[graylog2] Upgrading Graylog appliance to 2 version.
How can I upgrade graylog appliance to 2.0 version? Currently, i am running with 1.3 version. -- This message contains confidential information and is intended only for the individual to whom it is addressed. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and permanently delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, late or incomplete, or could contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version from the sender. Druva, www.druva.com -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/eb88640b-e019-41a2-9d43-fff85ed47a35%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Tracking a message through multiple logs and calculating time
Or you could track it in each application, in addition to injecting correlation_id to Graylog messages, you can also inject elapsed_time. This gives you a better view of your application performance, unless of course you are trying to track all the way to Graylog. We also add task sequence number in case messages arrive out of sequence. On Monday, May 2, 2016 at 4:32:57 PM UTC-4, Steve Kuntz wrote: > > Guess I'll have to brush the dust off my python hat. > > Thanks > > On Monday, May 2, 2016 at 11:21:16 AM UTC-4, Jochen Schalanda wrote: >> >> Hi Steve, >> >> you could probably query those messages over the Graylog REST API (e. g. >> search for the ID) and calculate the time they took for each step >> "manually", feeding back those results into Graylog. >> >> Cheers, >> Jochen >> >> On Monday, 2 May 2016 16:41:04 UTC+2, Steve Kuntz wrote: >>> >>> Hi Jochen, >>> >>> Thanks for clarifying. You said "out-of-the-box", would you be able to >>> point me in the direction of where to look to get this functionality? >>> >>> On Monday, May 2, 2016 at 10:23:30 AM UTC-4, Jochen Schalanda wrote: Hi Steve, that's currently not possible with Graylog out-of-the-box. Cheers, Jochen On Monday, 2 May 2016 16:12:36 UTC+2, Steve Kuntz wrote: > > Hello, > > I've been looking through the docs and searching online but have been > unable to find what I'm looking for. > > I have a message that is assigned an ID. This message with its ID will > go through 5 different applications, each with its own log. What I'm > looking to do is to track this message through each each application and > determine the time it takes at each step. If it takes too long at any > step > or does not fully complete the process I would like to trigger an alert. > Is > Graylog capable of doing this? > > Thanks in advance. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/39ddffd2-5d6b-40f6-b856-edfab96e9c78%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Adding Plugin to Graylog Appliance
Hello, I've set up Graylog 2.0 appliance on my VMWare, and I would like to use it to test a plugin I developed. I know I just have to drop the jar file to the plugin folder, but I'm unable to use wget to download the file from an external repository (I'm unable to ping external websites). It doesn't look like it supports VMWare file sharing so I'm not sure how to go about this. Does anyone know of a way to add a plugin to the appliance? Thanks. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/16601420-e955-452b-af4e-28c7181281d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Graylog input steams just stopped, not sure how to troubleshoot
This has been resolved. problem with a NXLog out. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f04262a5-c048-4392-9c02-16d5211f07db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Line graph of message count
Is it possible to create a *line graph* showing the number of events that have occurred over a time range? When I perform a search, it only generates a histogram or a pie chart (if I chose quick values). -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/324fb336-1265-4ef1-b796-3a937f7aa788%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: [Upgrade] 1.3.4 to 2.0
Hi, I have created a certificate with these commands: 942 openssl pkcs8 -topk8 -inform PEM -outform PEM - in graylog.pem -out private_gray.pem -nocrypt 944 openssl pkcs8 -topk8 -inform PEM -outform PEM -in graylog.pem -out private_gray.pem -nocrypt Then I have copied these into pki directory: 957 cp private_gray.pem /etc/pki/tls/private/private_gray.pem 958 cp graylog.pem /etc/pki/tls/certs And enabled HTTPS into server.conf giving the right path of these PEM files. Below my configuration: # REST API listen URI. Must be reachable by other graylog2-server nodes if you run a cluster. rest_listen_uri = https://151.92.28.21:12900 # WEB web_listen_uri=https://151.92.28.21:443/ # HTTPS web_enable_tls = true web_tls_cert_file = /etc/pki/tls/certs/graylog.pem web_tls_key_file = /etc/pki/tls/private/private_gray.pem #web_tls_key_password = # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. # If set, his will be promoted in the cluster discovery APIs, so other nodes may try to connect on # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri) # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting # the scheme, host name or URI. rest_transport_uri = https://151.92.28.21:12900 # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly. # If these are disabled, modern browsers will not be able to retrieve resources from the server. # This is disabled by default. Uncomment the next line to enable it. rest_enable_cors = true # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce # overall round trip times. This is disabled by default. Uncomment the next line to enable it. #rest_enable_gzip = true # Enable HTTPS support for the REST API. This secures the communication with the REST API with # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the # next line to enable it. rest_enable_tls = true # The X.509 certificate file to use for securing the REST API. rest_tls_cert_file = /etc/pki/tls/certs/graylog.pem # The private key to use for securing the REST API. rest_tls_key_file = /etc/pki/tls/private/private_gray.pem I have restarted graylog-server daemon but I receive a java error with written following lines: 2016-05-04 19:26:07,795 ERROR: com.google.common.util.concurrent.ServiceManager - Service WebInterfaceService [FAILED] has failed in the STARTING state. java.security.cert.CertificateException: No certificates found in file: /etc/pki/tls/certs/graylog.pem at org.graylog2.shared.security.tls.PemReader.readCertificates(PemReader.java:71) ~[graylog.jar:?] at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:114) ~[graylog.jar:?] at org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:185) ~[graylog.jar:?] at org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:156) ~[graylog.jar:?] at org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46) ~[graylog.jar:?] at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) [graylog.jar:?] at com.google.common.util.concurrent.Callables$3.run(Callables.java:100) [graylog.jar:?] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_74] 2016-05-04 19:26:07,824 ERROR: org.graylog2.shared.initializers.InputSetupService - Not starting any inputs because lifecycle is: Uninitialized [LB:DEAD] 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.AlertScannerThread]. 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>. 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread]. 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>. 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread]. 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>. 2016-05-04 19:26:07,832 INFO : org.graylog2.shared.initializers.PeriodicalsService -
[graylog2] Custom scripting for dashboard
Hi all, lets say I have a log format such as *timestampreq_sizeURLuser* I need to make a table of data aggregating the req_size for each user in a specified timespan. How can I do it in Graylog2. Thanks. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a27901cc-46a1-43c7-9871-d076a384dc27%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Graylog input steams just stopped, not sure how to troubleshoot
I installed the Graylog OVA Appliance 5 days ago with the active directory content pack. I setup and tested dashboards and streams using nxlog on two domain controllers and everything was working great. yesterday at 330pm both servers stopped sending inputs to graylog. I rebooted graylog and restarted and uninstalled and reinstalled nxlog on both devices. Not sure where to check and what to look for to figure out why it stopped working all the sudden Any help would be great -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ce93748c-a42c-42b7-8f93-e2dda29bd7d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: [Upgrade] 1.3.4 to 2.0
Hi Aldo, On Tuesday, 3 May 2016 21:45:50 UTC+2, Aldo Pellini wrote: > > I have tried to do this but graylog shuts down. > What exactly do you mean with this? What's the error message? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a0f0b12e-5a31-44e5-95e0-684d097f614c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.