[graylog2] Re: About shards

Hi Juan, please post the output of the following command (replace 127.0.0.1 with the IP address or hostname of one of your Elasticsearch nodes): curl 'http://127.0.0.1:9200/_cat/shards?v' Cheers, Jochen On Wednesday, 22 July 2015 15:03:45 UTC+2, Juan Andres Ramirez wrote: > > Hello Arie, >

[graylog2] Re: About shards

17815 48.3gb 127.0.0.1 domain.com > > > Thank you !! > > > On Wednesday, July 22, 2015 at 11:50:16 AM UTC-3, Jochen Schalanda wrote: >> >> Hi Juan, >> >> please post the output of the following command (replace 127.0.0.1 with >> the IP address

[graylog2] Re: new graylog2 node API users authentication problem

addingException: Given final block not properly > padded > > it seems mongo is not passing the userbase to the graylog-server, any way > I can force the syncronization? mongo is not configured for SSL/TLS > > On Wednesday, July 22, 2015 at 3:32:21 AM UTC-7, Jochen Schalanda wrote: &g

[graylog2] Re: how to contribute Extractor?

Hi Dung, thanks for wanting to contribute your extractor! Please just send the extractor (the actual JSON file) to he...@graylog.com and we'll add it to the website. Ideally please include some sample messages of the device so that we can test the extractor. Cheers, Jochen On Thursday, 23 Ju

[graylog2] Re: About shards

Hi Jérôme, it depends what you want to achieve. Having 4 shards and 1 replica of each shard per index is totally fine and works with 2 Elasticsearch nodes. Cheers, Jochen On Friday, 24 July 2015 10:29:06 UTC+2, Jérôme QUENEUDER wrote: > > Hello everybody, > > Maybe I have a same question, I hav

[graylog2] Re: Index rotation problems

Hi Eugene, the number of indices can also increase, if you cycle the deflector index a lot (e. g. in the web interface at System -> Indices -> Maintenance). You have set the maximum size of an index to 100,000 bytes (100 kilobytes) which is quite low. Maybe you mixed that up with 100,000,000 (1

[graylog2] Re: About shards

dredi 24 juillet 2015 11:15:04 UTC+2, Jochen Schalanda a écrit : >> >> Hi Jérôme, >> >> it depends what you want to achieve. Having 4 shards and 1 replica of >> each shard per index is totally fine and works with 2 Elasticsearch nodes. >> >> Cheers,

[graylog2] Re: Index rotation problems

Hi Eugene, the index cycling/rotation and the index retention are two separate processes. This means that old indices are not automatically deleted (which is your current retention strategy) when an index cycle occurs. Are there any error messages in your Graylog server logs? Cheers, Jochen

[graylog2] Re: Cloudtrail - consuming responseElements object

Hi, the AWS input plugin was more of a proof of concept in the first implementation. Could you, Preston and Fabio, please elaborate on some of you use cases with the plugin and which functionality is specifically missing? Cheers, Jochen On Sunday, 26 July 2015 13:08:21 UTC+2, Fabio Douek wro

[graylog2] Re: Need to change URL from a Stream

Hi Jérôme, you can modify the URL to the web interface with the transport_email_web_interface_url setting in your Graylog server configuration ( https://github.com/Graylog2/graylog2-server/blob/1.1.4/misc/graylog2.conf#L347-349 ). Cheers, Jochen On Sunday, 26 July 2015 19:40:52 UTC+2, Jérôme

[graylog2] Re: Upgrading Graylog from 1.0.1 to 1.1.4

Hi, Graylog 1.1.4 is also working fine with Elasticsearch 1.4.5, but you might find some performance degradation which might or might not affect you, depending on the overall throughput of your Graylog setup. Cheers, Jochen On Monday, 27 July 2015 00:13:48 UTC+2, BKeep wrote: > > Upgraded fro

[graylog2] Re: Query distinct values

Hi Jesse, unfortunately that's currently not possible with the query language of Graylog/Lucene. Feel free to add this as a feature request in our product portal (https://www.graylog.org/product-ideas/). Cheers, Jochen On Monday, 27 July 2015 01:22:11 UTC+2, Jesse Skrivseth wrote: > > Hello a

[graylog2] Re: Logging in GELF over TLS

Hi Russ, most third-party libraries only support sending GELF over UDP, some also support TCP, and very few support GELF over TCP+TLS. For example our own Java-based gelfclient (https://github.com/Graylog2/gelfclient) supports all three modes. If you're missing a specific transport mode in some

[graylog2] Re: Does GELF over UDP support timestamp field?

