Hello,
We just installed Graylog and our getting logs from a bunch of Linux Ubuntu
14.04 machines. However, under source, it is giving the IP address instead
of the DNS or hostname. I've installed the DNS resolver plugin but i can't
seem to get that working either.
Any idea how i can get
Hello,
I'm trying to delete a source in Graylog2. I'm using the following command:
curl -XDELETE
'http://graylog:9200/graylog/message/_query?q=host:"source_name:;'
and i'm getting the following error:
t;
>
> On Tuesday, August 2, 2016 at 9:31:41 AM UTC-6, Marvin Popyk wrote:
>>
>> Hello,
>>
>> We just installed Graylog and our getting logs from a bunch of Linux
>> Ubuntu 14.04 machines. However, under source, it is giving the IP address
>> instead of t
Hello,
We are testing graylog to see if it fits our needs for a centralized
logging system. We've installed and setup graylog and we wanted to be able
to import specific log files to graylog. We read that graylog collector
sidecar is an option. We have setup a new beats input and tested an
it on a map so we know where
the IP is coming from.
On Thursday, December 8, 2016 at 11:06:52 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Marvin,
>
> On Thursday, 8 December 2016 16:31:08 UTC+1, Marvin Popyk wrote:
>>
>> I've even ran the test and it works just fine
ile. Afterwards it should detect the change in the web interface. If
> you want to distinguish between the two inputs at search time you can
> use the filename for it or add a custome field.
>
> Cheers,
> Marius
>
> On 29 November 2016 at 21:01, Marvin Popyk <mar
Hello,
I'm trying to setup a stream that will email an alert whenever there is a
failed ssh attempt.
Under the stream rule i have:
Field: message
Type: match regular expression
Value: Failed password for.+ from .+
That doesn't seem to work.
Any help would be appreciated.
Thanks
--