I've found this article on the right place to put the certs...but not sure what
format or how to get them out of the master server
http://docs.graylog.org/en/2.0/pages/faq.html#i-have-configured-an-smtp-server-or-an-output-with-tls-connection-and-receive-handshake-errors-what-should-i-do
--
That's the problem then.
What files need to move from the server 2 took the server 1 machines?
Getting to find doc on that, but it's sparse
Thanks
Tp
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and
may not be
looking in the right area)
I assume I have not setup TLS correctly and the docs are a bit vague on that
Any insight is appreciated
Thanks
TP
On Wednesday, February 15, 2017 at 4:00:28 PM UTC-6, Tom Powers wrote:
>
> Hello,
>
> If I'm trying to troubleshoot why an output f
Hello,
If I'm trying to troubleshoot why an output from a stream , being forwarded
to another graylog server, and the stream populates but the receiving
server shows nothing, which logs on the graylog boxes would I check to see
if I have an output or an input problem?
Thanks
TP
--
You
I got closer.In further investigation, it tags if the case is the same.
but not if it comes in all lower case for example
On Friday, February 10, 2017 at 3:54:01 PM UTC-6, Tom Powers wrote:
>
> Looking to do a Regex for a string in full_message
>
> I have the first stream
Looking to do a Regex for a string in full_message
I have the first stream rule tagging EventID:4688 (works great)
Trying to then do a second rule where it will match any .exe that ran out
of any user appdata folder.
For example... (AppData\\Local\\Temp\\.+.exe) works for my powershell
Is there any good doc on setting up the tls on the stream output and then the
receiving side at the new graylog instance?
Been combing through doc and posts for a couple hours and only have fragments
of an idea on how to do this
Self signed certs will be fine for this
All insight is
Is there any good doc on setting up the tls on the stream output and then the
receiving side at the new graylog instance?
Been combing through doc and posts for a couple hours and only have fragments
of an idea on how to do this
Self signed certs will be fine for this
All insight is
I have 2 sites. One office is the main office, the other is a branch office
I am wondering if this is possible.
If I put a graylog server at each site in regular setup, I can collect the
logs of that site. Simple enough so far.
Now...the Streams I have setup on those 2 servers, which is
Ok...and interesting issue here.
We have 3 Inputs running into Graylog 2.12
Input 1 : Gelf-UDP Port 12202 - For Windows machines (sending with nxlog)
Input 2 : Syslog UDP 514 - Novell Suse Linux sending via Syslog-ng
Input 3 : Syslog UDP 15514 - ASA firewall sending via Cisco IOS
Gotcha...I was hoping that some of the more complex searches that one can write
and save could simply be called and used by a stream
I'll dig into what pipelines can give me in that case
Thanks
Tp
--
You received this message because you are subscribed to the Google Groups
"Graylog Users"
OhOK... so I have a couple ways to try out.
What is the syntax to use a saved search in a Stream? That is eluding me
right now
Thanks
TP
On Monday, January 23, 2017 at 5:37:17 PM UTC-6, Tom Powers wrote:
>
> OK...streams and alerts for them are very cool...but it seems I can do
I may have the terms off here
In the stream rules, I can select a field...Event ID for exampleselect the
operatormatch exactly for example, and then the field of what I want it to
match...4688 for example
The rule only seems to give me the one category/operator/criteria choice per
I got farther on this todayyou did say you wanted XML format?
TP
On Monday, January 23, 2017 at 5:51:58 AM UTC-6, Wil Hutchins wrote:
>
> Hey Tom,
>
> Message tracking logs primarily.
>
> Sent from my iPhone
>
> > On 23 Jan 2017, at 12:14 pm, Tom Powers <th
Have you tried powershell? As I recallthere's a Get-Auditlog cmdletmy
syntax may be off. But...if you could grab it that way, even in a scheduled
task...you could use export-csv syntax to get it to output
I can turn it in at my office and figure it outwhat info do you want out of
GL2 is an incredible tool...and I'm learning more and more each day.
I've been through the docs and ask through the groups here...great info.
Just a questionthe more rules I build, the more I wonder what I'm missing
Ate there any good places to go for rules creation? I work on Windows
What are some of you using to pull reports from Graylog...if anything?
The doc refers to calling the REST-API , so there's got to be some sort of
reporting tools out there
Thoughts?
All insight is appreciated
Thanks
TP
--
You received this message because you are subscribed to the Google
Actually...I found it...Source was capitalized and in the regular
search it is not. I see that this is extremely case sensitive
Thanks
TP
On Friday, January 20, 2017 at 3:44:54 PM UTC-6, Tom Powers wrote:
>
> Hello Everyone!!
>
> Total Noob to Graylog...but I have read the d
Hello Everyone!!
Total Noob to Graylog...but I have read the docs and have scoured the net
for this.
Brand new Graylog2.1 from OVA.
Sending data into it from windows event logs via nxlog
Everything works great...I can get searches on ExventIDs, create streams
and dashboards.
here's the
19 matches
Mail list logo