[graylog2] Re: No search permissions for non-admin users in 0.20.0-rc2?

2014-02-12 Thread cornelius . rolf 
Hi Wiley,

I had the same problem 4 weeks ago ;-)
You have to use streams and permit usage of them to your non-admin-users.

Bye, Cornelius


Am Mittwoch, 12. Februar 2014 01:39:47 UTC+1 schrieb Wiley Sanders:
>
>
> I
>  
> just installed 0.20.0-rc2 and non-admin ("reader") users can't use the 
> search page, click on image to the Left, (?? - Groups may put this image in 
> some random location on this page).
>
> Is Graylog2 supposed to work this way? I can give non-admin users access 
> to "Everything" for Streams and Dashboards but I see no options for Search.
>
> It seems as though everyone should at least be able to search, somehow.
>
>
> Thanks,
>
> -w
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Dashboard config export

2014-02-12 Thread Jean-Luc Bassereau 
Hello,

In our IT architecture, we have Dev servers and Prod servers. We are
testing settings on Dev servers and we apply these settings on Prod servers
when these settings seem good.
Is it possible to export Dashboard and/or Stream settings from a Graylog2
instance and then import it into another one ?

-- 
Regards,
Jean-Luc Bassereau

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: No search permissions for non-admin users in 0.20.0-rc2?

2014-02-12 Thread Kay Röpke 
Hi folks!

I've made https://github.com/Graylog2/graylog2-web-interface/issues/615 
Y'all convinced me to change the interface for 0.20.0 final.

Thanks,
Kay

On Wednesday, February 12, 2014 9:10:30 AM UTC+1, corneli...@gmail.com 
wrote:
>
> Hi Wiley,
>
> I had the same problem 4 weeks ago ;-)
> You have to use streams and permit usage of them to your non-admin-users.
>
> Bye, Cornelius
>
>
> Am Mittwoch, 12. Februar 2014 01:39:47 UTC+1 schrieb Wiley Sanders:
>>
>>
>> I
>>  
>> just installed 0.20.0-rc2 and non-admin ("reader") users can't use the 
>> search page, click on image to the Left, (?? - Groups may put this image in 
>> some random location on this page).
>>
>> Is Graylog2 supposed to work this way? I can give non-admin users access 
>> to "Everything" for Streams and Dashboards but I see no options for Search.
>>
>> It seems as though everyone should at least be able to search, somehow.
>>
>>
>> Thanks,
>>
>> -w
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: Dashboard config export

2014-02-12 Thread Kay Röpke 
No, we don't have that feature yet.
Could you please create a github issue for this?

To work around this problem you could use the REST API to create the 
streams automatically, if you have lots of them.
Otherwise I'm afraid this will be a manual process :(

Best,
Kay

On Wednesday, February 12, 2014 11:03:18 AM UTC+1, Jean-Luc Bassereau wrote:
>
> Hello,
>
> In our IT architecture, we have Dev servers and Prod servers. We are 
> testing settings on Dev servers and we apply these settings on Prod servers 
> when these settings seem good.
> Is it possible to export Dashboard and/or Stream settings from a Graylog2 
> instance and then import it into another one ?
>
> -- 
> Regards,
> Jean-Luc Bassereau 
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: v0.20.0-rc.2: Incorrect Indices count

2014-02-12 Thread Kay Röpke 
Hi!

>From the number of messages I assume you only have one index?
Is there any problem shown with the elasticsearch cluster?

Thanks,
Kay

On Tuesday, February 11, 2014 10:09:04 PM UTC+1, Joe Vandermark wrote:
>
> .. in system-> Indices the count of active indices is incorrect.
>
>   0 indices with a total of 15,264 messages under management.
>
> -Joe
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: Message-Details-Window-size decreases when scrolling down the list in RC2

2014-02-12 Thread Kay Röpke 
Yes we noticed this as well, unsure what changed at the moment.

