Re: [graylog2] graylog OVA 1.1 upgrade
Ok, How did you do this? I just ran through the instructions on the website which were the following: wget https://packages.graylog2.org/releases/graylog2-omnibus/ubuntu/graylog_latest.deb sudo graylog-ctl stop sudo dpkg -G -i graylog_latest.deb sudo graylog-ctl reconfigure and it still says its version 1.0? any ideas? On Tuesday, June 16, 2015 at 7:41:15 PM UTC-6, Chris G wrote: I did the update tonight, everything went smooth and I had no issues. Pretty easy actually; just unzipped packages then renamed old directories for server and web to have _old at end. Then renamed new folders to match server and web i believe then started services again. On Tue, Jun 16, 2015 at 9:10 PM, Dana Champine da...@wildcatracing.com javascript: wrote: I am out of the office until Monday I planned to do it then. Will update asap. Sent from my iPhone On Jun 16, 2015, at 12:08 PM, Chris G cgpr...@gmail.com javascript: wrote: Any updates on this? I also made the switch to 1.0 using the appliance ova. I was wondering how to upgrade to 1.1.2. Setup a new vm and then migrate configs? Thanks On Thursday, 4 June 2015 16:11:42 UTC-4, da...@wildcatracing.com wrote: Thanks I will give it a shot next week! I will update the post with my findings. On Thursday, June 4, 2015 at 1:55:27 PM UTC-6, Marius Sturm wrote: We have currently one report that stream alerts got lost during the update and need to re-configured. So please backup your installation before, but the update is possible without bigger manual migration steps. On 4 June 2015 at 20:35, da...@wildcatracing.com wrote: I am currently running an OVA version 1.0 I want to upgrade to 1.1 but don't know if it is a drop-in upgrade. there is a warning to verify that it is before proceeding as it will wipe out all your data. I don't want to wipe any data and cannot confirm or deny that it is or is not a drop-in. Thanks -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+u...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Steckelhörn 11 20457 Hamburg Germany https://www.graylog.com https://www.torch.sh/ Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to a topic in the Google Groups graylog2 group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/OyVYQJaiO6Q/unsubscribe. To unsubscribe from this group and all its topics, send an email to graylog2+u...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to a topic in the Google Groups graylog2 group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/OyVYQJaiO6Q/unsubscribe. To unsubscribe from this group and all its topics, send an email to graylog2+u...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Newbie Questin (Web Interface)
Hi,, SOMETIMES, the fields don't show up on the right (even when I select 'all') It appears here to, not having all the fields in for example a search. on data of all time. I just push the button below. The field that do appear is from data that is present mostly. On Friday, June 26, 2015 at 6:15:13 AM UTC+2, slhac tivist wrote: No one else had a problem with this? On Tuesday, June 23, 2015 at 4:04:05 PM UTC-5, slhac tivist wrote: Hello All, Just started using graylog. Love it. Read the docs, but still having this problem: 1) Using the web interface I made a TEST input, and setup some extractors. 2) From System|Inputs I select Messages from this input for TEST. Great. Here's the problem: 1) SOMETIMES, the fields don't show up on the right (even when I select 'all') 2) SOMETIMES, the Regex will work fine in the Extractormenu, but won't work when viewing the messages. Probably an easy fix, but I can't figure this out. So if anyone has any idea or suggestions, I'm all ears! :p Thanks in advance! -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Graylog2 vs. Graylogv1.1.2
Hello everyone, Is graylog2 == graylogv1.1.2? How can I tell what version I have? I know this is simple, but I can't figure it out! I'm working on a production system right now, and no man pages or *ctl utilities have been installed (and I'd rather not start mucking about). All the configuration files and scripts reference graylog2 ... but the site just announced graylog . 1.1.3?!? Please help! Thanks -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Newbie Questin (Web Interface)