Hi Jason, the xtimestamp field looks valid and should work if you put the value into the mandatory timestamp field of a GELF message. The message timestamp is interpreted as seconds since UNIX epoch (i. e. 1/1/1970 00:00:00 UTC), so maybe you're off by some hours due to the timezone offset bein

[graylog2] Re: resource cost of adding fields to graylog

Hi Jason, running extractors and writing their output into new fields of course will require some processing time but we try really hard to optimize these operations so that you shouldn't really see an performance impact unless you have 50* or more extractors on your input. You can always measu

[graylog2] Re: Node not taking messages

Hi Mike, how are you sending messages to those Graylog nodes? Do you see any throughput for the inputs on that node in the web interface? Cheers, Jochen On Monday, 27 July 2015 20:42:45 UTC+2, Mike Daoust wrote: > > Im completely drawing a blank here. > > Have a 3 GL server nodes. Only 2 of t

[graylog2] Re: Logging in GELF over TLS

message but it didn't seem to pick it up. Maybe I need to > setup an extractor? Or would this be like CEE for rsyslog? > > Thanks for your help! > > -Russ > > On Monday, July 27, 2015 at 1:32:00 AM UTC-7, Jochen Schalanda wrote: >> >> Hi Russ, >> >

[graylog2] Re: Help with install script

Hi Joe, if you want to automate the installation of Graylog and its dependencies, you should use one of our existing recipes/modules/playbooks for Chef, Puppet, or Ansible instead of writing your own bash script; see http://docs.graylog.org/en/1.1/pages/installation/config_management_tools.html

[graylog2] Re: Add Role to Graylog2

Hi Tim, user roles will be supported in Graylog 1.2.0. You can follow https://github.com/Graylog2/graylog2-server/pull/1322 if you want to stay up-to-date on the issue. Cheers, Jochen On Tuesday, 28 July 2015 10:07:30 UTC+2, tim lewis wrote: > > Is there a way to add a new role to Graylog? W

[graylog2] Re: Setting default TTL for new indices

Hi, you can add your index template to the Elasticsearch configuration file ( https://www.elastic.co/guide/en/elasticsearch/reference/0.90/indices-templates.html#config) referenced in the elasticsearch_config_file setting in the Graylog configuration file ( https://github.com/Graylog2/graylog2-

[graylog2] Re: Setting default TTL for new indices

overridden by Graylog directly (see configuration settings prefixed with elasticsearch_ in the Graylog configuration file). Cheers, Jochen On Tuesday, 28 July 2015 15:21:32 UTC+2, ZeroUno wrote: > > Il 28/07/15 14:13, Jochen Schalanda ha scritto: > > > you can add your index

[graylog2] Re: how to use sessionid with rest api

Hi, the session handling of Graylog is kind of special (i. e. using a very custom mechanism). You'll have to use the session ID as user name and the special password "session" as credentials and send those as standard Authorization header (Basic Auth) to the Graylog server. In the end your re

[graylog2] Re: Dashboards problems

Hi Alex, did you upgrade both, the Graylog server and the web interface, to version 1.1.5? What kind of queries are you using in your dashboard widgets? Do those queries complete fast and at all if you enter them in the search bar? You can also click on the ">" icon on the dashboard widgets to

[graylog2] Re: Check Graylog Node Status via API

Hi Pete, currently there is no resource in the Graylog REST API which would check the availability of MongoDB or Elasticsearch explicitly. But you could check this "indirectly" via the cluster stats resource at http://localhost:12900/system/cluster/stats (or more specifically http://localhost:

[graylog2] Re: juniper ssg 140

Hi Leon, some network appliances don't send actually valid syslog messages, although their manufacturers claim they do. This might be one of those cases. Please check, if the messages are indexed if you're using a Raw UDP/TCP input in Graylog. You'd have to extract the interesting fields with s

[graylog2] Re: Check Graylog Node Status via API

gt; > On Thursday, 30 July 2015 19:45:27 UTC+10, Jochen Schalanda wrote: >> >> Hi Pete, >> >> currently there is no resource in the Graylog REST API which would check >> the availability of MongoDB or Elasticsearch explicitly. But you could >> check this &quo

[graylog2] Re: graylog-server 1.1.5 - Enabling HTTPS REST api binds graylog-server service to loopback instead of eth0 address

Hi Tim, since you're using the hostname "hostname.example.com" to specify the network interface the Graylog REST API should listen on (using rest_listen_uri), Graylog is resolving the hostname on startup and using the first IP address this request returns – in your case 127.0.0.1 from your /et

[graylog2] Re: wildcard searches on fields besides "messages"?