i've created an issue: 
https://github.com/Graylog2/graylog2-web-interface/issues/616

thanks,
Kay



On Wednesday, February 12, 2014 9:47:27 AM UTC+1, corneli...@gmail.com 
wrote:
>
> Hi,
>
> when doing a search and clicking on a message, the message-content is 
> displayed at the right side. But when scrolling down a little bit, the 
> message-content-window decreases in size (tried with Firefox & Iron). I 
> haven't observed this in any previous version...
>
> Bye, Cornelius
>
>
>
>
>
>
>  src="data:image/png;base64,iVBORw0KGgoNSUhEUgAABo4AAAOnCAIAAACRYSN/AAAgAElEQVR4nOzd/19Udf7/f/6L/eWlyDf5DuoRzdRN2620yMwss2l5bbXb7mu34LW2lbpEbbuf9yqzWWvFgqYbG35rSUWMV6vQkoGCiqhjaKFoOmjAOOSAwojw/PzwlGfHc2YOozLA4O16mVeNj3PO88sZ6OXc93nOCZsxfcaMGdNnSNNnzJgxkwoVKlSoUKFChQoVKlSoUKFChQoVKrdfOXa4RgTmjTfemDVrVtjdd913T59+9913T797+t3Tp0+nQoUKFSpUqFChQoUKFSpUqFChQoXK7VdkVHfscM2Ar+tR3bQf3D3t7mk3okKFChUqVKhQoUKFChUqVKhQoUKFyi1Wbjqqmzp16tSpU++aOnWKekeFChUqVKhQoUKFChUqVKhQoUKFyuiqpE2ZMmXKlClTp6h/32YlkN5vOqqTzafJV1r/OypUqFChQoUKFSpUqFChQoUKFSpURktlZlpa0U9+XPXA7MF6bbj3xz+enDZg7zcd1U1OS0ubPDlt8
> ...

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Defaults for users authenticating through LDAP

2014-02-12 Thread Ali Polatel 
Hello,

We have been testing the newly released -rc2 with LDAP authentication.
Thanks for the great work, it looks very well so far. I have two
questions though.

We have a few streams and dashboards. Whenever a person logs in through
LDAP a user is created on Graylog. I can then edit his/her default
permissions for streams and dashboards. However, it would be more
practical if I could somehow assign the list of default readable
streams and dashboards for new users. Is this possible? It seems I can
script this and edit the graylog.users table on the database but I am
looking for a one-time solution so that I will not need to edit the
database for every new user. The same goes for custom start pages. It
would be very practical if there were an option to assign a default
custom start page. We have a dashboard view we want to use as default
for all users.

My second question is about the 'Search' page. Is this meant as a
global search irrelevant from streams? If so what are the required
permissions I can set for a reader to do a global search?

-- 
Ali Polatel
Özgür Yazılım A.Ş.~$
http://www.ozguryazilim.com.tr


signature.asc
Description: PGP signature

[graylog2] rc2: gelf udp input aborts at first JSON parse error

2014-02-12 Thread Martin René Mortensen 
Hi,

Im outputting GELF directory from apache, it may be a stretch, but it 
seemed to work. lately it doesnt, because of JSON parse errors, and at the 
first error it stops the input somehow, doesnt get any more messages.


This is the error in graylog2 server log :
12:42:29,377 ERROR [GELFProcessor] Could not parse JSON!
com.fasterxml.jackson.core.JsonParseException: Unrecognized character 
escape 'x'
 (code 120)
 at [Source: java.io.StringReader@791b6956; line: 1, column: 409]

This is a sample log (I also log to files) :

{ "version": "1.1", "host": "somehost.example.com", "level": 6, 
"timestamp": 1392205765, "short_message": "POST /ws/pure4WebService/ 
HTTP/1.1", "_user-agent": "Oracle HTTPClient Version 10h", "_client": 
"1.1.127.198", "_duration_usec": 263475, "_duration_sec": 0, "_status": 
200, "_request_path": "/ws/pure4WebService/", "_request": 
"/ws/pure4WebService/", "_method": "POST", "_referrer": "-", "_hostheader": 
"www1.example.com", "_bytes": 50378, "_scheme": "-" }


It validates fine as JSON on jsonlint.com, but its probably not the log 
message its complaining about - but I dont know which. I dont escape my 
'x''s.

/Martin

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: v0.20.0-rc.2: Incorrect Indices count

2014-02-12 Thread Joe Vandermark 
Yes, just one index (fresh install) and it is working fine.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: v0.20.0-rc.2: Incorrect Indices count

2014-02-12 Thread Lennart Koopmann 
Can you try to manually re-calculating the index ranges? System ->
Indices -> Maintenance dropdown menu -> Recalculate index ranges

Thanks!

