Re: [graylog2] After 2.0.2 update Web console page footer says "2.0.1"

2016-05-30 Thread Joe K 
Of course it was refreshed. cleared browser cache and everything. "2.0.1" 
comes form the server.

On Monday, May 30, 2016 at 6:19:15 PM UTC+3, Edmundo Alvarez wrote:
>
> Hi Joe, 
>
> Please also remember to refresh the Graylog web interface tab after 
> upgrading, as the whole web interface lives in your browser now. 
>
> Regards, 
> Edmundo 
>
> > On 30 May 2016, at 17:06, Jochen Schalanda  > wrote: 
> > 
> > Hi Joe, 
> > 
> > Graylog 2.0.2 should show the following version in the footer of the 
> Graylog web interface: Graylog 2.0.2 (4da1379) 
> > 
> > From the output you've posted it looks as if you've installed the 
> "graylog-server" package for the first time (it's marked as NEW). Are you 
> sure that you've been using the normal DEB package before and not for 
> example the official virtual machine or Docker images which are based on 
> the Omnibus package? If the latter is the case, you can find upgrade 
> instructions here: 
> http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
>  
> > 
> > Cheers, 
> > Jochen 
> > 
> > On Monday, 30 May 2016 16:38:38 UTC+2, Joe K wrote: 
> > 
> > Following instructions on 
> http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
>  
> > 
> > Installed 2.0.2 but in web colsole page footer it says: 
> > 
> > Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on Linux 
> 3.13.0-85-generic) 
> > 
> > Is this expected? 
> > 
> > 
> > 
> > ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb 
> > (Reading database ... 93442 files and directories currently installed.) 
> > Preparing to unpack graylog-2.0-repository_latest.deb ... 
> > Unpacking graylog-2.0-repository (1-1) over (1-1) ... 
> > Setting up graylog-2.0-repository (1-1) ... 
> > 
> > ubuntu@graylog:~$ sudo apt-get install graylog-server 
> > Reading package lists... Done 
> > Building dependency tree 
> > Reading state information... Done 
> > The following NEW packages will be installed: 
> >   graylog-server 
> > 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded. 
> > Need to get 85.7 MB of archives. 
> > After this operation, 95.5 MB of additional disk space will be used. 
> > Fetched 85.7 MB in 9s (8,838 kB/s) 
> > Selecting previously unselected package graylog-server. 
> > (Reading database ... 93413 files and directories currently installed.) 
> > Preparing to unpack .../graylog-server_2.0.2-1_all.deb ... 
> > Unpacking graylog-server (2.0.2-1) ... 
> > Processing triggers for ureadahead (0.100.0-16) ... 
> > Setting up graylog-server (2.0.2-1) ... 
> > 
> 
>  
>
> > Graylog does NOT start automatically! 
> > 
> > Please run the following commands if you want to start Graylog 
> automatically on system boot: 
> > 
> > sudo rm -f /etc/init/graylog-server.override 
> > 
> > sudo start graylog-server 
> > 
> > 
> 
>  
>
> > Processing triggers for ureadahead (0.100.0-16) ... 
> > 
> > 
> > Then performed reconfigure and restart 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/965c8825-8704-4f95-a9c0-96cdee2aaf33%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/236998ba-9c4e-48c8-88e0-099c17ddcc0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [Graylog node] Hitman node

2016-05-30 Thread Jochen Schalanda 
Hi,

that's simply the randomly chosen name of the Elasticsearch node running on 
your system. 
See 
https://www.elastic.co/guide/en/elasticsearch/reference/2.3/setup-configuration.html#node-name
 
for details.

Cheers,
Jochen

On Monday, 30 May 2016 17:17:55 UTC+2, kaiser wrote:
>
> Hello,
>
> I have graylog 2.0 and only one node configured and activated in graylog 
> web node section.
>
> But When I am running: 
>
> curl '/_cat/nodes?v'
> host   ip heap.percent ram.percent load node.role master name
> 127.0.0.1  127.0.0.154  98 1.86 c -  
> graylog-f0f25e13-bf2d-4eeb-9c34-c95ad2c40dbf
> 69  98 1.86 d *  
> Hitman
>
> I obtain Hitman node!!
>
> Someone could explain me where does this node come from?
>
> Regards.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/383fbe37-dc67-4bb6-be71-da3ee5eb38b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] After 2.0.2 update Web console page footer says "2.0.1"

2016-05-30 Thread Edmundo Alvarez 
Hi Joe,

Please also remember to refresh the Graylog web interface tab after upgrading, 
as the whole web interface lives in your browser now.

Regards,
Edmundo

> On 30 May 2016, at 17:06, Jochen Schalanda  wrote:
> 
> Hi Joe,
> 
> Graylog 2.0.2 should show the following version in the footer of the Graylog 
> web interface: Graylog 2.0.2 (4da1379)
> 
> From the output you've posted it looks as if you've installed the 
> "graylog-server" package for the first time (it's marked as NEW). Are you 
> sure that you've been using the normal DEB package before and not for example 
> the official virtual machine or Docker images which are based on the Omnibus 
> package? If the latter is the case, you can find upgrade instructions here: 
> http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
> 
> Cheers,
> Jochen
> 
> On Monday, 30 May 2016 16:38:38 UTC+2, Joe K wrote:
> 
> Following instructions on 
> http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
> 
> Installed 2.0.2 but in web colsole page footer it says:
> 
> Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on Linux 
> 3.13.0-85-generic)
> 
> Is this expected?
> 
> 
> 
> ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb
> (Reading database ... 93442 files and directories currently installed.)
> Preparing to unpack graylog-2.0-repository_latest.deb ...
> Unpacking graylog-2.0-repository (1-1) over (1-1) ...
> Setting up graylog-2.0-repository (1-1) ...
> 
> ubuntu@graylog:~$ sudo apt-get install graylog-server
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following NEW packages will be installed:
>   graylog-server
> 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded.
> Need to get 85.7 MB of archives.
> After this operation, 95.5 MB of additional disk space will be used.
> Fetched 85.7 MB in 9s (8,838 kB/s)
> Selecting previously unselected package graylog-server.
> (Reading database ... 93413 files and directories currently installed.)
> Preparing to unpack .../graylog-server_2.0.2-1_all.deb ...
> Unpacking graylog-server (2.0.2-1) ...
> Processing triggers for ureadahead (0.100.0-16) ...
> Setting up graylog-server (2.0.2-1) ...
> 
> Graylog does NOT start automatically!
> 
> Please run the following commands if you want to start Graylog automatically 
> on system boot:
> 
> sudo rm -f /etc/init/graylog-server.override
> 
> sudo start graylog-server
> 
> 
> Processing triggers for ureadahead (0.100.0-16) ...
> 
> 
> Then performed reconfigure and restart
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/965c8825-8704-4f95-a9c0-96cdee2aaf33%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/156FF81E-A604-4C11-8351-695876C34295%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: After 2.0.2 update Web console page footer says "2.0.1"

2016-05-30 Thread Jochen Schalanda 
Hi Joe,

Graylog 2.0.2 should show the following version in the footer of the 
Graylog web interface: Graylog 2.0.2 (4da1379)

>From the output you've posted it looks as if you've installed the 
"graylog-server" package for the first time (it's marked as NEW). Are you 
sure that you've been using the normal DEB package before and not for 
example the official virtual machine or Docker images which are based on 
the Omnibus package? If the latter is the case, you can find upgrade 
instructions 
here: 
http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog

