[graylog2] Re: Graylog for JSP ?

Hi Vincent, the only JSP I know are Java Server Pages and you can use one of the existing GELF logging appenders to send logs from Java applications into Graylog, see https://www.graylog.org/resources/data-sources/ for details. If you mean something else, please elaborate on that. Cheers,

[graylog2] Re: graylog ports

Oh, and I almost forgot that each node needs access to the same MongoDB server and database, which listening on port 27017/tcp by default, see http://docs.mongodb.org/manual/reference/default-mongodb-port/ for details. Cheers, Jochen On Thursday, 20 August 2015 11:53:14 UTC+2, Jochen

[graylog2] Re: graylog ports

Hi, Graylog itself only needs access to the REST API of all other Graylog nodes in the cluster, which is listening on port 12900/tcp by default. Additionally each node needs to have access to Elasticsearch's transport port which is 9300/tcp (or rather a range 9300/tcp-9400/tcp) by default,

[graylog2] Re: Graylog for JSP ?

know which one is for JSP, can you tell me which one is for JSP ? Thankss :D On Thursday, August 20, 2015 at 3:50:36 PM UTC+7, Jochen Schalanda wrote: Hi Vincent, the only JSP I know are Java Server Pages and you can use one of the existing GELF logging appenders to send logs from Java

[graylog2] Re: How to setup Graylog code on eclipse.

in Advance. : -) On Thursday, 6 August 2015 13:13:16 UTC+5:30, Jochen Schalanda wrote: Hi Gangadhar, Graylog is using Maven as its build system, so using M2Eclipse ( https://eclipse.org/m2e/) it should be pretty easy to import the project into Eclipse. FWIW, it's working out of the box

[graylog2] Re: extractor impact on performance

is: is there a log activity concerning parsing extractor, because there is no doubt the impacte performance, but I don't understand How it can impacte the avaibility of consulting the messages already loggued Best regards. Le mercredi 24 septembre 2014 20:10:05 UTC+2, Jochen Schalanda

[graylog2] Re: are there standard field names?

Hi Jason, other than the mandatory fields described in the GELF specification ( https://www.graylog.org/resources/gelf) there are no default message fields in Graylog. Cheers, Jochen On Monday, 24 August 2015 11:10:00 UTC+2, Jason Haar wrote: Hi there I've been testing graylog for a few

[graylog2] Re: Sending EventLog to Graylog2

Hi Santiago, how exactly are you sending the Windows Event Logs to Graylog? You can use either nxlog or the new Graylog Collector ( http://docs.graylog.org/en/1.1/pages/collector.html) for this. If you're using nxlog, please post your configuration file. If you're starting from scratch, I'd

[graylog2] Re: Dashboards problems

Hi Alex, did you upgrade both, the Graylog server and the web interface, to version 1.1.5? What kind of queries are you using in your dashboard widgets? Do those queries complete fast and at all if you enter them in the search bar? You can also click on the icon on the dashboard widgets to

[graylog2] Re: Add Role to Graylog2

Hi Tim, user roles will be supported in Graylog 1.2.0. You can follow https://github.com/Graylog2/graylog2-server/pull/1322 if you want to stay up-to-date on the issue. Cheers, Jochen On Tuesday, 28 July 2015 10:07:30 UTC+2, tim lewis wrote: Is there a way to add a new role to Graylog? We

[graylog2] Re: wildcard searches on fields besides messages?

Hi Jason, by default only a few message fields (like message, full_message, and source) are being analyzed so that wildcard searches are possible (see https://github.com/Graylog2/graylog2-server/blob/1.1.5/graylog2-server/src/main/java/org/graylog2/indexer/Mapping.java#L79-86 ). If you

[graylog2] Re: Stream alert not generated even alert condition satisfied

Hi Avdhoot, how does your alert condition look like and what should it do actually? Cheers, Jochen On Tuesday, 4 August 2015 13:04:11 UTC+2, Avdhoot Dendge wrote: Need help to debug why graylog is not generating alert even alert condition satisfied. Please check below screenshot for alert

[graylog2] Re: query about performance of time retention_policy settings

Hi Jason, the answer to your question depends on multiple factors, like the structure of your log messages, their average size, the available hardware resources for Graylog and Elasticsearch, and the kind of queries you've been running. In short, modern hardware with decent amounts of memory