On Wed, Feb 12, 2014 at 1:40 PM, Joe Vandermark
 wrote:
> Yes, just one index (fresh install) and it is working fine.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] rc2: gelf udp input aborts at first JSON parse error

2014-02-12 Thread Lennart Koopmann 
We have identified that as a connection handling problem in the inputs
and will fix it ASAP. Thanks!

On Wed, Feb 12, 2014 at 12:52 PM, Martin René Mortensen
 wrote:
> Hi,
>
> Im outputting GELF directory from apache, it may be a stretch, but it seemed
> to work. lately it doesnt, because of JSON parse errors, and at the first
> error it stops the input somehow, doesnt get any more messages.
>
>
> This is the error in graylog2 server log :
> 12:42:29,377 ERROR [GELFProcessor] Could not parse JSON!
> com.fasterxml.jackson.core.JsonParseException: Unrecognized character escape
> 'x'
>  (code 120)
>  at [Source: java.io.StringReader@791b6956; line: 1, column: 409]
>
> This is a sample log (I also log to files) :
>
> { "version": "1.1", "host": "somehost.example.com", "level": 6, "timestamp":
> 1392205765, "short_message": "POST /ws/pure4WebService/ HTTP/1.1",
> "_user-agent": "Oracle HTTPClient Version 10h", "_client": "1.1.127.198",
> "_duration_usec": 263475, "_duration_sec": 0, "_status": 200,
> "_request_path": "/ws/pure4WebService/", "_request": "/ws/pure4WebService/",
> "_method": "POST", "_referrer": "-", "_hostheader": "www1.example.com",
> "_bytes": 50378, "_scheme": "-" }
>
>
> It validates fine as JSON on jsonlint.com, but its probably not the log
> message its complaining about - but I dont know which. I dont escape my
> 'x''s.
>
> /Martin
>
> --
> You received this message because you are subscribed to the Google Groups
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: rc2: gelf udp input aborts at first JSON parse error

2014-02-12 Thread Kay Röpke 
Hi!
Part of this is related 
to https://github.com/Graylog2/graylog2-server/issues/426 which we are in 
the process of fixing right now.
Does that parse error give any more information in the stacktrace, or 
doesn't it actually print the invalid json?
If not, I'll try to get it to print it out on a debug level, so we have a 
chance to see if it's the json that's actually invalid or the json parser 
that's misbehaving (which would most likely be a configuration issues for 
it then).

cheers,
-k

On Wednesday, February 12, 2014 12:52:16 PM UTC+1, Martin René Mortensen 
wrote:
>
> Hi,
>
> Im outputting GELF directory from apache, it may be a stretch, but it 
> seemed to work. lately it doesnt, because of JSON parse errors, and at the 
> first error it stops the input somehow, doesnt get any more messages.
>
>
> This is the error in graylog2 server log :
> 12:42:29,377 ERROR [GELFProcessor] Could not parse JSON!
> com.fasterxml.jackson.core.JsonParseException: Unrecognized character 
> escape 'x'
>  (code 120)
>  at [Source: java.io.StringReader@791b6956; line: 1, column: 409]
>
> This is a sample log (I also log to files) :
>
> { "version": "1.1", "host": "somehost.example.com", "level": 6, 
> "timestamp": 1392205765, "short_message": "POST /ws/pure4WebService/ 
> HTTP/1.1", "_user-agent": "Oracle HTTPClient Version 10h", "_client": 
> "1.1.127.198", "_duration_usec": 263475, "_duration_sec": 0, "_status": 
> 200, "_request_path": "/ws/pure4WebService/", "_request": 
> "/ws/pure4WebService/", "_method": "POST", "_referrer": "-", "_hostheader": 
> "www1.example.com", "_bytes": 50378, "_scheme": "-" }
>
>
> It validates fine as JSON on jsonlint.com, but its probably not the log 
> message its complaining about - but I dont know which. I dont escape my 
> 'x''s.
>
> /Martin
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Re: rc2: gelf udp input aborts at first JSON parse error

2014-02-12 Thread Martin René Mortensen 
It doesnt print the bad JSON, and I tried checking all logs with x as the 
401th character, theres alot, and all I tested validates on jsonlint.com.

Maybe its too much a stretch to log directly from apache, it doesnt escape 
the urlpaths, its quite possible theres invalid or non-utf8 stuff in there, 
but I just cant find it.