Cheers,
Jochen

On Monday, 30 May 2016 16:38:38 UTC+2, Joe K wrote:
>
>
> Following instructions on 
> http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
>
> Installed 2.0.2 but in web colsole page footer it says:
>
> Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on Linux 
> 3.13.0-85-generic)
>
> Is this expected?
>
>
>
> *ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb*
> (Reading database ... 93442 files and directories currently installed.)
> Preparing to unpack graylog-2.0-repository_latest.deb ...
> Unpacking graylog-2.0-repository (1-1) over (1-1) ...
> Setting up graylog-2.0-repository (1-1) ...
>
> *ubuntu@graylog:~$ sudo apt-get install graylog-server*
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following NEW packages will be installed:
>   graylog-server
> 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded.
> Need to get 85.7 MB of archives.
> After this operation, 95.5 MB of additional disk space will be used.
> Fetched 85.7 MB in 9s (8,838 kB/s)
> Selecting previously unselected package graylog-server.
> (Reading database ... 93413 files and directories currently installed.)
> Preparing to unpack .../graylog-server_2.0.2-1_all.deb ...
> Unpacking graylog-server (2.0.2-1) ...
> Processing triggers for ureadahead (0.100.0-16) ...
> Setting up graylog-server (2.0.2-1) ...
>
> 
> Graylog does NOT start automatically!
>
> Please run the following commands if you want to start Graylog 
> automatically on system boot:
>
> sudo rm -f /etc/init/graylog-server.override
>
> sudo start graylog-server
>
>
> 
> Processing triggers for ureadahead (0.100.0-16) ...
>
>
> Then performed reconfigure and restart
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/965c8825-8704-4f95-a9c0-96cdee2aaf33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] After 2.0.2 update Web console page footer says "2.0.1"

2016-05-30 Thread Joe K 

Following instructions 
on 
http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html

Installed 2.0.2 but in web colsole page footer it says:

Graylog 2.0.1 (81e0187) on graylog (Oracle Corporation 1.8.0_77 on Linux 
3.13.0-85-generic)

Is this expected?



*ubuntu@graylog:~$ sudo dpkg -i graylog-2.0-repository_latest.deb*
(Reading database ... 93442 files and directories currently installed.)
Preparing to unpack graylog-2.0-repository_latest.deb ...
Unpacking graylog-2.0-repository (1-1) over (1-1) ...
Setting up graylog-2.0-repository (1-1) ...

*ubuntu@graylog:~$ sudo apt-get install graylog-server*
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  graylog-server
0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded.
Need to get 85.7 MB of archives.
After this operation, 95.5 MB of additional disk space will be used.
Fetched 85.7 MB in 9s (8,838 kB/s)
Selecting previously unselected package graylog-server.
(Reading database ... 93413 files and directories currently installed.)
Preparing to unpack .../graylog-server_2.0.2-1_all.deb ...
Unpacking graylog-server (2.0.2-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up graylog-server (2.0.2-1) ...

Graylog does NOT start automatically!

Please run the following commands if you want to start Graylog 
automatically on system boot:

sudo rm -f /etc/init/graylog-server.override

sudo start graylog-server


Processing triggers for ureadahead (0.100.0-16) ...


Then performed reconfigure and restart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2c6dae5f-56d6-4be4-b173-203ce0616ecf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] 2.0 image: Every time I perform graylog-ctl restart, four more unassigned shards appear

2016-05-30 Thread Joe K 

Every time we perform graylog-ctl restart four more unassigned shards 
appear:
 Elasticsearch cluster is yellow. Shards: 20 active, 0 initializing, 0
 relocating, 8 unassigned
graylog-ctl restart
 Elasticsearch cluster is yellow. Shards: 20 active, 0 initializing, 0
 relocating, 12 unassigned
Etc.

Using Graylog 2.0.2 EC2 Image on AWS.
Did not perform any additional configuration or maintenance. Is this a 
symptom of something bad? How can it be fixed?

The only thing I could find on the internet about how to fix unassigned 
shards is to perform this:
curl -XPUT 'localhost:9200/_settings' -d '{ "index" : {   
 "number_of_replicas" : 0}}'

This helped only first time, not anymore.
Please help!

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cc65a871-5087-434a-982b-dbded2bf581d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] How to deal with "Uncommited messages deleted from journal"?

2016-05-30 Thread Jan Doberstein 
Hej Joe,

the main problem is - we can’t decide if it is ok for you that you
lost some messages or not.

If loosing messages is fine for you just let it run. If you want to
keep all messages your application an server send over to graylog you
should check your elasticsearch cluster.

This is what the messages said - you need to check your ES Cluster.

/jd


Am 30. Mai 2016 um 13:24:59, Joe K (roman.r...@gmail.com) schrieb:
> My Setup is very straightforward - Installed Graylog 2.0 EC2 image on
> amazon AWS.
> Graylog image is all-in-one image with Elasticsearch and Graylog server.
> When I asked previously in this forum if this a Graylog -specific problem I
> got no response. So I am asking as if it's not specific to Image.
>
> On Monday, May 30, 2016 at 11:25:55 AM UTC+3, Jan Doberstein wrote:
> >
> > Hej Joe,
> >
> > Am 28. Mai 2016 um 13:39:44, Joe K (roman.roan=40gmail.com) schrieb:
> > > We have message in console: * =22Uncommited messages deleted from journ=
> > al=22*
> > > =20
> > > > Uncommited messages deleted from journal
> > > > Some messages were deleted from the Graylog journal before they could=
> > be
> > > > written to Elasticsearch. Please verify that your Elasticsearch clust=
> > er is
> > > > healthy and fast enough. You may also want to review your Graylog jou=
> > rnal
> > > > settings and set a higher limit. (Node: f12..
> > > =20
> > > =20
> > > =20
> > > And is this bad=3F Can be left as is=3F
> >
> > It depends of the Information you write to graylog. We can=E2=80=99t deci=
> > de for you.
> >
> > > There's nothing in Help on how to deal with this. Is there any end-user=
> >
> > > information or any hint at all=3F
> >
> > Every possible help is written down in the above statement. As we did not=
> > know your environment and your setup it is not possible to provide a but=
> > ton with =E2=80=9Eto resolve this issue please click here=E2=80=9C.
> >
> > with kind regards
> > Jan
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/ee2d7512-71d2-4864-b8ac-a5c96be64326%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGm-bLa2wWczexrHGOq86z7hVs2yBHGwXxzs8%2Bw2HRp2BXsLgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Oracle Audit Extended Log with Graylog

2016-05-30 Thread Yasar Ozkul 


Hi ,

 

I'm trying to integrate oracle DB with Graylog2.I got a problem with this 
integration.To make this integration you need to open audit os trail option 
in Oracle database.When you done it ,DB send all of logs to syslog then I 
can receive this logs to Graylog2 ,there is no problem.

But for logging in Oracle Database there are some limitations.I need to 
take extended log with SQLBind and Sqltext data but Oracle does not allow 
this with OS trail ,you can only do this with XML or DB extended option.It 
does not allow os-extended

due to this problem I can't receive Sqlbind and Sqltext data to 
Graylog.Only I can receive standart log ( user ,IP etc.. ) 

Is there any way you know to get extended log from Oracle to Graylog ,Some 
users says that there is a xml parser and it reads xml -extended file 
created by Oracle and send to Graylog ...

