Re: [graylog2] Graylog Collector Sidecar Analysis

2016-12-02 Thread Marvin Popyk 
Thanks Marius, that seemed to do that trick.

On Wednesday, November 30, 2016 at 4:34:10 AM UTC-5, Marius Sturm wrote:
>
> Hi Marvin, 
> the tags are used to define which configuration should be applied to a 
> host. So it's up to you to add the tag to the collector_sidecar.yml 
> file. Afterwards it should detect the change in the web interface. If 
> you want to distinguish between the two inputs at search time you can 
> use the filename for it or add a custome field. 
>
> Cheers, 
> Marius 
>
> On 29 November 2016 at 21:01, Marvin Popyk  > wrote: 
> > Hello, 
> > 
> > We are testing graylog to see if it fits our needs for a centralized 
> logging 
> > system.  We've installed and setup graylog and we wanted to be able to 
> > import specific log files to graylog.  We read that graylog collector 
> > sidecar is an option.  We have setup a new beats input and tested an 
> apache 
> > collection recommended by the graylog instructions.  That worked like a 
> > charm.  We setup a new collection to import authentication logs 
> > (/var/log/auth.log) but it seems like the host that has sidecar 
> installed is 
> > not getting the updates for the 2nd configuration and is not pushing the 
> > auth log to graylog. 
> > 
> > 1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and 
> i 
> > noticed the tags aren't updated with the new configuration tag 
> > 2. I also looked in 
> /etc/graylog/collector-sidecar/generated/filebeat.yml 
> > and noticed the input_type doesn't match the new configuration file 
> type.  I 
> > changed it to auth instead of log. 
> > 
> > However, if i edit these 2 yml files with the correct information, 
> graylog 
> > with start pulling authentication logs. BUT, it will still say the input 
> > type is LOG instead of AUTH. 
> > 
> > Not sure why the host isn't getting the configuration updates of the 2nd 
> > configuration for the authentication logs.  I've restarted the service 
> and 
> > that didn't work. 
> > 
> > Also, would you recommend using NXLog instead of Beats? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>
>
> -- 
> Developer 
>
> Tel.: +49 (0)40 609 452 077 
> Fax.: +49 (0)40 609 452 078 
>
> TORCH GmbH - A Graylog Company 
> Poolstraße 21 
> 20335 Hamburg 
> Germany 
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 
> Geschäftsführer: Lennart Koopmann (CEO) 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3c8a8050-37e7-4b87-bf3b-98ef76e3fc29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog Collector Sidecar Analysis

2016-11-30 Thread Marius Sturm 
Hi Marvin,
the tags are used to define which configuration should be applied to a
host. So it's up to you to add the tag to the collector_sidecar.yml
file. Afterwards it should detect the change in the web interface. If
you want to distinguish between the two inputs at search time you can
use the filename for it or add a custome field.

Cheers,
Marius

On 29 November 2016 at 21:01, Marvin Popyk  wrote:
> Hello,
>
> We are testing graylog to see if it fits our needs for a centralized logging
> system.  We've installed and setup graylog and we wanted to be able to
> import specific log files to graylog.  We read that graylog collector
> sidecar is an option.  We have setup a new beats input and tested an apache
> collection recommended by the graylog instructions.  That worked like a
> charm.  We setup a new collection to import authentication logs
> (/var/log/auth.log) but it seems like the host that has sidecar installed is
> not getting the updates for the 2nd configuration and is not pushing the
> auth log to graylog.
>
> 1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and i
> noticed the tags aren't updated with the new configuration tag
> 2. I also looked in /etc/graylog/collector-sidecar/generated/filebeat.yml
> and noticed the input_type doesn't match the new configuration file type.  I
> changed it to auth instead of log.
>
> However, if i edit these 2 yml files with the correct information, graylog
> with start pulling authentication logs. BUT, it will still say the input
> type is LOG instead of AUTH.
>
> Not sure why the host isn't getting the configuration updates of the 2nd
> configuration for the authentication logs.  I've restarted the service and
> that didn't work.
>
> Also, would you recommend using NXLog instead of Beats?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbJuS%3Dc4CW2h%2BP4EQs9Ls8pmjBrY4SKC%3DmarX%3DyHbAi4%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Collector Sidecar Analysis

2016-11-29 Thread Marvin Popyk 
Hello,

We are testing graylog to see if it fits our needs for a centralized 
logging system.  We've installed and setup graylog and we wanted to be able 
to import specific log files to graylog.  We read that graylog collector 
sidecar is an option.  We have setup a new beats input and tested an apache 
collection recommended by the graylog instructions.  That worked like a 
charm.  We setup a new collection to import authentication logs 
(/var/log/auth.log) but it seems like the host that has sidecar installed 
is not getting the updates for the 2nd configuration and is not pushing the 
auth log to graylog.

1. I looked in /etc/graylog/collector-sidecar/collector_sidecar.yml and i 
noticed the tags aren't updated with the new configuration tag
2. I also looked in /etc/graylog/collector-sidecar/generated/filebeat.yml 
and noticed the input_type doesn't match the new configuration file type. 
 I changed it to auth instead of log. 

However, if i edit these 2 yml files with the correct information, graylog 
with start pulling authentication logs. BUT, it will still say the input 
type is LOG instead of AUTH.  

Not sure why the host isn't getting the configuration updates of the 2nd 
configuration for the authentication logs.  I've restarted the service and 
that didn't work.

Also, would you recommend using NXLog instead of Beats?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5f4a1918-0fdb-46b7-819b-d70ca0bbeae9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.