Here is an example message rsyslog is sending to graylog: <182>May 14 20:02:07 host2 httpd: 123.125.71.35 - - [14/May/2014:20:02:06 +0000] "GET / HTTP/1.1" 200 30400 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
does it not like the hostname not having any periods in it? the message looks correct to me.. -James On Wednesday, May 14, 2014 12:53:40 PM UTC-7, ice blaze wrote: > > OK, this is strange. So if I telnet from the computer that's not showing > up in the sources list to the graylog server, and start typing gibberish, > it shows up as a source in graylog and the stuff i typed as messages. > However, I set rsyslog from that server pointing to the graylog system i > dont see any of those messages showing up. In rsyslog.conf, I have > @@<IP>:<PORT>. So this appears to be an issue with how rsyslog is sending > messages to graylog. Any ideas? problem with graylog parsing the messges? > > -James > > > > On Tuesday, May 13, 2014 6:33:17 PM UTC-7, ice blaze wrote: >> >> OK, I spoke too soon. Although I got one of my servers working, I'm now >> having the exact same issue on another server (not clustered, completely >> separate), and I followed all of the same steps I did last time. This is >> really annoying behavior. The master server is accepting messages but no >> nodes are showing up in the sources list. My configs match whats on the >> working server. What gives? Has anyone ran into this pitfall before? >> >> Thanks, >> >> -James >> >> >> >> >> On Sunday, May 11, 2014 10:34:08 PM UTC-7, ice blaze wrote: >>> >>> fixed by using elasticsearch 0.90.10 (i was using 0.90.3) >>> >>> >>> >>> On Sunday, May 11, 2014 10:16:55 PM UTC-7, ice blaze wrote: >>>> >>>> OK, digging a little more into this.. If I change the sources range to >>>> be "Last Year", all of the sources I added are showing up, and they >>>> continue to get messages added to their tally. This is strange because it >>>> shows the correct date/time within graylog2, and the server its running on >>>> is added to graylog and it of course has the correct time. Any ideas? >>>> >>>> Thanks, >>>> >>>> -James >>>> >>>> On Sunday, May 11, 2014 7:02:48 PM UTC-7, ice blaze wrote: >>>>> >>>>> Hello All, >>>>> >>>>> I just created a new graylog2 instance and pointed several servers to >>>>> it. Under sources tab you can see messages coming in on the right, but >>>>> under the sources area it simply says "No message sources found. Looks >>>>> like >>>>> you did not send in any messages yet". Any idea whats going on? I have >>>>> attached a screenshot showing exactly what I'm seeing. >>>>> >>>>> Thanks, >>>>> >>>>> -James >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