Regards 

Yasar OZKUL

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b460d41b-864b-469f-9868-c7f767804dd8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Oracle Audit Extended Log with Os Level

2016-05-30 Thread Yasar Ozkul 
Hi ,

I'm trying to integrate oracle DB and Graylog2 and I got a problem with 
this integration.To make this integration you need to open audit trail 
option to OS level in Oracle database.When you done it ,DB send all of logs 
to syslog then I can receive this logs to Graylog2.
But in Oracle Database for logging there are some limitations.I need to 
take extended log with SQLBind and Sqltext data but Oracle does not allow 
this with OS trail ,you can do this with XML or DB extended not os option.

due to this problem I can't receive Sqlbind and Sqltext data to 
Graylog.Only I can receive standart log ( user ,IP etc.. ) 

Is there any way you know to get extended log from Oracle to Graylog ,Some 
users says that there is a xml parser and This parser reads xml -extended 
file created by Oracle and send to Graylog ...




Regards

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/642f7fe4-34e1-4dca-a00e-dea1d9123e01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Oracle Extended Log

2016-05-30 Thread Yasar Ozkul 
Hi ,

I have got oracle database and I set audit_trail option to os in my Oracle 
database.I can receive oracle logs from Graylog 2 there is no problem.What 
I want receive extended log from Oracle DB .But OracleDB only support 
extended log with xml file or db ,not os.

due to this problem I can't receive Sqlbind and Sqltext data to Graylog.

Is there any way you know to get extended log from Oracle to Graylog ,Some 
users says that there is a xml parser and This parser reads xml -extended 
file created from Oracle and send to Graylog ...



Regards





-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8a000a7c-cf82-4d2e-a500-2a6c21b58fcf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] graylog-server 2.0.1 not working through reverse proxy

2016-05-30 Thread Martin René Mortensen 
Thank you, but you might want to revise that.

localhost isnt enough, you need to be able to specify normal proxy 
exclusions, like .domain. If you have multiple graylog servers they should 
not use proxy to communicate.

Brgds. Martin

On Monday, 30 May 2016 14:30:02 UTC+2, Dennis Oelkers wrote:
>
> Hey Martin, 
>
> we have now implemented a function to disable the proxy for requests going 
> to localhost. It is already merged and will be included in the next release 
> of Graylog. 
>
> Thanks for your support, 
> D. 
>
> > On 27.05.2016, at 12:19, Dennis Oelkers  > wrote: 
> > 
> >> On 27.05.2016, at 10:18, Martin René Mortensen  > wrote: 
> >> 
> >> 
> >> On Friday, 27 May 2016 09:39:46 UTC+2, Dennis Oelkers wrote: 
> >> Do you have the http_proxy_uri configuration directive set in your 
> config file, by any chance? 
> >> 
> >> ah yes, I do, if it uses the http_proxy to access its internal 
> interfaces, that would cause these errors - I see. 
> >> 
> >> The response you are getting from the server for the 
> /cluster/metrics/multiple call implies that it cannot connect back to 
> itself (the response for the node id is null), although you can do the call 
> that it is doing from the host itself without problems. My guess would be 
> that there is a proxy involved somewhere, which (naturally) connects to a 
> different localhost. 
> >> How how do you make it not use the proxy for local connections? Do you 
> have a configuration parameter, or do we have to use Java options 
> somewhere? 
> > 
> > We don’t have that. It makes sense though to prevent using the proxy for 
> localhost/127.0.0.1/::1, but we haven’t implemented that. I cannot 
> promise anything, but there is a good chance we have something like that in 
> 2.0.3, until then you have to decide if you can switch of the proxy for the 
> meantime. 
> > 
> > Kr, 
> > D. 
> > 
> >> 
> >> 
> >>> On 26.05.2016, at 19:17, Martin René Mortensen <
> martin.ren...@gmail.com> wrote: 
> >>> 
> >>> 
> >>> 
> >>> On Thursday, 26 May 2016 17:20:44 UTC+2, Dennis Oelkers wrote: 
> >>> What happens when you do something like: 
> >>> 
> >>> curl -XPOST -u admin -v -H "Content-Type: application/json" -d 
> '{"metrics": []}' http://localhost:12900/cluster/metrics/multiple 
> >>> 
> >>> looks good: 
> >>> *   Trying 127.0.0.1... 
> >>> * Connected to localhost (127.0.0.1) port 12900 (#0) 
> >>> * Server auth using Basic with user 'admin' 
>  POST /cluster/metrics/multiple HTTP/1.1 
>  Authorization: Basic xxx= 
>  User-Agent: curl/7.29.0 
>  Host: localhost:12900 
>  Accept: */* 
>  Content-Type: application/json 
>  Content-Length: 15 
>  
> >>> * upload completely sent off: 15 out of 15 bytes 
> >>> < HTTP/1.1 200 OK 
> >>> < X-Graylog-Node-ID: ac7773b1-403d-4d3d-acc7-98a779140854 
> >>> < X-Runtime-Microseconds: 9568 
> >>> < Content-Type: application/json 
> >>> < Date: Thu, 26 May 2016 17:11:58 GMT 
> >>> < Content-Length: 45 
> >>> < 
> >>> * Connection #0 to host localhost left intact 
> >>> {"ac7773b1-403d-4d3d-acc7-98a779140854":null} 
> >>> I dont know if that answer is ok, but its what it says. 
> >>> 
> >>> and 
> >>> 
> >>> curl -XPOST -u admin -v -H "Content-Type: application/json" -H 
> "Accept: application/json” -d '{"metrics": []}' 
> http://localhost:12900/system/metrics/multiple 
> >>> 
> >>> Also suceeds, but output seems lacking: 
> >>> * About to connect() to localhost port 12900 (#0) 
> >>> *   Trying ::1... 
> >>> * Connection refused 
> >>> *   Trying 127.0.0.1... 
> >>> * Connected to localhost (127.0.0.1) port 12900 (#0) 
> >>> * Server auth using Basic with user 'admin' 
>  POST /system/metrics/multiple HTTP/1.1 
>  Authorization: Basic xxx= 
>  User-Agent: curl/7.29.0 
>  Host: localhost:12900 
>  Content-Type: application/json 
>  Accept: application/json 
>  Content-Length: 15 
>  
> >>> * upload completely sent off: 15 out of 15 bytes 
> >>> < HTTP/1.1 200 OK 
> >>> < X-Graylog-Node-ID: ac7773b1-403d-4d3d-acc7-98a779140854 
> >>> < X-Runtime-Microseconds: 9363 
> >>> < Content-Type: application/json 
> >>> < Date: Thu, 26 May 2016 17:15:14 GMT 
> >>> < Content-Length: 24 
> >>> < 
> >>> * Connection #0 to host localhost left intact 
> >>> {"total":0,"metrics":[]} 
> >>> 
> >>> 
> >>> 
> >>> from the server node itself? Does it work? What do you have in your 
> server logs? 
> >>> 
> >>> Nothing in server logs 
> >>> Graylog server logs says the same old stuff: 
> >>> 2016-05-26T19:10:54.246+02:00 WARN  [ProxiedResource] Unable to call 
> http://localhost:12900/system/metrics/multiple on node 
> , result: Service Unavailable 
> >>> 2016-05-26T19:11:58.128+02:00 WARN  [ProxiedResource] Unable to call 
> http://localhost:12900/system/metrics/multiple on node 
> , result: Service Unavailable 
> >>> 
>  On 26.05.2016, at 16:30, Martin René Mortensen <
> martin.ren...@gmail.com> wrote: 
>  
>  Well

Re: [graylog2] graylog-server 2.0.1 not working through reverse proxy

2016-05-30 Thread Dennis Oelkers 
Hey Martin,

we have now implemented a function to disable the proxy for requests going to 
localhost. It is already merged and will be included in the next release of 
Graylog.