[graylog2] Re: juniper ssg 140

Hi Leon, some network appliances don't send actually valid syslog messages, although their manufacturers claim they do. This might be one of those cases. Please check, if the messages are indexed if you're using a Raw UDP/TCP input in Graylog. You'd have to extract the interesting fields with

[graylog2] Re: Setting default TTL for new indices

Hi, you can add your index template to the Elasticsearch configuration file ( https://www.elastic.co/guide/en/elasticsearch/reference/0.90/indices-templates.html#config) referenced in the elasticsearch_config_file setting in the Graylog configuration file (

[graylog2] Re: Check Graylog Node Status via API

, Jochen Schalanda wrote: Hi Pete, currently there is no resource in the Graylog REST API which would check the availability of MongoDB or Elasticsearch explicitly. But you could check this indirectly via the cluster stats resource at http://localhost:12900/system/cluster/stats (or more

[graylog2] Re: graylog-server 1.1.5 - Enabling HTTPS REST api binds graylog-server service to loopback instead of eth0 address

Hi Tim, since you're using the hostname hostname.example.com to specify the network interface the Graylog REST API should listen on (using rest_listen_uri), Graylog is resolving the hostname on startup and using the first IP address this request returns – in your case 127.0.0.1 from your

[graylog2] Re: Check Graylog Node Status via API

Hi Pete, currently there is no resource in the Graylog REST API which would check the availability of MongoDB or Elasticsearch explicitly. But you could check this indirectly via the cluster stats resource at http://localhost:12900/system/cluster/stats (or more specifically

[graylog2] Re: Update AWS instances

Hi Brandon, upgrading the Graylog Omnibus package inside your existing AMI is still possible and should work exactly as you've described. Cheers, Jochen On Thursday, 13 August 2015 23:27:14 UTC+2, Brandon Shiner wrote: In July, when the AMI documentation was moved to ReadTheDocs, the notes

[graylog2] Re: Error executing action `run` on resource 'ruby_block[add node to server list]

Hi, how did you upgrade from Graylog 1.1.4 to Graylog 1.1.5? Which appliance (I guess that it's one of our virtual machine images…) are you using on which hypervisor? Did you try restarting etcd (which seems to be the culprit) with sudo graylog-ctl restart etcd? You can see the logs with sudo

[graylog2] Re: About shards

, Jochen Schalanda wrote: Hi Juan, please post the output of the following command (replace 127.0.0.1 with the IP address or hostname of one of your Elasticsearch nodes): curl 'http://127.0.0.1:9200/_cat/shards?v' Cheers, Jochen On Wednesday, 22 July 2015 15:03:45 UTC+2, Juan Andres Ramirez

[graylog2] Re: About shards

Hi Jérôme, it depends what you want to achieve. Having 4 shards and 1 replica of each shard per index is totally fine and works with 2 Elasticsearch nodes. Cheers, Jochen On Friday, 24 July 2015 10:29:06 UTC+2, Jérôme QUENEUDER wrote: Hello everybody, Maybe I have a same question, I have

[graylog2] Re: Index rotation problems

Hi Eugene, the number of indices can also increase, if you cycle the deflector index a lot (e. g. in the web interface at System - Indices - Maintenance). You have set the maximum size of an index to 100,000 bytes (100 kilobytes) which is quite low. Maybe you mixed that up with 100,000,000

[graylog2] Re: About shards

, Jochen On Friday, 24 July 2015 11:37:31 UTC+2, Jérôme QUENEUDER wrote: Hi Jochen, Could you explain me more ? Because for me its : elasticsearch_shards=1 = 1 node so 1 server, no ? Thank you for your answer Jochen, Jérôme Queneuder Le vendredi 24 juillet 2015 11:15:04 UTC+2, Jochen

[graylog2] Re: Upgrading Graylog from 1.0.1 to 1.1.4

Hi, Graylog 1.1.4 is also working fine with Elasticsearch 1.4.5, but you might find some performance degradation which might or might not affect you, depending on the overall throughput of your Graylog setup. Cheers, Jochen On Monday, 27 July 2015 00:13:48 UTC+2, BKeep wrote: Upgraded from

[graylog2] Re: Does GELF over UDP support timestamp field?