Hi Jason, by default only a few message fields (like message, full_message, and source) are being analyzed so that wildcard searches are possible (see https://github.com/Graylog2/graylog2-server/blob/1.1.5/graylog2-server/src/main/java/org/graylog2/indexer/Mapping.java#L79-86 ). If you absolute

[graylog2] Re: Graylog-web not logging to /var/logs

Hi Mike, I haven't heard of that error scenario until now. Are you using tools like logrotate to rotate log files in /var/log/? Maybe the log file the Graylog web interface was writing into was rotated (renamed, deleted, …) and now it couldn't keep writing into that file. Cheers, Jochen On Tu

[graylog2] Re: Stream alert not generated even alert condition satisfied

Hi Avdhoot, how does your alert condition look like and what should it do actually? Cheers, Jochen On Tuesday, 4 August 2015 13:04:11 UTC+2, Avdhoot Dendge wrote: > > > Need help to debug why graylog is not generating alert even alert > condition satisfied. Please check below screenshot for ale

[graylog2] Re: Service JournalReader has failed in the RUNNING state

Hi Stefan, your Graylog server runs out of (heap) memory while reading from the message journal. Please increase the maximum size of heap memor for the JVM (see GRAYLOG_SERVER_JAVA_OPTS in the init scripts). Cheers, Jochen On Tuesday, 4 August 2015 12:42:06 UTC+2, Stefan Zahnd wrote: > > Hi th

[graylog2] Re: Export all logs from the last month

Hi Anders, all log messages processed by Graylog are indexed into Elasticsearch and you can, of course, also query Elasticsearhc directly to get the messages you want. You could for example use the Elasticsearch CSV plugin (https://github.com/jprante/elasticsearch-csv) to get all messages out o

[graylog2] Re: query about performance of time retention_policy settings

Hi Jason, the answer to your question depends on multiple factors, like the structure of your log messages, their average size, the available hardware resources for Graylog and Elasticsearch, and the kind of queries you've been running. In short, modern hardware with decent amounts of memory sh

[graylog2] Re: Stream alert not generated even alert condition satisfied

e than 0 messages in the last > minute. Grace period: 1 minute. Including last 2 messages in alert > notification.* > > On Tuesday, August 4, 2015 at 5:47:11 PM UTC+5:30, Jochen Schalanda wrote: >> >> Hi Avdhoot, >> >> how does your alert condition look like

[graylog2] Re: How to setup Graylog code on eclipse.

Hi Gangadhar, Graylog is using Maven as its build system, so using M2Eclipse (https://eclipse.org/m2e/) it should be pretty easy to import the project into Eclipse. FWIW, it's working out of the box with IntelliJ IDEA (https://www.jetbrains.com/idea/). Cheers, Jochen On Wednesday, 5 August 2

[graylog2] Re: Error executing action `run` on resource 'ruby_block[add node to server list]

Hi, how did you upgrade from Graylog 1.1.4 to Graylog 1.1.5? Which appliance (I guess that it's one of our virtual machine images…) are you using on which hypervisor? Did you try restarting etcd (which seems to be the culprit) with sudo graylog-ctl restart etcd? You can see the logs with sudo g

[graylog2] [ANNOUNCE] Graylog 1.1.6 has been released

Hi everyone, we have released Graylog 1.1.6 today which fixes a longstanding issue regarding Syslog TCP inputs. If you had problems with reseting TCP connections in combination with the Syslog TCP input, you should upgrade to this release. Otherwise you might skip it. You can find the detaile

[graylog2] Re: Check Graylog Node Status via API

log for these events I'm stumped > what else to look for at present... > > Cheers, Pete > > On Fri, Jul 31, 2015 at 6:55 PM, Jochen Schalanda wrote: > >> Hi Pete, >> >> the MongoDB stats resource will respond with HTTP status 500 after the >> t