Thanks for your support,
D.

> On 27.05.2016, at 12:19, Dennis Oelkers  wrote:
> 
>> On 27.05.2016, at 10:18, Martin René Mortensen 
>>  wrote:
>> 
>> 
>> On Friday, 27 May 2016 09:39:46 UTC+2, Dennis Oelkers wrote:
>> Do you have the http_proxy_uri configuration directive set in your config 
>> file, by any chance? 
>> 
>> ah yes, I do, if it uses the http_proxy to access its internal interfaces, 
>> that would cause these errors - I see.
>> 
>> The response you are getting from the server for the 
>> /cluster/metrics/multiple call implies that it cannot connect back to itself 
>> (the response for the node id is null), although you can do the call that it 
>> is doing from the host itself without problems. My guess would be that there 
>> is a proxy involved somewhere, which (naturally) connects to a different 
>> localhost. 
>> How how do you make it not use the proxy for local connections? Do you have 
>> a configuration parameter, or do we have to use Java options somewhere?
> 
> We don’t have that. It makes sense though to prevent using the proxy for 
> localhost/127.0.0.1/::1, but we haven’t implemented that. I cannot promise 
> anything, but there is a good chance we have something like that in 2.0.3, 
> until then you have to decide if you can switch of the proxy for the meantime.
> 
> Kr,
>   D.
> 
>> 
>> 
>>> On 26.05.2016, at 19:17, Martin René Mortensen  
>>> wrote: 
>>> 
>>> 
>>> 
>>> On Thursday, 26 May 2016 17:20:44 UTC+2, Dennis Oelkers wrote: 
>>> What happens when you do something like: 
>>> 
>>> curl -XPOST -u admin -v -H "Content-Type: application/json" -d '{"metrics": 
>>> []}' http://localhost:12900/cluster/metrics/multiple 
>>> 
>>> looks good: 
>>> *   Trying 127.0.0.1... 
>>> * Connected to localhost (127.0.0.1) port 12900 (#0) 
>>> * Server auth using Basic with user 'admin' 
 POST /cluster/metrics/multiple HTTP/1.1 
 Authorization: Basic xxx= 
 User-Agent: curl/7.29.0 
 Host: localhost:12900 
 Accept: */* 
 Content-Type: application/json 
 Content-Length: 15 
 
>>> * upload completely sent off: 15 out of 15 bytes 
>>> < HTTP/1.1 200 OK 
>>> < X-Graylog-Node-ID: ac7773b1-403d-4d3d-acc7-98a779140854 
>>> < X-Runtime-Microseconds: 9568 
>>> < Content-Type: application/json 
>>> < Date: Thu, 26 May 2016 17:11:58 GMT 
>>> < Content-Length: 45 
>>> < 
>>> * Connection #0 to host localhost left intact 
>>> {"ac7773b1-403d-4d3d-acc7-98a779140854":null} 
>>> I dont know if that answer is ok, but its what it says. 
>>> 
>>> and 
>>> 
>>> curl -XPOST -u admin -v -H "Content-Type: application/json" -H "Accept: 
>>> application/json” -d '{"metrics": []}' 
>>> http://localhost:12900/system/metrics/multiple 
>>> 
>>> Also suceeds, but output seems lacking: 
>>> * About to connect() to localhost port 12900 (#0) 
>>> *   Trying ::1... 
>>> * Connection refused 
>>> *   Trying 127.0.0.1... 
>>> * Connected to localhost (127.0.0.1) port 12900 (#0) 
>>> * Server auth using Basic with user 'admin' 
 POST /system/metrics/multiple HTTP/1.1 
 Authorization: Basic xxx= 
 User-Agent: curl/7.29.0 
 Host: localhost:12900 
 Content-Type: application/json 
 Accept: application/json 
 Content-Length: 15 
 
>>> * upload completely sent off: 15 out of 15 bytes 
>>> < HTTP/1.1 200 OK 
>>> < X-Graylog-Node-ID: ac7773b1-403d-4d3d-acc7-98a779140854 
>>> < X-Runtime-Microseconds: 9363 
>>> < Content-Type: application/json 
>>> < Date: Thu, 26 May 2016 17:15:14 GMT 
>>> < Content-Length: 24 
>>> < 
>>> * Connection #0 to host localhost left intact 
>>> {"total":0,"metrics":[]} 
>>> 
>>> 
>>> 
>>> from the server node itself? Does it work? What do you have in your server 
>>> logs? 
>>> 
>>> Nothing in server logs 
>>> Graylog server logs says the same old stuff: 
>>> 2016-05-26T19:10:54.246+02:00 WARN  [ProxiedResource] Unable to call 
>>> http://localhost:12900/system/metrics/multiple on node 
>>> , result: Service Unavailable 
>>> 2016-05-26T19:11:58.128+02:00 WARN  [ProxiedResource] Unable to call 
>>> http://localhost:12900/system/metrics/multiple on node 
>>> , result: Service Unavailable 
>>> 
 On 26.05.2016, at 16:30, Martin René Mortensen  
 wrote: 
 
 Well the POST requests worked with authorization, but said it didnt 
 understand me. I tried with another api request that seemed to work fine 
 when I authenticate properly. 
 
 # curl -i -X GET http://localhost:12900/system/inputs -u admin 
 Enter host password for user 'admin': 
 HTTP/1.1 200 OK 
 X-Graylog-Node-ID: ac7773b1-403d-4d3d-acc7-98a779140854 
 X-Runtime-Microseconds: 8838 
 Content-Type: application/json 
 Date: Thu, 26 May 2016 14:28:47

[graylog2] Re: ldap or active directory settings not stored

2016-05-30 Thread Leittechnik SUN 
Hi Jochen,
i installed one of the GUI Admin tools (MongoVue). Perfect. In Collections, 
ldap_settings, i found 4 lines of settings. i delete all of them und 
configured ldap trough web-gui. now it works.
Wolfgang