On Wednesday, 12 February 2014 15:20:22 UTC+1, Kay Röpke wrote:
>
> Hi!
> Part of this is related to 
> https://github.com/Graylog2/graylog2-server/issues/426 which we are in 
> the process of fixing right now.
> Does that parse error give any more information in the stacktrace, or 
> doesn't it actually print the invalid json?
> If not, I'll try to get it to print it out on a debug level, so we have a 
> chance to see if it's the json that's actually invalid or the json parser 
> that's misbehaving (which would most likely be a configuration issues for 
> it then).
>
> cheers,
> -k
>
> On Wednesday, February 12, 2014 12:52:16 PM UTC+1, Martin René Mortensen 
> wrote:
>>
>> Hi,
>>
>> Im outputting GELF directory from apache, it may be a stretch, but it 
>> seemed to work. lately it doesnt, because of JSON parse errors, and at the 
>> first error it stops the input somehow, doesnt get any more messages.
>>
>>
>> This is the error in graylog2 server log :
>> 12:42:29,377 ERROR [GELFProcessor] Could not parse JSON!
>> com.fasterxml.jackson.core.JsonParseException: Unrecognized character 
>> escape 'x'
>>  (code 120)
>>  at [Source: java.io.StringReader@791b6956; line: 1, column: 409]
>>
>> This is a sample log (I also log to files) :
>>
>> { "version": "1.1", "host": "somehost.example.com", "level": 6, 
>> "timestamp": 1392205765, "short_message": "POST /ws/pure4WebService/ 
>> HTTP/1.1", "_user-agent": "Oracle HTTPClient Version 10h", "_client": 
>> "1.1.127.198", "_duration_usec": 263475, "_duration_sec": 0, "_status": 
>> 200, "_request_path": "/ws/pure4WebService/", "_request": 
>> "/ws/pure4WebService/", "_method": "POST", "_referrer": "-", "_hostheader": 
>> "www1.example.com", "_bytes": 50378, "_scheme": "-" }
>>
>>
>> It validates fine as JSON on jsonlint.com, but its probably not the log 
>> message its complaining about - but I dont know which. I dont escape my 
>> 'x''s.
>>
>> /Martin
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: v0.20.0-rc.2: Incorrect Indices count

2014-02-12 Thread Joe Vandermark 
It's showing one (1) index now. 


On Wednesday, February 12, 2014 7:54:24 AM UTC-6, lennart wrote:
>
> Can you try to manually re-calculating the index ranges? System -> 
> Indices -> Maintenance dropdown menu -> Recalculate index ranges 
>
> Thanks! 
>
> On Wed, Feb 12, 2014 at 1:40 PM, Joe Vandermark 
> > wrote: 
> > Yes, just one index (fresh install) and it is working fine. 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "graylog2" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > For more options, visit https://groups.google.com/groups/opt_out. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: v0.20.0-rc.2: Incorrect Indices count

2014-02-12 Thread Lennart Koopmann 
That should be correct, right?

On Wed, Feb 12, 2014 at 4:53 PM, Joe Vandermark
 wrote:
> It's showing one (1) index now.
>
>
> On Wednesday, February 12, 2014 7:54:24 AM UTC-6, lennart wrote:
>>
>> Can you try to manually re-calculating the index ranges? System ->
>> Indices -> Maintenance dropdown menu -> Recalculate index ranges
>>
>> Thanks!
>>
>> On Wed, Feb 12, 2014 at 1:40 PM, Joe Vandermark
>>  wrote:
>> > Yes, just one index (fresh install) and it is working fine.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "graylog2" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an email to graylog2+u...@googlegroups.com.
>> > For more options, visit https://groups.google.com/groups/opt_out.
>
> --
> You received this message because you are subscribed to the Google Groups
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Cannot get inputs working

2014-02-12 Thread Tom Kinsella 
I have setup rSyslog : 

*.* @@10.0.32.63:515

but tcpdump show nothing :

[root@syslog01 opt]# tcpdump port 515 -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 
bytes

In rSyslog I created a Syslog TCP Input : 


   - allow_override_date: true
   - port: 515
   - bind_address: 0.0.0.0
   - store_full_message: true
   - force_rdns: true


But then it fails to start. In the server.log file I see : 