Logging in/out of the web-gui doesn't seem to help. On Friday, June 26, 2015 at 12:03:53 PM UTC-5, slhac tivist wrote: Well after fiddling with the web-gui a bit I think I can describe the problem more specifically: After I make an extractor (that should 100% work E.g. extract first 5 chars from any message) and then go to: System | Inputs | View Messages From This Input The field I created for the extractor doesn't appear in the bar to the right. (Though other extractor fields I've made in the past do show up). Is there some kind of delay, where it takes graylog a while to update? Anyone know? On Friday, June 26, 2015 at 9:12:52 AM UTC-5, Arie wrote: Hi,, SOMETIMES, the fields don't show up on the right (even when I select 'all') It appears here to, not having all the fields in for example a search. on data of all time. I just push the button below. The field that do appear is from data that is present mostly. On Friday, June 26, 2015 at 6:15:13 AM UTC+2, slhac tivist wrote: No one else had a problem with this? On Tuesday, June 23, 2015 at 4:04:05 PM UTC-5, slhac tivist wrote: Hello All, Just started using graylog. Love it. Read the docs, but still having this problem: 1) Using the web interface I made a TEST input, and setup some extractors. 2) From System|Inputs I select Messages from this input for TEST. Great. Here's the problem: 1) SOMETIMES, the fields don't show up on the right (even when I select 'all') 2) SOMETIMES, the Regex will work fine in the Extractormenu, but won't work when viewing the messages. Probably an easy fix, but I can't figure this out. So if anyone has any idea or suggestions, I'm all ears! :p Thanks in advance! -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: [ANNOUNCE] Graylog v1.1.3 has been released
How can I upgrade from graylog2 to graylogv1.1.3? On Friday, June 26, 2015 at 11:51:55 AM UTC-5, Mathieu Grzybek wrote: Hi, You can limit elastic search's access using Nginx / apache / varnish as reverse proxy. Mathieu Le 26 juin 2015 16:07, Arie satya...@gmail.com javascript: a écrit : They have just come out with shield for that: https://www.elastic.co/downloads/shield On Wednesday, June 24, 2015 at 10:20:46 PM UTC+2, Sreenath V wrote: Super. Appreciate if this message is added as part of release notes for upcoming releases... Thank you so much...We are already live in production since 1 weeks and are seeing 1k+ messages per second. So far so good. Only thing missing is data security/protection from Elastic Search ;-( On Wednesday, June 24, 2015 at 2:22:42 AM UTC-7, Jochen Schalanda wrote: Hi Sreenath, Graylog 1.1.3 is a drop-in replacement for Graylog 1.1.2 (and any other Graylog 1.1.x version). There have been no changes to the configuration file. Cheers, Jochen On Wednesday, 24 June 2015 05:44:55 UTC+2, Sreenath V wrote: Upgrading from 1.1.2 to 1.1.3, was there any changes in config files ? Can you blindly copy the config files from 1.1.2 to 1.1.3 ? On Friday, June 19, 2015 at 9:41:02 AM UTC-7, lennart wrote: Hey everybody, I am happy to announce that we just released Graylog v.1.1.3. This release is addressing several bugs and brings numerous improvements: * https://www.graylog.org/graylog-v1-1-3-is-now-available/ Thanks, Lennart -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+u...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Error: couldnot load source data
Ah-ha! You're absolutely right! It was the naming that threw me off. I found the server.log and was expecting to find a web.log, and skipped the application* files. Thanks! On Friday, June 26, 2015 at 3:29:25 AM UTC-5, Jochen Schalanda wrote: Hi, if you've installed graylog-server and graylog-web-interface with our official OS packages, you will find the logs at /var/log/graylog-server/server.log and /var/log/graylog-web/application.*.log respectively. Cheers, Jochen On Friday, 26 June 2015 06:12:11 UTC+2, slhac tivist wrote: I'm having trouble finding any documentation for the graylog-web-interface! Where to the error logs for graylog-web-interface get dumped? On Thursday, June 25, 2015 at 8:49:42 AM UTC-5, Jochen Schalanda wrote: Hi Ranjeet, please check the error logs of graylog-server and graylog-web-interface for error messages and post them here (or on https://gist.github.com/). Cheers, Jochen On Thursday, 25 June 2015 15:45:23 UTC+2, Ranjeet Perchani wrote: Hello fellows, I am using Graylog1.1.2, graylog-web-interface-1.1.2, elasticsearch-1.6.0 and mongodb-3.0, Java-8. I am getting following error: when I try to access the Soruces button on the web interface. Could not load sources data Loading of sources data failed with status: Internal Server Error. Try reloading the page. I have tried to restart the graylog-server ang graylog-web service but to no avail. Does any know what this error relates to? Thanks. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Regex Parser / Extraction