[graylog2] Re: Upgraded to 1.1.6, journal processing stopped

Hi Jesse, do you see any error messages in the logs of your Graylog node(s)? Cheers, Jochen On Thursday, 6 August 2015 20:02:35 UTC+2, Jesse Skrivseth wrote: > > Hello all. I upgraded from 1.1.4 to 1.1.6. There were/are about 100k > messages in the journal at the time. The upgrade went smoothl

[graylog2] Re: Graylog 1.1.6 with Elasticsearch 1.7.1

Hi Martin, Graylog 1.1.x will work perfectly fine with Elasticsearch 1.7.1. The mentioning of Elasticsearch 1.6.2 in the release notes of Graylog 1.1.6 refers to the version internally used by Graylog to connect to the Elasticsearch cluster. Cheers, Jochen On Monday, 10 August 2015 14:09:59

[graylog2] Re: Graylog Web Interface: TLS-connection not working. "Not an SSL/TLS record"

Hi Jan, Direct access to http://{myhost}:12900/system/cluster/stats from a web > browser: No problem and no failure entry in the logfile. This sounds wrong. If the Graylog REST API is configured to use TLS, you should only be able to access it via HTTPS. Please share your Graylog server and w

[graylog2] Re: what can I do to prepare for geoip support?

Hi Jason, I hear that some form of geoip support is expected in graylog-1.2? That's currently not planned. Cheers, Jochen On Wednesday, 12 August 2015 23:01:52 UTC+2, Jason Haar wrote: > > Hi there > > I hear that some form of geoip support is expected in graylog-1.2? As > such, what can I

[graylog2] Re: Posting GELF over HTTPS

Hi Simon, support for HTTPS in the GELF HTTP input will be added in Graylog 1.2.0. If you cannot wait that long, you could put a reverse proxy or a small tool like stunnel (https://www.stunnel.org/index.html) in front of the input. Cheers, Jochen On Thursday, 13 August 2015 10:08:59 UTC+2, Si

Re: [graylog2] Re: what can I do to prepare for geoip support?

Hi Jason, we'll update the product idea items accordingly. Thanks for bringing this to our attention! Cheers, Jochen On Thursday, 13 August 2015 00:28:46 UTC+2, Jason Haar wrote: > > On 13/08/15 09:06, Jochen Schalanda wrote: > > Hi Jason, > > I hear that some f

[graylog2] Re: Need sample of plugin with PluginRestResource

Hi Gangadhar, currently only Graylog's own resources are being scanned and made available in the API browser. Please add a feature request at https://github.com/Graylog2/graylog2-server/issues/new if you think that the JAX-RS resources of plugins should be listed as well. Cheers, Jochen On T

[graylog2] Re: Update AWS instances

Hi Brandon, upgrading the Graylog Omnibus package inside your existing AMI is still possible and should work exactly as you've described. Cheers, Jochen On Thursday, 13 August 2015 23:27:14 UTC+2, Brandon Shiner wrote: > > In July, when the AMI documentation was moved to ReadTheDocs, the notes

[graylog2] Re: org.elasticsearch.action.search.SearchPhaseExecutionException Unable to execute search

Hi, are there anymore details about the SearchPhaseExecutionException in the Graylog server logs (like a complete stack trace or details on the shard failures) or general error messages in the Elasticsearch logs? Cheers, Jochen On Wednesday, 19 August 2015 15:42:17 UTC+2, Graylog2 wrote: > >

[graylog2] Re: org.elasticsearch.action.search.SearchPhaseExecutionException Unable to execute search

Hi, this problem is related to the dynamic index mapping created by Elasticsearch. See https://github.com/Graylog2/graylog2-server/issues/903 and https://github.com/Graylog2/graylog2-server/issues/1063 for related issues and possible workarounds. Cheers, Jochen On Wednesday, 19 August 2015 18

[graylog2] Re: Graylog for JSP ?