Hi Jason, the xtimestamp field looks valid and should work if you put the value into the mandatory timestamp field of a GELF message. The message timestamp is interpreted as seconds since UNIX epoch (i. e. 1/1/1970 00:00:00 UTC), so maybe you're off by some hours due to the timezone offset

[graylog2] Re: Query distinct values

Hi Jesse, unfortunately that's currently not possible with the query language of Graylog/Lucene. Feel free to add this as a feature request in our product portal (https://www.graylog.org/product-ideas/). Cheers, Jochen On Monday, 27 July 2015 01:22:11 UTC+2, Jesse Skrivseth wrote: Hello

[graylog2] Re: Need to change URL from a Stream

Hi Jérôme, you can modify the URL to the web interface with the transport_email_web_interface_url setting in your Graylog server configuration ( https://github.com/Graylog2/graylog2-server/blob/1.1.4/misc/graylog2.conf#L347-349 ). Cheers, Jochen On Sunday, 26 July 2015 19:40:52 UTC+2, Jérôme

[graylog2] Re: Logging in GELF over TLS

Hi Russ, most third-party libraries only support sending GELF over UDP, some also support TCP, and very few support GELF over TCP+TLS. For example our own Java-based gelfclient (https://github.com/Graylog2/gelfclient) supports all three modes. If you're missing a specific transport mode in

[graylog2] Re: new graylog2 node API users authentication problem

Hi Angelo, please make sure that all Graylog nodes are using the same MongoDB database and that password_secret ( https://github.com/Graylog2/graylog2-server/blob/1.1.4/misc/graylog2.conf#L9-11) is identical on each node. Cheers, Jochen On Wednesday, 22 July 2015 10:40:34 UTC+2, Angelo

[graylog2] Re: Graylog Installation on Openstack

For the sake of completeness, here's the corresponding GitHub issue: https://github.com/Graylog2/graylog2-images/issues/74 On Wednesday, 22 July 2015 10:39:00 UTC+2, Iloue Iloue wrote: Hi , I'd like to ask regarding installation Graylog2 on Openstack using qcow2. When i finished

[graylog2] Re: how to contribute Extractor?

Hi Dung, thanks for wanting to contribute your extractor! Please just send the extractor (the actual JSON file) to he...@graylog.com and we'll add it to the website. Ideally please include some sample messages of the device so that we can test the extractor. Cheers, Jochen On Thursday, 23

[graylog2] Re: Graylog web interface 1.1.4 - change default port

Hi Jamie, you can change the default port for the Graylog web interface by providing a system property named http.port to the process, see https://www.playframework.com/documentation/2.3.x/ProductionConfiguration for details. Cheers, Jochen On Friday, 17 July 2015 15:33:07 UTC+2, Jamie Geyer

[graylog2] Re: Elasticsearch + Shield = Graylog can't connect

Hi Pavel, Graylog currently doesn't explicitly support Elasticsearch setups with Shield. FWIW, you'll need to install the Shield plugin in Graylog (or at least put the JARs on the class path) and configure the internal Elasticsearch instance accordingly (

[graylog2] Re: Cant find part of a word using the search absoult method on the web api

Hi, currently only some specific message fields (message, full_message, and source) are being analyzed during index time. This means that wildcard searches cannot be executed for other, individual fields. You can work around this limitation by creating an index template (

[graylog2] Re: Alert when there are Indexer Failures

Hi, On Saturday, 11 July 2015 21:23:38 UTC+2, Arie wrote: You could put the logdata of graylog into graylog with the graylog collector service or with the use of your local syslog tool. This is also possible with one of the existing Log4j GELF appenders (

[graylog2] Re: graylog2-web crashes after update to 1.1.4

Hi Denny, is there a transparent proxy between your client and the Graylog web interface or are you using any unusual client? It looks like the HTTP request doesn't contain all required information (i. e. the HTTP version line is missing, which is mandatory for any valid HTTP request).