Am Montag, 30. Mai 2016 11:39:38 UTC+2 schrieb Jochen Schalanda:
>
> Hi Wolfgang,
>
> please take a look at these chapters from the MongoDB documentation:
>
>- https://docs.mongodb.com/getting-started/shell/client/
>- https://docs.mongodb.com/manual/mongo/
>- https://docs.mongodb.com/manual/reference/method/db.collection.find/
>- e. g. db.ldap_settings.find().pretty()
>- 
>https://docs.mongodb.com/manual/reference/method/db.collection.remove/
>- e. g. db.ldap_settings.remove()
>
> Of course you can also use a graphical user interface to MongoDB to find 
> and remove those LDAP settings: 
> https://docs.mongodb.com/ecosystem/tools/administration-interfaces/
>
> Cheers,
> Jochen
>
> On Monday, 30 May 2016 10:26:02 UTC+2, Leittechnik SUN wrote:
>>
>> Hi Jochen, I'm not trained with mongodb, so what have i to do for 
>> looking, changing or deleting "ldap_settings" collection in mongodb? 
>> searched in graylog help, but can't find anything.
>> Wolfgang
>>
>> Am Mittwoch, 25. Mai 2016 07:48:44 UTC+2 schrieb Leittechnik SUN:
>>>
>>> hi,
>>> after upgrading from graylog 1.3.4 to graylog 2.0.1.2 it seems, all 
>>> works fine. But on loging to web gui, only the local admin acount works. 
>>> with my users, derfined in "manage users", there is no login possible.
>>> i go to the konfig page for ladp / ad settings and find all masks are 
>>> empty. i set all necessary fields, tested it, stored it, (graylog says: 
>>> settings stored), leaved the settings page, go back, and: all settings are 
>>> clean.
>>>
>>> so it seems, graylog doesn't store the settings correct.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5ad968b2-9ab3-442b-abf2-5d2caa3bb7df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] How to deal with "Uncommited messages deleted from journal"?

2016-05-30 Thread Joe K 
My Setup is very straightforward - Installed Graylog 2.0 EC2 image on 
amazon AWS.
Graylog image is all-in-one image with Elasticsearch and Graylog server.
When I asked previously in this forum if this a Graylog -specific problem I 
got no response. So I am asking as if it's not specific to Image.

On Monday, May 30, 2016 at 11:25:55 AM UTC+3, Jan Doberstein wrote:
>
> Hej Joe, 
>
> Am 28. Mai 2016 um 13:39:44, Joe K (roman.roan=40gmail.com) schrieb: 
> > We have message in console: * =22Uncommited messages deleted from journ= 
> al=22* 
> > =20 
> > > Uncommited messages deleted from journal 
> > > Some messages were deleted from the Graylog journal before they could= 
>  be 
> > > written to Elasticsearch. Please verify that your Elasticsearch clust= 
> er is 
> > > healthy and fast enough. You may also want to review your Graylog jou= 
> rnal 
> > > settings and set a higher limit. (Node: f12.. 
> > =20 
> > =20 
> > =20 
> > And is this bad=3F Can be left as is=3F 
>
> It depends of the Information you write to graylog. We can=E2=80=99t deci= 
> de for you. 
>
> > There's nothing in Help on how to deal with this. Is there any end-user= 
>
> > information or any hint at all=3F 
>
> Every possible help is written down in the above statement. As we did not= 
>  know your environment and your setup it is not possible to provide a but= 
> ton with =E2=80=9Eto resolve this issue please click here=E2=80=9C. 
>
> with kind regards 
> Jan 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ee2d7512-71d2-4864-b8ac-a5c96be64326%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Regex Use in Pipeline Rule

2016-05-30 Thread Jochen Schalanda 
Hi Chad,

if you're simply looking for "SomeProc" inside the "message" field, why not 
use the contains() function? Why would that be more cumbersome?

Cheers,
Jochen

On Wednesday, 25 May 2016 23:18:20 UTC+2, Chad Sheets wrote:
>
> I'm attempting to drop messages according to regular expressions and was 
> wondering if it can be done with pipelines.
>
> Looking at various other sources and reading the docs I came up with 
> something like this:
>
> rule "drop via regex"
> when
> regex("^.+SomeProc"), to_string($message.message)).matches
> then
> drop_message();
> end
>
>
>
> however I can't get it to work. 
>
> I could, alternatively, attempt to use a string of ` contains(...) ` 
> though that seems more cumbersome. 
>
> Please also let me know if I'm going about this the wrong way. I'm 
> attempting to use pipelines over drools since that seems to be the 
> direction graylog is heading.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/150334c2-b18e-43fc-a144-830c1db3c42f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: ldap or active directory settings not stored

2016-05-30 Thread Jochen Schalanda 
Hi Wolfgang,

please take a look at these chapters from the MongoDB documentation:

   - https://docs.mongodb.com/getting-started/shell/client/
   - https://docs.mongodb.com/manual/mongo/
   - https://docs.mongodb.com/manual/reference/method/db.collection.find/
   - e. g. db.ldap_settings.find().pretty()
   - https://docs.mongodb.com/manual/reference/method/db.collection.remove/
   - e. g. db.ldap_settings.remove()
   
Of course you can also use a graphical user interface to MongoDB to find 
and remove those LDAP 
settings: https://docs.mongodb.com/ecosystem/tools/administration-interfaces/

Cheers,
Jochen

On Monday, 30 May 2016 10:26:02 UTC+2, Leittechnik SUN wrote:
>
> Hi Jochen, I'm not trained with mongodb, so what have i to do for looking, 
> changing or deleting "ldap_settings" collection in mongodb? searched in 
> graylog help, but can't find anything.
> Wolfgang
>
> Am Mittwoch, 25. Mai 2016 07:48:44 UTC+2 schrieb Leittechnik SUN:
>>
>> hi,
>> after upgrading from graylog 1.3.4 to graylog 2.0.1.2 it seems, all works 
>> fine. But on loging to web gui, only the local admin acount works. with my 
>> users, derfined in "manage users", there is no login possible.
>> i go to the konfig page for ladp / ad settings and find all masks are 
>> empty. i set all necessary fields, tested it, stored it, (graylog says: 
>> settings stored), leaved the settings page, go back, and: all settings are 
>> clean.
>>
>> so it seems, graylog doesn't store the settings correct.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a6ce606e-d012-4839-a26a-83c493d7fd81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Drools rule file reload

2016-05-30 Thread Jochen Schalanda 
Hi Miro,

you can use the Graylog REST API to add/remove/modify rules and pipelines, 
that's what the Graylog web interface is doing too.

Cheers,
Jochen

On Thursday, 26 May 2016 10:58:04 UTC+2, Miro K wrote:
>
> Hi Jochen,
>
> thanks a lot for your answer. It seems pipelines/rules can do the same.
> However, I would have another question - is it possible to modify rules 
> outside of Graylog GUI, in other words is there documentation available so 
> I can work with rules from standalone script?
>
> Thanks again.
>
> Regards,
> Miro
>
> Dne úterý 24. května 2016 9:00:54 UTC+2 Jochen Schalanda napsal(a):
>>
>> Hi Miro,
>>
>> that's currently not possible.
>>
>> If you're running Graylog 2.0.0 or later, you might want to take a look 
>> at new message processing pipelines (see 
>> http://docs.graylog.org/en/2.0/pages/pipelines.html) which can be 
>> updated without restarting Graylog.
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 23 May 2016 16:09:01 UTC+2, Miro K wrote:
>>>
>>> Hi All,
>>>
>>> is there a way in Graylog 2.0 to reload Drools rule file (e.g. 
>>> /etc/graylog/server/rules.drl) without restarting graylog process?
>>>
>>> Thanks,
>>> Miro
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8354c732-5ffd-42ae-a43b-1aa6c1b22b71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP Error

2016-05-30 Thread Jochen Schalanda 
Hi Robert,

please try deleting the "user_redacted" user (either in the web interface 
on the System -> Users page or in MongoDB in the "users" collection).