Hi Vincent, the only "JSP" I know are Java Server Pages and you can use one of the existing GELF logging appenders to send logs from Java applications into Graylog, see https://www.graylog.org/resources/data-sources/ for details. If you mean something else, please elaborate on that. Cheers, Jo

[graylog2] Re: Graylog for JSP ?

gt; that but i dont know which one is for JSP, can you tell me which one is for > JSP ? > > Thankss :D > > On Thursday, August 20, 2015 at 3:50:36 PM UTC+7, Jochen Schalanda wrote: >> >> Hi Vincent, >> >> the only "JSP" I know are Java Server Pages an

[graylog2] Re: graylog ports

Hi, Graylog itself only needs access to the REST API of all other Graylog nodes in the cluster, which is listening on port 12900/tcp by default. Additionally each node needs to have access to Elasticsearch's transport port which is 9300/tcp (or rather a range 9300/tcp-9400/tcp) by default, see

[graylog2] Re: graylog ports

Oh, and I almost forgot that each node needs access to the same MongoDB server and database, which listening on port 27017/tcp by default, see http://docs.mongodb.org/manual/reference/default-mongodb-port/ for details. Cheers, Jochen On Thursday, 20 August 2015 11:53:14 UTC+2, Jochen

[graylog2] Re: timezone in Graylog system logs

Hi Ed, you'll have to modify the log4j configuration file (see https://github.com/Graylog2/graylog2-server/blob/1.1.6/graylog2-bootstrap/src/main/resources/log4j.xml and https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PatternLayout.html) used by Graylog and probably set the syst

[graylog2] Re: Graylog for JSP ?

Hi Vincent, which Servlet container are you using? Which web framework (if one at all)? And are you sure that Log4j has been the log framework being used in your application? Cheers, Jochen On Friday, 21 August 2015 05:28:59 UTC+2, Vincent Aprilius wrote: > > Hi Jochen, > > now i am trying us

[graylog2] Re: Exporting data from Graylog to compile stats

Hi Hayder, aggregations (like count, grouping by a message attribute, etc.) are currently not supported by Graylog. Cheers, Jochen On Friday, 21 August 2015 10:14:58 UTC+2, Hayder Abbass wrote: > > Hello, > > We are thinking of using Graylog to collect logs data that will be later > used to c

[graylog2] Re: Yet another timezone question!

Hi Werner, could you please post some examples of the messages nxlog is sending to Graylog and how they do not match what you expect them to be? Cheers, Jochen On Friday, 21 August 2015 10:14:58 UTC+2, Werner van der Merwe wrote: > > Seems like this is quite a hot topic, but unfortunately I am

[graylog2] Re: Write incoming messages to file

Hi Guido, there's a 3rd party syslog output plugin for Graylog ( https://github.com/dfch/biz.dfch.j.graylog.plugin.output.syslogoutput) which you could use to send messages from a stream to a remote syslog daemon which in turn can write those logs to disk. Other than that I'm not aware of a fil

[graylog2] Re: Graylog Collector Not working

Hi Ankur, are there any error messages in the logs of the Graylog Collector? Can the Graylog Collector reach the REST API of the configured Graylog server node? Cheers, Jochen On Friday, 21 August 2015 09:56:12 UTC+2, ANKUR GOYAL wrote: > > Hello , > > I have already configured the graylog lat

Re: [graylog2] Re: Graylog Collector Not working

it's showing that client in collector.but it's not showing any logs. > > Regards, > Ankur Goyal > > > On Aug 21, 2015 4:26 PM, Jochen Schalanda wrote: > >> Hi Ankur, >> >> are there any error messages in the logs of the Graylog Collector? Can

[graylog2] Re: Graylog Docker Logging/ Java Stacktrace Splitter

Hi Ivan, collapsing multiple individual log lines/messages into one is unfortunately not possible with Graylog at the moment. If you can modify the Docker container or the Java application running in it, respectively, you could use one of the existing GELF logging appenders (see https://www.gr

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

Hi Kevin, by default (and especially on Raw/Plaintext inputs) message timestamps are stored in UTC. Maybe you didn't change the timezone settings of your user(s) to match the actual timezone in your place? Cheers, Jochen On Sunday, 23 August 2015 14:53:51 UTC+2, Kevin Johnson wrote: > > I’m r

[graylog2] Re: Question: Graylog Radio Input (AMQP) #1365

Hi Hari, Graylog 1.1.x supports GELF (https://www.graylog.org/resources/gelf) via AMQP and a special MsgPack format (which is being used by Graylog Radio). Other message formats are not supported at the moment. Graylog 1.2.0 will additionally support Syslog messages and raw/plaintext via AMQP.