[graylog2] Re: Remove some fields from log model

Hi Eugene, while you can remove those fields retroactively (i. e. after the original messages have been indexed into Elasticsearch) using the Update API ( https://www.elastic.co/guide/en/elasticsearch/reference/1.6/docs-update.html#_scripted_updates), I would strongly advise against it since

[graylog2] Re: Is syslog RFC 5424 output possible with sysklogd (contains syslogd 1.4.1)

Hi Richard, the $template directive is a feature of rsyslog ( http://www.rsyslog.com/doc/v8-stable/configuration/templates.html). It seems like you're using a relatively old version of the original BSD syslogd, which doesn't support changing it's output format. Is there any chance for you to

Re: [graylog2] grok pattern not working

Hi Zsolt, that's no valid grok pattern on your screenshot. You can for example import the standard grok patterns from Logstash ( https://raw.githubusercontent.com/logstash-plugins/logstash-patterns-core/master/patterns/grok-patterns) into Graylog. Cheers, Jochen On Wednesday, 21 October 2015

[graylog2] Re: Writing to mongo from a plugin

Hi Jesse, there are several possibilities to write plugin-specific data into MongoDB (none of which are documented, sorry for that). - If you can live with the overhead, you can simply inject ClusterConfigService

[graylog2] Re: Multiline logs (Java, tomcat)

Hi, for now you'd need some preprocessing of your logs (e. g. with logstash's multiline filter) to accomplish this. Alternatively you can use one of the many GELF appenders (see

[graylog2] Re: How to forward syslog-ng server messages to graylog2 server ?

Hi, On Monday, 26 October 2015 19:24:47 UTC+1, T.J. Yang wrote: > > My goal is to not having graylog2-sever bind to udp/tcp 514 since my > syslog-ng server is using them already. > I am look for a way to have syslog-ng send logs graylog2 server for > processing, using port above 1024. > Is

[graylog2] Re: Hash and split conversion examples

Hi, what exactly do you need to know? Converters can be applied to the result of an extractor and can be used to transform the input (the result of an extractor) in an arbitrary way. The Hash converter simply calculates the MD5 hash of the input and replaces the respective field with this

[graylog2] Re: Elasticsearch 2.0 and Graylog compatibility?

Hi Mike, Graylog 1.x will *not* support Elasticsearch 2.x. Graylog 2.x will *maybe* support Elasticsearch 2.x, but it's not set in stone. Cheers, Jochen On Thursday, 29 October 2015 19:11:45 UTC+1, Mike Daoust wrote: > > I wondered if there is more information about this now that 2.0 is out?

[graylog2] Re: Create Converter

Hi Felipe, currently you would have to create a fork of Graylog (graylog2-server and graylog2-web-interface) to implement a custom converter but we plan to change this in Graylog 2.0.x (not to be confused with Graylog2…). What kind of converter would you implement? Maybe it's useful for others

[graylog2] Re: How to forward syslog-ng server messages to graylog2 server ?

Hi, syslog-ng should support reloading (instead of restarting) by sending a simple SIGHUP to the syslog-ng process, e. g. by running kill -s HUP $(cat /var/run/syslog-ng.pid) Cheers, Jochen On Monday, 26 October 2015 13:17:48 UTC+1, T.J. Yang wrote: > > > Hi > > This is a beginner question.

[graylog2] Re: Error after updating to latest version.

Hi, which actions in the web interface produce those timeout messages? Can you reproduce what you did, when the timeout occurred? Cheers, Jochen On Monday, 9 November 2015 13:01:28 UTC+1, eleftherios Banos wrote: > > Hi, > > After we updated to the latest 1.2.2 version an error occurs. In

[graylog2] Re: unable to post GLEF messages in UDP port

Hi Stefan, nmap can't really tell if a UDP socket is open or not if the listener doesn't send a reply (which the GELF UDP input doesn't). FWIW, I think this problem has been solved on IRC (GELF UDP input was bound to 127.0.0.1 instead of 0.0.0.0 or a public network interface):

[graylog2] Re: In charts natural number converted to float.

Hi Lefteris, "1,766" is not a decimal number but simply 1766 with the default English digit grouping (see https://en.wikipedia.org/wiki/Decimal_mark#Digit_grouping). Cheers, Jochen On Wednesday, 11 November 2015 12:50:29 UTC+1, eleftherios Banos wrote: > > Hi all, > > Although at the search

Re: [graylog2] Re: Required disk space for a new graylog2 installation unter Linux...