Cheers,
Jochen

On Saturday, 28 May 2016 02:34:54 UTC+2, Robert Hough wrote:
>
> 2016-05-28T00:28:12.333Z ERROR [LdapUserAuthenticator] Error during LDAP 
> user account sync. Cannot log in user user_redacted
> java.lang.RuntimeException: ERR_02002_FAILURE_ON_UNDERLYING_CURSOR Failure 
> on underlying Cursor.
> at 
> org.apache.directory.api.ldap.model.cursor.CursorIterator.next(CursorIterator.java:86)
>  
> ~[graylog.jar:?]
> at 
> org.graylog2.security.ldap.LdapConnector.search(LdapConnector.java:139) 
> ~[graylog.jar:?]
>
> We keep seeing the error above. The user "user_redacted" was originally 
> configured (incorrectly) but we have since added the correct user. The 
> problem is the above error continually shows up in the graylog server.log,  
> even though we are no longer using it.  We've tried restarting, rebooting, 
> but it keeps coming back.  I suspect it is still somewhere in mongo, but 
> I'm not really sure where to look to remove.  Any ideas?  Thanks
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9c97583e-84fe-45b8-aa4e-5412c011da27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Where does Chef keep the Web-Interface URI list?

2016-05-30 Thread Marius Sturm 
Hi,
the list of involved hosts in the cluster is stored and distributed via 
Etcd. It's organized like a directory tree, so you can do: 
'/opt/graylog/emvedded/bin/etcdctl ls'
or '/opt/graylog/emvedded/bin/etcdctl ls servers' to see all graylog 
servers.
To delete an entry use the rm command: '/opt/graylog/emvedded/bin/etcdctl 
rm servers/x.x.x.x'

Cheers,
Marius

On Thursday, 24 March 2016 22:02:38 UTC+1, ca...@boomtownroi.com wrote:
>
> I'm using the AWS Graylog appliance. I moved it from one subnet to another 
> and the IP changed. However, every time I restart the web interface it 
> shows that it's looking for the current IP of graylog-server as well as the 
> previous one.
>
> I've changed the value in graylog-web-interface.conf, but if I 
> reconfigure, it replaces the value. I've traced it back to the recipe file 
> for graylog-web.rb, but when it uses $registry.get_gl_servers.map, I get 
> lost.
>
> My question is more informational than painful. Any advice on where to 
> change this?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c33000f5-49e1-4715-9938-919d1f578191%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] streams error

2016-05-30 Thread Jochen Schalanda 
Hi,

you can configure the email transport settings in the AMI using the 
graylog-ctl script and the set-email-config command 
(see 
http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#configuration-commands
 
for details).

Cheers,
Jochen

On Friday, 27 May 2016 11:32:43 UTC+2, rvb n wrote:
>
> Hey Dennis ,
>
>
> *I could not find the path which you have mentioned in the previous post. 
> I am using AMI image and ctl script. is there any other path for Amazon 
> AMI. pls do the need full*
>
> Thanks
> Nit
> On Friday, 27 May 2016 13:06:12 UTC+5:30, Dennis Oelkers wrote:
>>
>> Hey Nit, 
>>
>> you need to configure Graylog to use authentication for SMTP by using the 
>> relevant configuration directives in your config file: 
>> https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/configuration/EmailConfiguration.java#L43-L47
>>  
>>
>> Kind regards 
>> D. 
>> > On 27.05.2016, at 07:34, rvb n  wrote: 
>> > 
>> > Hi Friends, 
>> > 
>> > when i tried to do streams i am getting this error. any idea. 
>> > 
>> > The Graylog server encountered an error while trying to send an email. 
>> This is the detailed error message: org.apache.commons.mail.EmailException: 
>> Sending the email to the following server failed : smtp.gmail.com:465 
>> (com.sun.mail.smtp.SMTPSendFailedException: 530-5.5.1 Authentication 
>> Required. Learn more at 530 5.5.1 
>> https://support.google.com/mail/answer/14257 129sm3575360qkg.38 - gsmtp 
>> ) 
>> > 
>> > Thanks 
>> > Nit 
>> > 
>> > -- 
>> > You received this message because you are subscribed to the Google 
>> Groups "Graylog Users" group. 
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to graylog2+u...@googlegroups.com. 
>> > To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/8f11d42e-4f73-4577-95ba-37f5062856ad%40googlegroups.com.
>>  
>>
>> > For more options, visit https://groups.google.com/d/optout. 
>>
>> -- 
>> Tel.: +49 (0)40 609 452 077 
>> Fax.: +49 (0)40 609 452 078 
>>
>> TORCH GmbH - A Graylog company 
>> Steckelhörn 11 
>> 20457 Hamburg 
>> Germany 
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 
>> Geschäftsführer: Lennart Koopmann (CEO) 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4535e6df-c26b-471f-a95a-abd509041e59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Cannot get Messages with offset < 10000 via api

2016-05-30 Thread Lukas Fenner 
Hi Dennis,

Ive opened the issue:
https://github.com/Graylog2/graylog2-server/issues/2306

Thank you
Lukas

Am Montag, 30. Mai 2016 10:46:59 UTC+2 schrieb Lukas Fenner:
>
> Hello All,
>
> Im running on Graylog Server 2.0.2 with ES 2.3.3.
>
> When i try to get 5 Messages with offset 1 it fails with error:
>
> { "query": "facility:TEST", "begin_column": null, "begin_line": null, "
> end_column": null, "end_line": null, "message": "Unable to execute search", 
> "exception_name": 
> "org.elasticsearch.action.search.SearchPhaseExecutionException" }
>
> In graylog this error can be found in logfiles:
> WARN  [SearchResource] Unable to execute search: all shards failed
>
> When i try the same search with offset 9995 im getting 5 Messages, so  the 
> error occurs exactly at 1 Messages, thats why i guess its this setting 
> from elasticsearch:
>
> https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-from-size.html
>
> The Api call is successful if requested as text/csv.
>
> Is there a way to get a configurable part from the result set over 1? 
> The goal is to implement a log list in a web application, whenever the user 
> is klicking next page, the next n events should be shown. 
> Maybe there is also a better way to go?
>
> Cheers,
> Lukas
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ec10a8a4-04b7-434d-a62c-3f509212b348%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Permissions On Inputs

2016-05-30 Thread Dennis Oelkers 
Hey Todd,

what you can do at the moment is that your define streams for each input 
(adding rules so that only the messages of this input are routed into the 
stream) and then define the users to be readers for the corresponding streams.

Kr,
D.

> On 27.05.2016, at 17:22, Todd Bryant  wrote:
> 
> I would like to use Graylog as a customer portal, however security is a big 
> issue.   Is there a way to segment users by input?   This would allow me to 
> host multiple users on the same Graylog instance, while maintaining data 
> segregation. 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/e0a6f613-f3ed-4d53-a7f3-904e4a4603ab%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog company
Poolstrasse 21
20355 Hamburg
Germany

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/818C1CD2-B010-4176-B2BA-89A1B8183A21%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Alerts not getting triggered Graylog v2.0.1

2016-05-30 Thread Dennis Oelkers 
Hey Rakesh,

thanks for contacting us. Could please provide a short overview over the rules 
your have configured for your stream and the alert conditions which are not 
triggered after a while? Do you see anything in your server log?

Kr,
D.