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

reply Jochen. All of my server are in the same region > and have the same timezone settings. > > On Sunday, August 23, 2015 at 9:23:41 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Kevin, >> >> by default (and especially on Raw/Plaintext inputs) message timestamps

[graylog2] Re: extractor impact on performance

t > can impacte the avaibility of consulting the messages already loggued > > Best regards. > > > > Le mercredi 24 septembre 2014 20:10:05 UTC+2, Jochen Schalanda a écrit : >> >> Hi Jamie, >> >> Am Mittwoch, 24. September 2014 19:58:38 UTC+2 schrieb Jami

[graylog2] Re: How to setup Graylog code on eclipse.

t; [Help > 1] > > Not able to figure out how to resolve this. > > Do you have any ideas. > > Thanks in Advance. : -) > > On Thursday, 6 August 2015 13:13:16 UTC+5:30, Jochen Schalanda wrote: >> >> Hi Gangadhar, >> >> Graylog is using Maven as

[graylog2] Re: are there standard field names?

Hi Jason, other than the mandatory fields described in the GELF specification ( https://www.graylog.org/resources/gelf) there are no default message fields in Graylog. Cheers, Jochen On Monday, 24 August 2015 11:10:00 UTC+2, Jason Haar wrote: > > Hi there > > I've been testing graylog for a f

[graylog2] Re: windows DNS log extractor

Hi Marsel, could you please post some example of those log messages and which extractors you're using to process them? Cheers, Jochen On Tuesday, 25 August 2015 09:50:17 UTC+2, Marsel Qako wrote: > > Hi All, > > I'm very new with graylog. I'm testing with sending my DNS logs from > windows DN

Re: [graylog2] Re: How to setup Graylog code on eclipse.

.org/nexus/content/groups/public/): > java.lang.RuntimeException: Could not generate DH keypair: Prime size must > be multiple of 64, and can only range from 512 to 1024 (inclusive) -> [Help > 1] > > Any Ideas on the same. > Please find the attachments. > > Tha

[graylog2] Re: receiving netflow

Hi Marsel, we will publish a Netflow plugin for Graylog 1.2.0 in the near future. I'm not aware of any Netflow plugin for Graylog 1.1.x. Cheers, Jochen On Wednesday, 26 August 2015 00:40:38 UTC+2, Marsel Qako wrote: > > HI, > > I would like to collect netflow from cisco devices into graylog. I

[graylog2] Re: Anyone successfully using a load balancer to round robin each message sent to graylog?

Hi Drew, I know of several installations of Graylog which use load balancers in front of a Graylog cluster. Are there any specific problems you've encountered in regard to Graylog's part in this setup? Just one remark: Load balancing GELF messages sent via UDP (Graylog's GELF UDP input) might

[graylog2] Re: Service graylog2-server shuts down after start of CentOS

Hi Karl, the script you've linked to is using a very old version of Graylog2. Please upgrade to a more recent version (latest stable is Graylog 1.1.6, Graylog 1.2.0 is just around the corner). We also offer ready-to-go images for VirtualBox which you can use to setup Graylog instead of some ho

[graylog2] Re: Copying Dashboards widgets

Hi Daniel, dashboards and basically all configuration data is stored in MongoDB. You should be able to dump the MongoDB database of your old system and restore it into the MongoDB database of your new system. Just make sure to use the same node ID (see node_id_file in your Graylog server config

[graylog2] Re: Login Screen

Hi Daniel, why would anyone want to replace that awesome NASA mission control picture? ;-) Currently it's not possible to replace the picture without building a custom version of the Graylog web interface ( https://github.com/Graylog2/graylog2-web-interface/blob/1.1.6/public/images/auth/loginbg

[graylog2] Re: Unable to see Collector component in Graylog Web UI in Ubuntu

Hi Preetika, support for the Graylog Collector has been added in Graylog 1.1.x and you seem to be running Graylog 1.0.x. Please upgrade to a more recent version as described at http://docs.graylog.org/en/1.1/pages/installation/operating_system_packages.html#ubuntu-14-04 . On Graylog 1.1.x, you

Re: [graylog2] Bundeling/copying all executable jars after comiling graylog

Hi Anant, as Kay already mentioned, you'll have to run mvn assembly:single after building Graylog. You can take a look at the linked Travis CI configuration, which does exactly that. Cheers, Jochen On Friday, 28 August 2015 11:31:39 UTC+2, Anant Sawant wrote: > > Hi! > > Thanks for the respon

[graylog2] Re: How to get a single jar after compiling Graylog??