10:24:38,130 ERROR [SyslogTCPInput] Could not bind syslog TCP input to 
address /0.0.0.0:515
org.jboss.netty.channel.ChannelException: Failed to bind to: /0.0.0.0:515
at org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272)
at 
org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:79)
at org.graylog2.inputs.InputRegistry$1.run(InputRegistry.java:78)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at 
org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193)
at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:372)
at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:296)
at 
org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42)
at 
org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at 
org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
... 3 more
10:24:38,134 ERROR [InputRegistry] The 
[org.graylog2.inputs.syslog.tcp.SyslogTCPInput] input with ID 
<52fbbc66e4b0165393ef0f8e> was accepted but misfired. Reason: Could not 
bind syslog TCP input to address /0.0.0.0:515, Failed to bind to: 
/0.0.0.0:515, Permission denied
org.graylog2.plugin.inputs.MisfireException: Could not bind syslog TCP 
input to address /0.0.0.0:515
at 
org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:84)
at org.graylog2.inputs.InputRegistry$1.run(InputRegistry.java:78)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.jboss.netty.channel.ChannelException: Failed to bind to: 
/0.0.0.0:515
at org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272)
at 
org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:79)
... 6 more
Caused by: java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at 
org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193)
at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:372)
at 
org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:296)
at 
org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42)
... 3 more




Any help Please?!

Thanks!

Tom


-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] Permission denied to input on syslog port 514

2014-02-12 Thread André Coelho 
Hi All
I have this version of graylog installed on ubuntu 12.04:
Graylog2-server (Current: 0.20-rc.1-1)
Graylog2-web (Current: 0.20-rc.2)
Graylog2-radio Current: 0.20-rc.2)

When I try to add a global Syslog Input to listen on port 514 TCP or UDP 
(bind address: 0.0.0.0) the server gives this error:
Input 52fbb0d5e4b0a4cfa9f30f88 has failed to start on node 
f728fbee-73f5-4a3a-a0f1-c10511eed089 for this reason: "Could not bind UDP 
syslog input to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, 
Permission denied". This means that you are unable to receive any messages 
from this input. This is mostly an indication for a misconfiguration or an 
error. You can click here  to 
solve this
And the log looks like this:
*2014-02-12 16:16:39,732 ERROR: org.graylog2.inputs.InputRegistry - The 
[org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID 
<52fbba87e4b0f89aaac73a29> misfired. Reason: Could not bind UDP syslog 
input to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, Permission 
denied*


This looks like the user that graylog runs does not have permission to bind 
port 514.

Someone knows how to fix this?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] graylog2-server-0.20.0-rc.2 fails to run

2014-02-12 Thread Lennart Koopmann 
> not same cluster_name [elasticsearch]

Seems like your graylog2-server node is running with cluster.name
"elasticsearch" and your ElasticSearch node(s) are not. You need to
set the same cluster.name everywhere.

On Wed, Feb 12, 2014 at 6:40 PM, Craig Blake  wrote:
> Hi, I'm trying to get graylog2 up and running for the first time and am
> continually getting errors about a missing ElasticSearch master.
>
> I'm following the directions here:
> http://support.torch.sh/help/kb/graylog2-server/installing-graylog2-server-v020x-on-nix-systems
>
>
>
> This is the configuration I'm using, built by following the directions at
> the above link and adding a change to disable multicast discovery from here:
> http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200
>
> is_master = true
> node_id_file = /etc/graylog2-server-node-id
> password_secret = 
> root_password_sha2 = 
> plugin_dir = plugin
> rest_listen_uri = http://127.0.0.1:12900/
> elasticsearch_max_docs_per_index = 2000
> elasticsearch_max_number_of_indices = 20
> retention_strategy = delete
> elasticsearch_shards = 4
> elasticsearch_replicas = 0
> elasticsearch_index_prefix = graylog2
> allow_leading_wildcard_searches = false
> elasticsearch_cluster_name = elasticsearch
> elasticsearch_discovery_zen_ping_multicast_enabled = false
> elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
> elasticsearch_analyzer = standard
> output_batch_size = 5000
> processbuffer_processors = 5
> outputbuffer_processors = 5
> processor_wait_strategy = blocking
> ring_size = 1024
> mongodb_useauth = true
> mongodb_user = graylog2
> mongodb_password = 
> mongodb_replica_set = mongo01:27017,mongo02:27017
> mongodb_database = graylog2
> mongodb_port = 27017
> mongodb_host = mongo01
> mongodb_max_connections = 100
> mongodb_threads_allowed_to_block_multiplier = 5
> transport_email_enabled = false
> transport_email_hostname = mail.example.com
> transport_email_port = 587
> transport_email_use_auth = true
> transport_email_use_tls = true
> transport_email_use_ssl = true
> transport_email_auth_username = y...@example.com
> transport_email_auth_password = secret
> transport_email_subject_prefix = [graylog2]
> transport_email_from_email = grayl...@example.com
>
>
>
> I notice in the output some DEBUG messages that say this:
>
> 2014-02-12 17:30:43,380 DEBUG: org.elasticsearch.discovery.zen.ping.unicast
> - [graylog2-server] [2] filtering out response from
> [Scorpio][GrPJicD8TV6Kvaig7ZbLhQ][inet[/10.3.108.55:9300]], not same
> cluster_name [elasticsearch]
>
>
>
> And then the server fails with this error:
>
> 2014-02-12 17:30:48,377 ERROR: org.graylog2.Main -
>
> 
>
> ERROR: No ElasticSearch master was found.
>
> Need help?
>
> * Official documentation: http://support.torch.sh/help/kb
> * Mailing list: http://support.torch.sh/help/kb/general/forums-mailing-list
> * Issue tracker: http://support.torch.sh/help/kb/general/issue-trackers
> * Commercial support: http://www.torch.sh/
>
> But we also got some specific help pages that might help you in this case:
>
> *
> http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200
>
> Terminating. :(
>
> 
>
>
> Any ideas what the problem is?
>
> Thanks,
> Craig
>
> ~
>
> --
> You received this message because you are subscribed to the Google Groups
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Cannot get inputs working