Hi there. I'm having similar troubles. The link below has been a valuable resource: http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html#cg as it seems to be consistent with graylog regex interpretation. I'm still getting used to it, but here are some examples we've been using: 1) Given message: Security violation on port xyz (port [^\s]*) extracts any number of non-whitespace characters after the space after the string port 2) Given a message with a MAC (?i)(\p{Alnum}*\.\p{Alnum}*\.\p{Alnum}*) extracts MAC of the form 1234.5678.abcd 3) Given a message that gets appended with a device id like Security violation ... device (0010c5bb73) (\([^\s]*\)$) extracts a parenthesis, followed by non-whitepace chars, followed by parenthesis, followed by end-of-line Hope this helps. What I can't figure out is this: How do I extract a regex like this: Line doesn't begin with string Security Line doesn't begin with string Security AND line doesn't begin with string Error Anyone have any ideas? On Monday, June 22, 2015 at 2:38:47 AM UTC-5, joeg...@gmail.com wrote: Hello All, I am fairly new to this setup, and am not finding any detailed documentation on how to leverage the regex extractors for normalizing my logs. Does anybody have any decent tutorials for this? I am curious as to what all fields I can extract my logs out towards, along with how to encapsulate the fields in the regex? Perhaps someone could help post some examples, that would be great! -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] graylog OVA 1.1 upgrade
Shouldn't matter, just download the tgz files from https://www.graylog.org/download-graylog/ and then update the folders. On Thu, Jun 25, 2015 at 1:20 PM, danachamp...@gmail.com wrote: Ok, How did you do this? I just ran through the instructions on the website which were the following: wget https://packages.graylog2.org/releases/graylog2-omnibus/ubuntu/graylog_latest.deb sudo graylog-ctl stop sudo dpkg -G -i graylog_latest.deb sudo graylog-ctl reconfigure and it still says its version 1.0? any ideas? On Tuesday, June 16, 2015 at 7:41:15 PM UTC-6, Chris G wrote: I did the update tonight, everything went smooth and I had no issues. Pretty easy actually; just unzipped packages then renamed old directories for server and web to have _old at end. Then renamed new folders to match server and web i believe then started services again. On Tue, Jun 16, 2015 at 9:10 PM, Dana Champine da...@wildcatracing.com wrote: I am out of the office until Monday I planned to do it then. Will update asap. Sent from my iPhone On Jun 16, 2015, at 12:08 PM, Chris G cgpr...@gmail.com wrote: Any updates on this? I also made the switch to 1.0 using the appliance ova. I was wondering how to upgrade to 1.1.2. Setup a new vm and then migrate configs? Thanks On Thursday, 4 June 2015 16:11:42 UTC-4, da...@wildcatracing.com wrote: Thanks I will give it a shot next week! I will update the post with my findings. On Thursday, June 4, 2015 at 1:55:27 PM UTC-6, Marius Sturm wrote: We have currently one report that stream alerts got lost during the update and need to re-configured. So please backup your installation before, but the update is possible without bigger manual migration steps. On 4 June 2015 at 20:35, da...@wildcatracing.com wrote: I am currently running an OVA version 1.0 I want to upgrade to 1.1 but don't know if it is a drop-in upgrade. there is a warning to verify that it is before proceeding as it will wipe out all your data. I don't want to wipe any data and cannot confirm or deny that it is or is not a drop-in. Thanks -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+u...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Steckelhörn 11 20457 Hamburg Germany https://www.graylog.com https://www.torch.sh/ Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to a topic in the Google Groups graylog2 group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/OyVYQJaiO6Q/unsubscribe. To unsubscribe from this group and all its topics, send an email to graylog2+u...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to a topic in the Google Groups graylog2 group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/OyVYQJaiO6Q/unsubscribe. To unsubscribe from this group and all its topics, send an email to graylog2+u...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to a topic in the Google Groups graylog2 group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/graylog2/OyVYQJaiO6Q/unsubscribe. To unsubscribe from this group and all its topics, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.