Hi, as already described in https://groups.google.com/forum/#!topic/graylog2/8x3k-5VoHmg, you'll have to run mvn assembly:single. On Friday, 28 August 2015 13:14:50 UTC+2, Anant Sawant wrote: > > Hi!! > > Well I have compiled the Graylog server component using Eclipse(m2e) and > have got multi

[graylog2] Re: Search syntax docs not correct?

Hi Dennis, by default only the message, full_message, and source message fields are being analyzed, which enables wildcard searches (or more complicated search queries in general) on those fields. If you want to perform searches on additional fields, you'll have to create an Elasticsearch inde

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

Hi Kevin, could you please post some of the messages you send to Graylog and how they are being parsed? Cheers, Jochen On Saturday, 29 August 2015 04:20:34 UTC+2, Kevin Johnson wrote: > > I set the root_timezone to EST, which all my servers are set to. > Restarted Graylog. Once again there

[graylog2] Re: Unable to see Collector component in Graylog Web UI in Ubuntu

d this seems to be working fine. > > Thanks, > Preetika > > On Thursday, 27 August 2015 21:09:39 UTC+5:30, Jochen Schalanda wrote: >> >> Hi Preetika, >> >> support for the Graylog Collector has been added in Graylog 1.1.x and you >> seem to be runnin

[graylog2] Re: Graylog Docker Logging/ Java Stacktrace Splitter

Hi Aniruddha, the easiest way to get complex logs from Java applications into Graylog is by using one of the existing GELF log appenders (see https://www.graylog.org/resources/data-sources/ for a list of projects). There are several GELF appenders for Logback. Cheers, Jochen On Monday, 31 Aug

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

$line | > > nc -w 1 -u 192.168.1.12 12409; > > done; > > > On Monday, August 31, 2015 at 5:17:47 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Kevin, >> >> could you please post some of the messages you send to Graylog and how >> they are being parsed? >

[graylog2] Re: Grok apache filter not working ?!

Hi, did you add the respective Grok patterns to your Graylog installation (System -> Grok Patterns)? Are there any error messages in the Graylog server node logs? Cheers, Jochen On Tuesday, 1 September 2015 10:34:55 UTC+2, VP wrote: > > Hello, > > I have the following situation: > > Apache ac

[graylog2] Re: /etc/issue is being overwritten

Hi Daniel, which image of Graylog are you using? The OVA image (Virtualbox/VMware), the Docker image, or one of the AMIs? Cheers, Jochen On Tuesday, 1 September 2015 12:40:16 UTC+2, daniel.sc...@googlemail.com wrote: > > Hi All, > > I changed the contents of /etc/issue and customize it a litt

[graylog2] Re: Huge gaps between the time stamp on Graylog server and actual logged items

puts. How do I use the recognized date as the > message timestamps? > > On Tuesday, September 1, 2015 at 4:21:55 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Kevin, >> >> did you create an extractor (e. g. a grok or a regex extractor) to parse >> those

[graylog2] Re: Upgrade 1.1.6 to 1.2 RC broke REST API using TLS?

Hi Tim, are there any other or more detailed error messages in the logs of the Graylog web interface or the Graylog server node(s)? Cheers, Jochen On Wednesday, 2 September 2015 10:17:48 UTC+2, Tim Cooper wrote: > > I've just upgraded my Graylog installation to 1.2 RC and since the upgrade >

[graylog2] Re: nginx logs not rotated

Hi Pica, thanks for reporting this! I've opened a ticket for this issue on GitHub at https://github.com/Graylog2/graylog2-images/issues/85. Cheers, Jochen On Wednesday, 2 September 2015 12:04:46 UTC+2, Joan Picanyol i Puig wrote: > > Hi there, > > We're using the 1.1.6 OVAs, and found out tha

[graylog2] Re: Upgrade 1.1.6 to 1.2 RC broke REST API using TLS?

Hi Tim, is your Graylog server node configured to serve the REST API via HTTPS? Maybe the configuration file was altered/overwritten during the upgrade. Cheers, Jochen On Wednesday, 2 September 2015 12:35:05 UTC+2, Tim Cooper wrote: > > Nothing else of note in either /var/log/graylog-server/se

Re: [graylog2] Grok apache filter not working ?!