2014-02-12 Thread Lennart Koopmann 
You need to be root to bind sockets on ports <=1024 on most *NIX
systems. Either run graylog2-server as root (not recommended) or use a
port higher than 1024.  You could also try to give the local user than
runs graylog2-server permission to bind to those restricted ports, but
usually just choosing a higher port is the easiest solution.

On Wed, Feb 12, 2014 at 7:26 PM, Tom Kinsella  wrote:
> I have setup rSyslog :
>
> *.* @@10.0.32.63:515
>
> but tcpdump show nothing :
>
> [root@syslog01 opt]# tcpdump port 515 -v
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
> bytes
>
> In rSyslog I created a Syslog TCP Input :
>
> allow_override_date: true
> port: 515
> bind_address: 0.0.0.0
> store_full_message: true
> force_rdns: true
>
>
> But then it fails to start. In the server.log file I see :
>
> 10:24:38,130 ERROR [SyslogTCPInput] Could not bind syslog TCP input to
> address /0.0.0.0:515
> org.jboss.netty.channel.ChannelException: Failed to bind to: /0.0.0.0:515
> at org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272)
> at
> org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:79)
> at org.graylog2.inputs.InputRegistry$1.run(InputRegistry.java:78)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:744)
> Caused by: java.net.SocketException: Permission denied
> at sun.nio.ch.Net.bind0(Native Method)
> at sun.nio.ch.Net.bind(Net.java:444)
> at sun.nio.ch.Net.bind(Net.java:436)
> at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
> at
> org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193)
> at
> org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:372)
> at
> org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:296)
> at
> org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42)
> at
> org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
> at
> org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
> ... 3 more
> 10:24:38,134 ERROR [InputRegistry] The
> [org.graylog2.inputs.syslog.tcp.SyslogTCPInput] input with ID
> <52fbbc66e4b0165393ef0f8e> was accepted but misfired. Reason: Could not bind
> syslog TCP input to address /0.0.0.0:515, Failed to bind to: /0.0.0.0:515,
> Permission denied
> org.graylog2.plugin.inputs.MisfireException: Could not bind syslog TCP input
> to address /0.0.0.0:515
> at
> org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:84)
> at org.graylog2.inputs.InputRegistry$1.run(InputRegistry.java:78)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:744)
> Caused by: org.jboss.netty.channel.ChannelException: Failed to bind to:
> /0.0.0.0:515
> at org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272)
> at
> org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:79)
> ... 6 more
> Caused by: java.net.SocketException: Permission denied
> at sun.nio.ch.Net.bind0(Native Method)
> at sun.nio.ch.Net.bind(Net.java:444)
> at sun.nio.ch.Net.bind(Net.java:436)
> at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
> at
> org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193)
> at
> org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:372)
> at
> org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:296)
> at
> org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42)
> ... 3 more
>
>
>
>
> Any help Please?!
>
> Thanks!
>
> Tom
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/o

Re: [graylog2] Permission denied to input on syslog port 514

2014-02-12 Thread Lennart Koopmann 
You need to be root to bind sockets on ports <=1024 on most *NIX
systems. Either run graylog2-server as root (not recommended) or use a
port higher than 1024.  You could also try to give the local user than
runs graylog2-server permission to bind to those restricted ports, but
usually just choosing a higher port is the easiest solution.