Hi Klaus, I've heard from some users that their MongoDB server is using lots of space for their journal. You might want to try to set smallfiles=true in the MongoDB configuration file (see https://docs.mongodb.org/v2.4/reference/configuration-options/#smallfiles) to reduce the amount of disk

[graylog2] Re: Graylog Collector Connection Refused

Hi Sean, those responses with HTTP status code 404 are fine, there's simply no handler defined for the root resource and it was merely meant to check the connectivity to the Graylog REST API in general. Now that we have established that communications between the machine you're running the

[graylog2] Re: GELF listener seems deaf

11:058 GMT -4 > BW.CLE_Process_Archive CLEInfo [BW-User] CLE Transaction - > cfe35b7d-e08a-400e-8b52-52daeb8295b1 has been been received by CLE Auditing > ", > "timestamp" : "1436366891058", > "level" : "LOG_INFO", > "_t

[graylog2] Re: Timestamp field depecrated.

Hi Juan, Graylog 1.x doesn't support Elasticsearch 2.0.x, see https://github.com/Graylog2/graylog2-server/issues/1518. Cheers, Jochen On Monday, 16 November 2015 19:29:18 UTC+1, Juan Andres Ramirez wrote: > > Hello Guys, > I tried migrate my indexes from elasticsearch 1.7 to 2.0, but I

[graylog2] Re: GELF listener seems deaf

Hi Rin, the GELF HTTP input only processes valid GELF message, which means that you will at least need to include the "version", "host", and "message" fields. Please take a look at the GELF specification (including a valid example) for details: https://www.graylog.org/resources/gelf/ Cheers,

[graylog2] Re: How to change login screen and UI

Hi, the Graylog web interface is currently not customizable. You'll have to build your own version of the web interface (https://github.com/Graylog2/graylog2-web-interface) to customize parts of it. Cheers, Jochen On Sunday, 15 November 2015 09:06:51 UTC+1, Dương Quang Thọ wrote: > > Dear

[graylog2] Re: graylog-web in different machine with graylog-server

Hi, make sure that the Graylog web interface on machine B can access port 12900/tcp on machine A, e. g. with curl (`curl -i http://x.x.x.x:12900/` on machine B), and that the Graylog server node on machine A is listening on the correct interface (e. g. with `netstat -tplen|grep :12900` on

[graylog2] Re: GELF listener seems deaf

something goes wrong after. Do you have any suggestions > about how to narrow it down? > > > On Tuesday, November 17, 2015 at 9:36:04 AM UTC-5, Jochen Schalanda wrote: >> >> Hi Rin, >> >> the "timestamp" field of your GELF message seems a bit large. &g

[graylog2] Re: GELF listener seems deaf

Hi Rin, On Tuesday, 17 November 2015 17:02:20 UTC+1, Rin Saunders wrote: > > Wait a minute. I looked at the node page. It says " *6,060 unprocessed > messages* are currently in the journal, " Is something down? > The logs of your Graylog server node should tell you what's wrong. Cheers,

[graylog2] Re: GELF listener seems deaf

uot;1436366891058", > "level" : "LOG_INFO", > "_transaction" : "cfe35b7d-e08a-400e-8b52-52daeb8295b1" > } > > > On Monday, November 16, 2015 at 2:40:57 PM UTC-5, Jochen Schalanda wrote: >> >> Hi Rin, >>

[graylog2] Re: Key=value pairs of field

Hi, simply add an extractor for the field you like to parse (e. g. a "Copy Input" extractor) and assign the "Key=Value pairs to fields" converter. This will expand the key-value pairs (e. g. "a=1,b=2,c=3") into separate message fields. Cheers, Jochen On Friday, 30 October 2015 10:48:18

[graylog2] Re: Regex

Hi, this will be possible in Graylog 1.3.0. Cheers, Jochen On Friday, 30 October 2015 10:49:56 UTC+1, kaiser wrote: > > Hi, > > When creating a regex extractor, is it possible to get all occurences of a > pattern? > > For instance given a message "A B C A" would extract "A A"? > > Regards. >

[graylog2] Re: Keyword search : "Last weekend"

Hi Mehmet, Graylog is using natty (http://natty.joestelmach.com/) under the hood to parse natural language dates. As long as natty can "translate" the term, Graylog should be able to cope with it. Cheers, Jochen On Thursday, 15 October 2015 21:15:46 UTC+2, Mehmet Ali Büyükkarakaş wrote: > >