Regards, >> Edmundo >> >> > On 02 Sep 2015, at 11:22, Vlaad P wrote: >> > >> > Hi, >> > >> > Yes. And the same result. I have no errors on nodes. >> > P.S. Logs are shipped with rsyslog. Am I missing something? >> >

[graylog2] Re: Two different graylog instances in single server

Hi Santhosh, if you just want to give two distinct user groups access to different logs, you can probably just use the stream feature of Graylog ( http://docs.graylog.org/en/1.1/pages/streams.html). If you really want to operate two completely separate instances of Graylog, you need to let them

[graylog2] Re: Does Graylog closes connections ?

Hi Florent, this definitely sounds like a bug. Please create a bug report for this at https://github.com/Graylog2/graylog2-server/issues and include some information about the connections (e. g. which TCP ports are being used) to the description so that we can identify the culprit (e. g. a cert

[graylog2] Re: GrayLog-Webinterface compilation

Hi Anant, you can also use plain SBT instead of the Typesafe Activator to build the Graylog web interface. Also take a look into the build_release.sh script in the repository. Cheers, Jochen On Thursday, 3 Sept

[graylog2] Re: Upgrade 1.1.6 to 1.2 RC broke REST API using TLS?

Hi Tim, thanks for reporting this issue. As it turns out this has been a regression introduced in Graylog 1.2.x which will be fixed in the next release candidate. You can follow https://github.com/Graylog2/graylog2-server/pull/1393 on GitHub to stay updated on the issue. Cheers, Jochen On W

[graylog2] Re: /etc/issue is being overwritten

Hi Daniel, the /etc/issue file is being generated during the boot process. If you want to customize the message, you need to edit /etc/rc.local as well. Cheers, Jochen On Tuesday, 1 September 2015 15:33:20 UTC+2, daniel.sc...@googlemail.com wrote: > > Hi Jochen, > > the OVA Image. > > Regards

[graylog2] Re: Random exceptions on large datasets / lost messages

Hi Marcel, could you please post those exceptions in full? Cheers, Jochen On Friday, 4 September 2015 15:43:56 UTC+2, Marcel Manz wrote: > > Hi all > > We have a setup of 2 graylog servers (1.1.6), both of which are running ES > 1.7.1 in redundant setup behind a load balancer. > > When we do se

[graylog2] Re: No Graylog servers available.

Hi, ERROR: Unable to access file /data > > Graylog needs write-access to the /data directory (also see message_journal_dir, https://github.com/Graylog2/graylog2-server/blob/1.1.6/misc/graylog2.conf#L254-L256). You have to ensure that the Graylog system user is allowed to enter, read, and writ

[graylog2] Re: Available Extractors and their status

Hi, there's a rating function on the new Graylog marketplace (https://marketplace.graylog.org/) which has been built for exactly this purpose. Cheers, Jochen On Monday, 7 September 2015 17:24:30 UTC+2, frpet1 wrote: > > Hi, > > I recently tired to use a Extractor from the repository, and, it d

[graylog2] Re: Available Extractors and their status

48 UTC+2, frpet1 wrote: > > That's nice. > > So the remaining step is to make the Extractors available thru the > marketplace then. > And it sounds like that's on the roadmap too? > > Re, > /P > > On Monday, September 7, 2015 at 5:41:15 PM UTC+2, Jochen Schalan

[graylog2] Re: ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY when using HTTPS for web interface

Hi Russ, please refer to the Play framework's documentation about cipher suites at https://www.playframework.com/documentation/2.3.x/CipherSuites#Recommendation:-increase-the-DHE-key-size which also explains how to increase the DHE key size. You will also need to upgrade to Java 8, if you're s

[graylog2] Re: LDAP authentication with Graylog 1.2 RC2

Hi Yves, the automatic migration of legacy user accounts to the new scheme has been added in Graylog 1.2.0-rc.3. I'd recommend upgrading to Graylog 1.2.0-rc.4 in your case to verify that the problem has been solved. Cheers, Jochen On Tuesday, 8 September 2015 15:19:36 UTC+2, yvesloui...@gmail

[graylog2] Re: Extracting data from Jasig CAS 4.0 cas.log log file for parsing with Graylog

Hi Carl, as far as I know there are no pre-made extractors for Jasig CAS 4.0 in the marketplace (https://marketplace.graylog.org/) yet. But you should be able to create some useful regular expression or grok extractors for those logs if they follow a sane format. Please refer to http://docs.gr

<    1   2   3   4   5   6   7   8   9   10   >