On Wed, Feb 12, 2014 at 7:19 PM, André Coelho  wrote:
> Hi All
> I have this version of graylog installed on ubuntu 12.04:
> Graylog2-server (Current: 0.20-rc.1-1)
> Graylog2-web (Current: 0.20-rc.2)
> Graylog2-radio Current: 0.20-rc.2)
>
> When I try to add a global Syslog Input to listen on port 514 TCP or UDP
> (bind address: 0.0.0.0) the server gives this error:
> Input 52fbb0d5e4b0a4cfa9f30f88 has failed to start on node
> f728fbee-73f5-4a3a-a0f1-c10511eed089 for this reason: "Could not bind UDP
> syslog input to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514,
> Permission denied". This means that you are unable to receive any messages
> from this input. This is mostly an indication for a misconfiguration or an
> error. You can click here to solve this
> And the log looks like this:
> 2014-02-12 16:16:39,732 ERROR: org.graylog2.inputs.InputRegistry - The
> [org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID
> <52fbba87e4b0f89aaac73a29> misfired. Reason: Could not bind UDP syslog input
> to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, Permission denied
>
>
> This looks like the user that graylog runs does not have permission to bind
> port 514.
>
> Someone knows how to fix this?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "graylog2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] graylog2-server-0.20.0-rc.2 fails to run

2014-02-12 Thread Craig Blake 
Hi, I'm trying to get graylog2 up and running for the first time and am 
continually getting errors about a missing ElasticSearch master.

I'm following the directions here: 
http://support.torch.sh/help/kb/graylog2-server/installing-graylog2-server-v020x-on-nix-systems



This is the configuration I'm using, built by following the directions at 
the above link and adding a change to disable multicast discovery from 
here: 
http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200

is_master = true
node_id_file = /etc/graylog2-server-node-id
password_secret = 
root_password_sha2 = 
plugin_dir = plugin
rest_listen_uri = http://127.0.0.1:12900/
elasticsearch_max_docs_per_index = 2000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog2
allow_leading_wildcard_searches = false
elasticsearch_cluster_name = elasticsearch
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
elasticsearch_analyzer = standard
output_batch_size = 5000
processbuffer_processors = 5
outputbuffer_processors = 5
processor_wait_strategy = blocking
ring_size = 1024
mongodb_useauth = true
mongodb_user = graylog2
mongodb_password = 
mongodb_replica_set = mongo01:27017,mongo02:27017
mongodb_database = graylog2
mongodb_port = 27017
mongodb_host = mongo01
mongodb_max_connections = 100
mongodb_threads_allowed_to_block_multiplier = 5
transport_email_enabled = false
transport_email_hostname = mail.example.com
transport_email_port = 587
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = y...@example.com
transport_email_auth_password = secret
transport_email_subject_prefix = [graylog2]
transport_email_from_email = grayl...@example.com



I notice in the output some DEBUG messages that say this:

2014-02-12 17:30:43,380 DEBUG: org.elasticsearch.discovery.zen.ping.unicast 
- [graylog2-server] [2] filtering out response from 
[Scorpio][GrPJicD8TV6Kvaig7ZbLhQ][inet[/10.3.108.55:9300]], not same 
cluster_name [elasticsearch]



And then the server fails with this error:

2014-02-12 17:30:48,377 ERROR: org.graylog2.Main - 



ERROR: No ElasticSearch master was found.

Need help?

* Official documentation: http://support.torch.sh/help/kb
* Mailing list: http://support.torch.sh/help/kb/general/forums-mailing-list
* Issue tracker: http://support.torch.sh/help/kb/general/issue-trackers
* Commercial support: http://www.torch.sh/

But we also got some specific help pages that might help you in this case:

* 
http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200

Terminating. :(




Any ideas what the problem is?

Thanks,
Craig

~

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.