> On 30.05.2016, at 10:42, Rakesh R  wrote:
> 
> Hi, 
> 
>   Graylog is setup properly and there seems to be some issue with the alerts 
> being triggered. Test mails are working fine. The alerts are triggered from 
> the streams when the server is restarted and after some time the alerts are 
> not triggered. I have checked the configuration and everything is fine. Can 
> some one help me. 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/29c9cc67-b670-4034-abf4-c416c0bbb594%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog company
Poolstrasse 21
20355 Hamburg
Germany

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/DB6E80A3-0860-4556-A91B-8AA9C24AA640%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Cannot get Messages with offset < 10000 via api

2016-05-30 Thread Dennis Oelkers 
Hey Lukas,

thanks for reporting this. Could you please open an issue on github for this? 
(https://github.com/Graylog2/graylog2-server/issues/new)
We will investigate if this is a bug and possibly provide a fix for this.

Kr,
D.

> On 30.05.2016, at 10:46, Lukas Fenner  wrote:
> 
> Hello All,
> 
> Im running on Graylog Server 2.0.2 with ES 2.3.3.
> 
> When i try to get 5 Messages with offset 1 it fails with error:
> 
> {
>   "
> query": "facility:TEST"
> ,
>   "
> begin_column": null
> ,
>   "
> begin_line": null
> ,
>   "
> end_column": null
> ,
>   "
> end_line": null
> ,
>   "
> message": "Unable to execute search"
> ,
>   "
> exception_name": 
> "org.elasticsearch.action.search.SearchPhaseExecutionException"
> 
> }
> 
> 
> In graylog this error can be found in logfiles:
> WARN  [SearchResource] Unable to execute search: all shards failed
> 
> When i try the same search with offset 9995 im getting 5 Messages, so  the 
> error occurs exactly at 1 Messages, thats why i guess its this setting 
> from elasticsearch:
> https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-from-size.html
> 
> The Api call is successful if requested as text/csv.
> 
> Is there a way to get a configurable part from the result set over 1? The 
> goal is to implement a log list in a web application, whenever the user is 
> klicking next page, the next n events should be shown. 
> Maybe there is also a better way to go?
> 
> Cheers,
> Lukas
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/82fb9b8c-2096-4e47-83af-2395591c1130%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog company
Poolstrasse 21
20355 Hamburg
Germany

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2D633CE1-F411-49EB-A92F-893E2F023480%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread Marius Sturm 
Hi Sanhegi,
do you see any errors in the nxlog_stdout/stderr files under
/var/log/graylog/collector-sidecar? It could be that you started nxlog on
port 514 and there is another syslog already listening or something like
that? Are you sure that the firewall syslog messages can be processed by
nxlog, sometime firewalls send non standard syslog that fails at some point
of the logging pipeline.

Cheers,
Marius


On 30 May 2016 at 10:44, sangh  wrote:

> Hi, i didn't want to use a file as input. When i choose udp as input in
> the graylog web interface, i supposed i will get all the udp log from
> 0.0.0.0
>
> Le lundi 30 mai 2016 10:22:07 UTC+2, Jochen Schalanda a écrit :
>>
>> Hi,
>>
>> the firewall logs are probably written to a different file. nxlog simply
>> follows text files and sends their contents to Graylog, so you need to add
>> the log file containing the firewall logs to the nxlog configuration.
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 30 May 2016 09:55:36 UTC+2, sangh wrote:
>>>
>>> the log of the firewall i send them to Machine A.
>>> I install on Machine A nxlog and collector side car
>>> On graylog  Web interface, i configure input so i can get log of
>>> 0.0.0.0. However i don't receive the firewall log on the graylog server
>>> i do receive them on machine A but they are not sent to graylog server.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/6a896da7-5a48-4de9-91f0-01a5e421dbc7%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbLXTJLADPLVs3KLW_NhYTMAHeAktS4nnO8%2BBLgFhQ1C6g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread sangh 
Hi, i didn't want to use a file as input. When i choose udp as input in the 
graylog web interface, i supposed i will get all the udp log from 0.0.0.0  

Le lundi 30 mai 2016 10:22:07 UTC+2, Jochen Schalanda a écrit :
>
> Hi,
>
> the firewall logs are probably written to a different file. nxlog simply 
> follows text files and sends their contents to Graylog, so you need to add 
> the log file containing the firewall logs to the nxlog configuration.
>
> Cheers,
> Jochen
>
> On Monday, 30 May 2016 09:55:36 UTC+2, sangh wrote:
>>
>> the log of the firewall i send them to Machine A.
>> I install on Machine A nxlog and collector side car
>> On graylog  Web interface, i configure input so i can get log of 0.0.0.0. 
>> However i don't receive the firewall log on the graylog server
>> i do receive them on machine A but they are not sent to graylog server.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6a896da7-5a48-4de9-91f0-01a5e421dbc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Alerts not getting triggered Graylog v2.0.1

2016-05-30 Thread Rakesh R 
 

Hi, 

  Graylog is setup properly and there seems to be some issue with the 
alerts being triggered. Test mails are working fine. The alerts are 
triggered from the streams when the server is restarted and after some time 
the alerts are not triggered. I have checked the configuration and 
everything is fine. Can some one help me. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/29c9cc67-b670-4034-abf4-c416c0bbb594%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread sangh 
hi, 
i have two network. if i send directly from syslog i might loose some log 
when the network goes down

Le lundi 30 mai 2016 10:21:51 UTC+2, Jan Doberstein a écrit :
>
> Hello Person with no name, 
>
>
> Am 30. Mai 2016 um 09:55:38, sangh (sanhegi.manel=40gmail.com) schrieb: 
> > the log of the firewall i send them to Machine A. 
> > I install on Machine A nxlog and collector side car 
>
> you know that you can send in syslog direct to graylog, or=3F=C2=A0 
>
> http://docs.graylog.org/en/2.0/pages/sending=5Fdata.html=23syslog 
>
> > On graylog Web interface, i configure input so i can get log of 0.0.0.0= 
> . 
> > However i don't receive the firewall log on the graylog server 
> > i do receive them on machine A but they are not sent to graylog server.= 
>
>
> You need to check the nxlog configuration first, if the logs are send out= 
>  then check if the connection between machine a and your graylog server i= 
> s possible. 
>
> regards 
> Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b097b16c-a379-4770-ba5b-9c7dae5c60b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: graylog-ctl set-email-config [--port= --user= --password=]

2016-05-30 Thread Jochen Schalanda 
Hi,

you're missing a blank between --port and 587.

Cheers,
Jochen

On Thursday, 26 May 2016 12:53:53 UTC+2, rvb n wrote:
>
> This command showing the attached error. pls help
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3ba3eab7-6ae9-4731-bb2f-ced08c9ffcec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: unable to send email alert

2016-05-30 Thread Jochen Schalanda 
Hi,

what's your current configuration for the email transport?