[graylog2] Re: Elasticsearch desactivation

Hi Yves, what exactly do you mean with "deactivate Elasticsearch in the Graylog configuration"? Since Graylog is indexing the processed log messages in Elasticsearch, it would be quite useless to deactivate the default Elasticsearch output. Cheers, Jochen On Tuesday, 3 November 2015

[graylog2] Re: JAVA warning with graylog 1.2.2

have java warnings. > Do you know how to activate graylog debug ? > > Thanks in advance. > > Regards > Yves Louis > > Le vendredi 30 octobre 2015 17:32:21 UTC+1, Jochen Schalanda a écrit : >> >> Hello Yves, >> >> just add *usage_statistics_enab

[graylog2] Re: Extractor Help

Hi Charles, I'm not aware that any such "converter" exists. Cheers, Jochen On Wednesday, 4 November 2015 21:02:20 UTC+1, Charles Francis wrote: > > Hello all, > I couldn't find it listed anywhere so I was wonder if anyone had a magic > way to take some of the information from the logstash

[graylog2] Re: Required disk space for a new graylog2 installation unter Linux...

*relationship between* the *used > space from MongoDB (/var/lib/mongodb)* and the *space, used by > Elasticsearch (/var/lib/elasticsearch*)? > > Is it possible to sa 1/3 to 2/3 or something similar? > > > Thank you! > > Klaus. > > Am Montag, 2. November 2015 10:15:29 U

[graylog2] Re: Java-Exception, while protecting access to graylog-web using Apache HTTPD and .htaccess with Basic Authentication!

Hi Klaus, simple answer is: This currently can't be disabled in the Graylog web interface. If the web interface discovers that there's a Basic Auth happening "in front" of Graylog, it tries to use those credentials to log in and the error messages you've posted simply show those login

[graylog2] Re: Add an hyperlink in a field

Hi Jerome, Graylog currently doesn't support this. Cheers, Jochen On Thursday, 5 November 2015 17:50:09 UTC+1, jerome wrote: > > Hi , I use graylog since 1 month > > I use JSON to send my logs to graylog > > I want to add a column call "detail" to redirect (in a new window) the > graylog

[graylog2] Re: JAVA warning with graylog 1.2.2

still have java warning (each seconde) and micro freeze of graylog > servers. > > Regards > Yves Louis > > > Le mardi 3 novembre 2015 18:14:23 UTC+1, Jochen Schalanda a écrit : >> >> Hi Yves, >> >> you can activate DEBUG logging in Graylog by starting it

[graylog2] Re: help !!!!! for a newbie

Hi, On Wednesday, 4 November 2015 16:19:34 UTC+1, Charles Francis wrote: > > I ended up using this link for the install. > > > https://www.digitalocean.com/community/tutorials/how-to-install-graylog2-and-centralize-logs-on-ubuntu-14-04 > Holy cow, that article is quite out of date and I wouldn't

[graylog2] Re: JAVA warning with graylog 1.2.2

Hello Yves, just add *usage_statistics_enabled = false* to your Graylog configuration file (see https://github.com/Graylog2/graylog-plugin-anonymous-usage-statistics/tree/1.1.1#configuration-options ). Cheers, Jochen On Friday, 30 October 2015 16:17:21 UTC+1, yvesloui...@gmail.com wrote: > >

[graylog2] Re: Get some error at Search page on Graylog Web Interface

Hi, please check the logs of your Graylog server node(s) for the reason of the internal server error (HTTP response status 500). Cheers, Jochen On Monday, 2 November 2015 08:05:55 UTC+1, Exzitep wrote: > > Hi All, > > After install graylog2 on Ubuntu 14.04. I got an error when went to >

[graylog2] Re: Required disk space for a new graylog2 installation unter Linux...

Hi Klaus, unfortunately it's not that easy to calculate the exact disk space requirement for the given numbers. For example your log messages could be as small as a few bytes and as big as several kilobytes or even megabytes. Additionally it's important how heterogenous the log messages are.

[graylog2] Re: Required disk space for a new graylog2 installation unter Linux...

