only?

Hi Nathan, it's basically a configuration layer. With Sidecar in between you can control nxlog from within the Graylog web ui. Cheers, Marius On 24 August 2016 at 16:07, Nathan Mace wrote: > I'm starting to roll out nxlog / Sidecar to replace our Splunk install. >

[graylog2] Sidecar vs nxlog only?

I'm starting to roll out nxlog / Sidecar to replace our Splunk install. However the Windows Event Logs seem to make it into Graylog just fine without Sidecar being installed. What does installing Sidecar add to the mix? Nathan -- You received this message because you are subscribed to the

[graylog2] Graylog 2.0.3 recommended MongoDB version

Hi, In accodrance with current documentation http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html#prerequisites Graylog requires MongoDB (>= 2.4) and CentOS installation instruction http://docs.graylog.org/en/2.0/pages/installation/os/centos.html describes

Re: [graylog2] Graylog 2.0 SSL issue

Hi Anant, maybe Midori is using another certificate store than the other web browsers you've mentioned. In any case, if you're using a self-signed certificate, you need to add this certificate to the list of trusted certificates in your web browser or system trust store. On an additional

Re: [graylog2] Graylog 2.0 SSL issue

Hi Dennis, I am looking for other details that I might have missed but there is this strange thing happening, I tried to run Graylog on "Midori" without any changes in the configuration and its running just fine, but its not on Mozilla, IE or Chrome. I am attaching the screenshot. Please

[graylog2] Re: Graylog Failing jvm Allocation Failure [jvm] [graylog-4e9a7285-48ce-468c-8604-6b2bf613eafd] [gc][old][501][37] duration [38.6s],

Hi Ricardo, try configuring *less* heap memory for your JVM, ideally less than 32G. See https://blog.codecentric.de/en/2014/02/35gb-heap-less-32gb-java-jvm-memory-oddities/ for details. Cheers, Jochen On Wednesday, 24 August 2016 15:02:10 UTC+2, Ricardo Ferreira wrote: > > So, we have a 2

Re: [graylog2] Graylog 2.0 SSL issue

Hey Anant, it looks like https://172.16.0.78:12900/ is not reachable from your browser. Please make sure that your browser can connect to the REST API. For further information, please have a look at http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html. Kind regards,

[graylog2] Re: Issues parsing incomming fields in a good way

Hi Jochen, First of all, thanks again for taking your time. Its very highly appreciated :) Ok sure, from a bash script, the GELF is generated like this: FILES=$(/bin/cat /var/log/avscanoutputfile | /bin/grep ^/) echo -e '{ "version": "1.1",

[graylog2] Re: Issues parsing incomming fields in a good way

Hi Jochen, First of all, thanks again for taking your time. Its very highly appreciated :) Ok sure, from a bash script, the GELF is generated like this: FILES=$(/bin/cat /var/log/avscanoutputfile | /bin/grep ^/) echo -e '{ "version": "1.1",

Re: [graylog2] Re: Graylog2 sidecar and SSL

Thank you Marius! Confirming that I didn't even consider that... I've just updated my copy of sidecar and it now functions correctly. Cheers, Michael On Wednesday, 24 August 2016 18:38:31 UTC+10, Marius Sturm wrote: > > Hi Michael, > usually the issue is a better place to ask related

[graylog2] Re: CSV to field converter using whitespace delimiter

Oh I agree and have switched to Grok since I posted the original message. Yes those are IIS :) However, Grok patterns takes much more time to configure where CSV literally takes 20 sec to setup. I'm just getting lazy I suppose haha Anyhow, CSV seems problematic for certain delimiters and

[graylog2] Re: Issues parsing incomming fields in a good way

Hi, splitting a message into multiple messages according to the pattern you've mentioned is kind of hard. I would (still) recommend changing the generation of the GELF messages at the source and send one GELF message for each infected/found file. If you tell us, how you generate the GELF

Re: [graylog2] Re: Graylog2 sidecar and SSL

Hi Michael, usually the issue is a better place to ask related questions. In your case I guess you updated the collector server plugin but didn't do the same for the sidecar itself. After installing the latest sidecar version the fields should be gone and the config should be valid again. Cheers,