Cheers,
Jochen

On Thursday, 26 May 2016 15:14:43 UTC+2, rvb n wrote:
>
>
> Hi 
>
> Please find the attachment. I am getting this error while send test mail 
> pls advice
>  
> On Thursday, May 26, 2016 at 2:21:17 PM UTC+5:30, rvb n wrote:
>>
>> I am using ctlscript  to configure mail . can you give some working 
>> sample config for mail alert pls
>>
>> On Thursday, May 26, 2016 at 11:51:17 AM UTC+5:30, rvb n wrote:
>>>
>>> Thanks for the reply, There are Two config file to configure mail 
>>> 1)  graylog-settings.json
>>> 2) opt/graylog/conf#  graylog.conf
>>>
>>> Which one i want to use to configure graylog mail. pls advice
>>>
>>> On Wednesday, May 25, 2016 at 8:05:34 PM UTC+5:30, Jochen Schalanda 
>>> wrote:

 Hi,

 you need to configure the email transport in your Graylog configuration 
 file, see 
 http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#configuration-commands
  
 and 
 https://github.com/Graylog2/graylog2-server/blob/2.0.1/misc/graylog.conf#L401-L411
 .

 Cheers,
 Jochen

 On Wednesday, 25 May 2016 14:55:22 UTC+2, rvb n wrote:
>
> I am getting attached error while i tr to send test  alert plshelp
>


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2b598f01-aaee-49a5-bb31-15a6eb890e9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: ldap or active directory settings not stored

2016-05-30 Thread Leittechnik SUN 
Hi Jochen, I'm not trained with mongodb, so what have i to do for looking, 
changing or deleting "ldap_settings" collection in mongodb? searched in 
graylog help, but can't find anything.
Wolfgang

Am Mittwoch, 25. Mai 2016 07:48:44 UTC+2 schrieb Leittechnik SUN:
>
> hi,
> after upgrading from graylog 1.3.4 to graylog 2.0.1.2 it seems, all works 
> fine. But on loging to web gui, only the local admin acount works. with my 
> users, derfined in "manage users", there is no login possible.
> i go to the konfig page for ladp / ad settings and find all masks are 
> empty. i set all necessary fields, tested it, stored it, (graylog says: 
> settings stored), leaved the settings page, go back, and: all settings are 
> clean.
>
> so it seems, graylog doesn't store the settings correct.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/54948039-77fb-42b3-b304-c3d8b88ef645%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread Jochen Schalanda 
Hi,

the firewall logs are probably written to a different file. nxlog simply 
follows text files and sends their contents to Graylog, so you need to add 
the log file containing the firewall logs to the nxlog configuration.

Cheers,
Jochen

On Monday, 30 May 2016 09:55:36 UTC+2, sangh wrote:
>
> the log of the firewall i send them to Machine A.
> I install on Machine A nxlog and collector side car
> On graylog  Web interface, i configure input so i can get log of 0.0.0.0. 
> However i don't receive the firewall log on the graylog server
> i do receive them on machine A but they are not sent to graylog server.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/abc8c389-c11d-4b94-b4f4-01301a6186f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread Jan Doberstein 
Hello Person with no name,


Am 30. Mai 2016 um 09:55:38, sangh (sanhegi.manel=40gmail.com) schrieb:
> the log of the firewall i send them to Machine A.
> I install on Machine A nxlog and collector side car

you know that you can send in syslog direct to graylog, or=3F=C2=A0

http://docs.graylog.org/en/2.0/pages/sending=5Fdata.html=23syslog

> On graylog Web interface, i configure input so i can get log of 0.0.0.0=
.
> However i don't receive the firewall log on the graylog server
> i do receive them on machine A but they are not sent to graylog server.=


You need to check the nxlog configuration first, if the logs are send out=
 then check if the connection between machine a and your graylog server i=
s possible.

regards
Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/etPan.574bf818.27d9d633.d228%40jalogisch.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Message signed with OpenPGP using AMPGpg

Re: [graylog2] How to limit size of log injected/collected into graylog ?

2016-05-30 Thread Jan Doberstein 
Hej,

Am 30. Mai 2016 um 00:53:15, Nevalystha Pingkan Dumanauw
(nevalystha...@gmail.com) schrieb:
> I am new in Graylog. Actually, my company is planning to use Graylog as a
> log management system. We have installed it in our server, but when we run
> it, Graylog has consumed the server's CPU & memory usage, and it cause
> crash in our server. Is there any way to limit log size that collected in
> Graylog? Or is there a way to limit what is received on the server side?

The load of your System depends of many factors. The amount of Logs is
one central point. But also how many Streams and extractors you are
running will have a impact on your experience.

Without knowledge about your Setup, what Hardware/how many resources
your Graylog Server has. How many Logstreams you pump into the Systems
and more like that we would only look into our oracle bowl.

In general you are able to limit the amount of logs you send to the
system, but you can not limit the amount you receive on the Server.

regards
Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGm-bLZbBj7P3Da-3sELJt_cZeVPNMu0cODH7yLwVX19yeQxEg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread sangh 
the log of the firewall i send them to Machine A.
I install on Machine A nxlog and collector side car
On graylog  Web interface, i configure input so i can get log of 0.0.0.0. 
However i don't receive the firewall log on the graylog server
i do receive them on machine A but they are not sent to graylog server.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cec2f977-f0d9-4c96-821f-24e05f735d08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] ็How to purge LOG on graylog ova 2.0? and How extend root partition?

2016-05-30 Thread Jan Doberstein 
Hej,

you can / need to set the indices rotation in the web interface to
have log rotation.

How you can extend your root partition? It depends on your Setup and
used Software.

But, please follow point 3.1.1 of RFC1855 (https://tools.ietf.org/html/rfc1855)

thank you
Jan



Am 30. Mai 2016 um 05:07:36, ชีระวิทย์ ภูริเดชชัยพัฒน์
(cheraw...@gmail.com) schrieb:
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/989cb2c5-1544-4527-ac84-c4e782b3895e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGm-bLYxpxRBBvqpyZKoabygoF4Su0L4SMAam%3DjqrVOC12pHbA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread Jan Doberstein 
Hej,

sorry can you please write your question in other words? I did not get it.

thx
Jan


Am 30. Mai 2016 um 09:33:06, sangh (sanhegi.ma...@gmail.com) schrieb:
> I am using collector side car on linux i can get the machine log however i
> don't for the firewall log that i forward to my Nxlog machine ??
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/441a99f9-7c9d-4b1b-a89e-9626fa67b0ac%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGm-bLa4rzy%2BM0stpy8zxNPcz%3DD9OTgfGa%3D0_erwwmKXmY%3DXLg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] collector side car + nxlog doesnt forward firewall log

2016-05-30 Thread sangh 
I am using collector side car on linux i can get the machine log however i 
don't for the firewall log that i forward to my Nxlog machine ??

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/441a99f9-7c9d-4b1b-a89e-9626fa67b0ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: specially chars for admin password not allowed ?

2016-05-30 Thread Leittechnik SUN 
ok, realy simple, i'm able to set the password now. And after setting the 
new password ist necessary to do: graylog-ctl reconfigure.. ?
thanks

Am Mittwoch, 25. Mai 2016 08:16:58 UTC+2 schrieb Leittechnik SUN:
>
> hi,
> i want to change the admin password to some strong password. i tried to 
> change the password on the web-gui, but graylog say "could not update 
> password, verify your current password ist correct". Now i tried it by 
> ubuntu console and command "graylog-ctl set-admin-password".  by example: 
> graylog-ctl set-admin-password !0911!alpHa4#.
> i get the message:bash: !0911: event not found
> so it seems, graylog can't store passwords with "!" for the admin account. 
> on other local user accounts i can give them a strong password with "!" 
> chars.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9f8e8b7c-32be-43d6-99bb-4d9fa3b4c698%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.