Hi Klaus, when you take a look into the "index_failures" collection, you should be able to find the reason why those messages couldn't be properly indexed. Cheers, Jochen On Thursday, 5 November 2015 14:01:26 UTC+1, kl...@tachtler.net wrote: > > Hi Jochen, > > thank you for the explanation,

[graylog2] Re: Troubleshooting Output messages

Hi Zach, I'm not really sure what your question is. Could you please elaborate? tcpdump can also be used to dump (well, duh!) the contents of TCP packets and not only their metadata (header fields etc.) by adding the -X parameter, see https://danielmiessler.com/study/tcpdump/ for an example.

[graylog2] Re: Getting "handshake_failure" using ''graylog2-plugin-input-httpmonitor"

Hi, the best way to tackle this is probably to file a bug report in the plugin repository on GitHub: https://github.com/sivasamyk/graylog2-plugin-input-httpmonitor/issues If you're still using Java 7, you should probably upgrade to Java 8, which supports a wider range of TLS protocol versions

[graylog2] Re: setup ElasticSearch and Graylog

Hi Zsolt, please post your Graylog server and your Elasticsearch configuration so we can take a look at them. Make sure to remove sensitive information like password_secret or MongoDB credentials before posting. Cheers, Jochen On Wednesday, 14 October 2015 16:27:25 UTC+2, Zsolt Osztrovszky

[graylog2] Re: setup ElasticSearch and Graylog

Hi Zsolt, On Monday, 19 October 2015 12:13:32 UTC+2, Zsolt Osztrovszky wrote: > elasticsearch_config_file = /etc/elasticsearch/elasticsearch.yml This setting is probably the culprit. The elasticsearch_config_file setting is being used to point to an Elasticsearch configuration file to

[graylog2] Re: Elasticsearch 2.0 and Graylog compatibility?

Hi David, that depends entirely if Elasticsearch 2.x will be compatible with Elasticsearch 1.x on a transport protocol level. So the answer is most likely: not. This being said, there's an experimental ES 2.x branch for Graylog at

[graylog2] Re: Graylog: set default value with GROK

Hi, you could extract that string into a dedicated message field and then use quick values to come up with a pie chart (and data table) for that field. Cheers, Jochen On Wednesday, 14 October 2015 09:49:19 UTC+2, kaiser wrote: > > Hello, > > I would like to generate charts from string value:

[graylog2] Re: Internal Graylog logging

Hi David, Graylog is using log4j 1.2 for its own logging needs. You can download and configure one of the existing log4j GELF appenders (see https://marketplace.graylog.org/addons?search=log4j) to write Graylog's log messages into Graylog itself. This being said, there is the possibility of

[graylog2] Re: grok pattern not working

Hi Zsolt, did you add the required Grok patterns to your Graylog system? Cheers, Jochen On Tuesday, 20 October 2015 12:56:17 UTC+2, Zsolt Osztrovszky wrote: > > Hello Guys! > I'd like to setup an extractor with Grok pattern. > This is my sample message and pattern: > 10.10.1.1 - -

Re: [graylog2] Re: setup ElasticSearch and Graylog

Hi Zsolt, depending on the operating system you've installed Graylog on you can either use the init script (Debian Wheezy, `service graylog-server restart`), the Upstart service (Ubuntu, `restart graylog-server`), or the systemd service (Debian Jessie, `systemctl restart graylog-server`) to

[graylog2] Re: AWS Elasticsearch

e more > explicit? Sorry by that. > > thank you. > > On Friday, October 9, 2015 at 9:11:58 AM UTC-3, Jochen Schalanda wrote: >> >> Hi William, >> >> Graylog is currently joining the Elasticsearch cluster as a regular >> client (i. e. no master, no data

[graylog2] Re: Stream ID

Hi Yoram, the user experience is a little bit lacking in that regard at the moment. You can find the stream ID in the URL of the stream page, e. g. if http://graylog.example.com/streams/556c2208e4b0f1234567890/messages?q=*=relative=300 was the URL of the stream page, then

[graylog2] Re: Graylog Sources Tab always showing Error "Could not load histogram Data"

ates Transport Disconnected? > > > You reckon that would be an issue with ES 1.4.2? Im withholding upgrading > yet just incase it messes up my config. > > Thanks > > > On Monday, 5 October 2015 16:47:49 UTC+1, Jochen Schalanda wrote: >> >> Hi Michel, &

[graylog2] Re: Graylog GROK and INPUTS

Hi, the configuration of inputs and grok patterns are stored in MongoDB in the inputs and grok_patterns collections. Cheers, Jochen On Tuesday, 13 October 2015 21:24:40 UTC+2, kaiser wrote: > > Hello, > > could you please tell me in which file GROK patterns and INPUT > configuration are

[graylog2] Re: migrating inputs between hosts

Hi David, that sounds as if the node ID of your new node changed, see the node_id_file setting ( https://github.com/Graylog2/graylog2-server/blob/1.2.1/misc/graylog2.conf#L5-L7) in your Graylog configuration. Make sure that your new Graylog node is using the same node ID and the inputs

[graylog2] Re: AWS Elasticsearch

Hi William, Graylog is currently joining the Elasticsearch cluster as a regular client (i. e. no master, no data node) which is not possible with the AWS Elasticsearch service. We might come up with a solution to this in the future, but for now you'd have to setup and manage your own

[graylog2] Re: Alert when there are Indexer Failures

Hi David, Graylog will not automatically generate a notification when indexer failures occur. You can, however, regularly query http://localhost:12900/system/indexer/failures or http://localhost:12900/system/indexer/failures/count for information about indexer failures. Please refer to the

[graylog2] Re: Unknown error

Hi, did you run Graylog (or the build process) as another user? The AccessDeniedException looks as if the currently used system user is not allowed to access the mentioned file. As a quick fix, you could also simply run `mvn clean` to remove the temporary build files. Cheers, Jochen On

[graylog2] Re: how can an email address be removed from Stream receivers?

Hi Sergey, simply click on the small blue 'x' next to the name on the Stream Alerts page in the Receivers box. Cheeres, Jochen On Tuesday, 17 November 2015 08:47:51 UTC+1, Sergey Guzenkov wrote: > > how can an email address be removed from Stream receivers? > -- You received this message

[graylog2] Re: Unable to see Collector component in Graylog Web UI in Ubuntu

Hi Preetika, support for the Graylog Collector has been added in Graylog 1.1.x and you seem to be running Graylog 1.0.x. Please upgrade to a more recent version as described at http://docs.graylog.org/en/1.1/pages/installation/operating_system_packages.html#ubuntu-14-04 . On Graylog 1.1.x,

[graylog2] Re: How to get a single jar after compiling Graylog??

Hi, as already described in https://groups.google.com/forum/#!topic/graylog2/8x3k-5VoHmg, you'll have to run mvn assembly:single. On Friday, 28 August 2015 13:14:50 UTC+2, Anant Sawant wrote: Hi!! Well I have compiled the Graylog server component using Eclipse(m2e) and have got multiple

[graylog2] Re: receiving netflow

Hi Marsel, we will publish a Netflow plugin for Graylog 1.2.0 in the near future. I'm not aware of any Netflow plugin for Graylog 1.1.x. Cheers, Jochen On Wednesday, 26 August 2015 00:40:38 UTC+2, Marsel Qako wrote: HI, I would like to collect netflow from cisco devices into graylog. I

Re: [graylog2] Re: How to setup Graylog code on eclipse.

keypair: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) - [Help 1] Any Ideas on the same. Please find the attachments. Thanks in Advance. Anant. On Mon, Aug 24, 2015 at 1:49 PM, Jochen Schalanda wrote: Hi Anant, your version of Java is too old. Please

[graylog2] Re: windows DNS log extractor

Hi Marsel, could you please post some example of those log messages and which extractors you're using to process them? Cheers, Jochen On Tuesday, 25 August 2015 09:50:17 UTC+2, Marsel Qako wrote: Hi All, I'm very new with graylog. I'm testing with sending my DNS logs from windows DNS

[graylog2] Re: Copying Dashboards widgets

Hi Daniel, dashboards and basically all configuration data is stored in MongoDB. You should be able to dump the MongoDB database of your old system and restore it into the MongoDB database of your new system. Just make sure to use the same node ID (see node_id_file in your Graylog server

[graylog2] Re: Anyone successfully using a load balancer to round robin each message sent to graylog?

Hi Drew, I know of several installations of Graylog which use load balancers in front of a Graylog cluster. Are there any specific problems you've encountered in regard to Graylog's part in this setup? Just one remark: Load balancing GELF messages sent via UDP (Graylog's GELF UDP input) might

<    1   2   3   4   5   6   7   8   9   10   >