[graylog2] ldap-login only if user in a special group
Hello
is it possible to configure Graylog to check if the user in a special
group? We don't use the overlay MemberOf.
Maybe somthing like this:
GroupDN: cn=Graylog-Agents,cn=groups,dc=example,dc=de
AccessAttr: memberUid
thanks for help!
When i try
Search base DN= 'cn=Graylog-Agents,cn=groups,dc=example,dc=de' (the group)
User Search Pattern= '(memberUid={0})'
and i do a User Check it find my login but he said invalid credentials
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/85379709-24c7-4136-825d-acfd615e0d60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] ldap-login only if user in a special group
Hello is it possible to configure Graylog to check if the user in a special group? We don't use the overlay MemberOf. Maybe somthing like this: GroupDN: cn=Graylog-Agents,cn=groups,dc=example,dc=de AccessAttr: memberUid thanks for help! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b0f40221-3325-4b05-ae51-c45b77d42b6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Required disk space for a new graylog2 installation unter Linux...
Hi Group, I'm new to graylog2 and I would like to know, how much disk space is required for a small system with up to *15 server* and a log volume about * * 1,200,000 messages* ** in 7 days* Is there a formula to calculate the disk space? Thank you! Klaus. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d5c7c967-2692-49da-a5d6-f516d8949437%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Get some error at Search page on Graylog Web Interface
Hi,
please check the logs of your Graylog server node(s) for the reason of the
internal server error (HTTP response status 500).
Cheers,
Jochen
On Monday, 2 November 2015 08:05:55 UTC+1, Exzitep wrote:
>
> Hi All,
>
> After install graylog2 on Ubuntu 14.04. I got an error when went to
> 'Search' tab on the web interface.
> =
> Oh no, something went wrong!
>
> (You caused a org.graylog2.restclient.lib.APIException. API call failed
> GET http://@
> 127.0.0.1:12900/search/universal/relative?offset=0=*=100=300=timestamp:desc_type=relative
>
> returned 500 Internal Server Error body:
> {"type":"ApiError","message":"waited for [30s]"})
>
> *Reason:* There was a problem with your search. We expected HTTP 200, but
> got a HTTP 500.
>
>
> Stacktrace
>
> org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder#handleResponse
> (ApiClientImpl.java:511)
> org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder#execute
> (ApiClientImpl.java:441)
> org.graylog2.restclient.models.UniversalSearch#doSearch
> (UniversalSearch.java:115)
> org.graylog2.restclient.models.UniversalSearch#search
> (UniversalSearch.java:147)
> controllers.SearchController#renderSearch (SearchController.java:193)
> controllers.SearchController#index (SearchController.java:126)
> Routes$$anonfun$routes$1$$anonfun$applyOrElse$7$$anonfun$apply$455#apply
> (routes_routing.scala:1645)
> Routes$$anonfun$routes$1$$anonfun$applyOrElse$7$$anonfun$apply$455#apply
> (routes_routing.scala:1645)
> play.core.Router$HandlerInvokerFactory$$anon$4#resultCall
> (Router.scala:264)
> play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1#invocation
>
> (Router.scala:255)
> play.core.j.JavaAction$$anon$1#call (JavaAction.scala:55)
> play.GlobalSettings$1#call (GlobalSettings.java:67)
> play.mvc.Security$AuthenticatedAction#call (Security.java:44)
> play.core.j.JavaAction$$anonfun$11#apply (JavaAction.scala:82)
> play.core.j.JavaAction$$anonfun$11#apply (JavaAction.scala:82)
> scala.concurrent.impl.Future$PromiseCompletingRunnable#liftedTree1$1
> (Future.scala:24)
> scala.concurrent.impl.Future$PromiseCompletingRunnable#run
> (Future.scala:24)
> play.core.j.HttpExecutionContext$$anon$2#run
> (HttpExecutionContext.scala:40)
> play.api.libs.iteratee.Execution$trampoline$#execute (Execution.scala:46)
> play.core.j.HttpExecutionContext#execute (HttpExecutionContext.scala:32)
> scala.concurrent.impl.Future$#apply (Future.scala:31)
> scala.concurrent.Future$#apply (Future.scala:485)
> play.core.j.JavaAction$class#apply (JavaAction.scala:82)
> play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1#apply
>
> (Router.scala:252)
> play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5#apply
> (Action.scala:130)
> play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5#apply
> (Action.scala:130)
> play.utils.Threads$#withContextClassLoader (Threads.scala:21)
> play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4#apply
> (Action.scala:129)
> play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4#apply
> (Action.scala:128)
> scala.Option#map (Option.scala:145)
> play.api.mvc.Action$$anonfun$apply$1#apply (Action.scala:128)
> play.api.mvc.Action$$anonfun$apply$1#apply (Action.scala:121)
> play.api.libs.iteratee.Iteratee$$anonfun$mapM$1#apply (Iteratee.scala:483)
> play.api.libs.iteratee.Iteratee$$anonfun$mapM$1#apply (Iteratee.scala:483)
> play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1#apply
> (Iteratee.scala:519)
> play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1#apply
> (Iteratee.scala:519)
> play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14#apply
> (Iteratee.scala:496)
> play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14#apply
> (Iteratee.scala:496)
> scala.concurrent.impl.Future$PromiseCompletingRunnable#liftedTree1$1
> (Future.scala:24)
> scala.concurrent.impl.Future$PromiseCompletingRunnable#run
> (Future.scala:24)
> akka.dispatch.TaskInvocation#run (AbstractDispatcher.scala:41)
> akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask#exec
> (AbstractDispatcher.scala:393)
> scala.concurrent.forkjoin.ForkJoinTask#doExec (ForkJoinTask.java:260)
> scala.concurrent.forkjoin.ForkJoinPool$WorkQueue#runTask
> (ForkJoinPool.java:1339)
> scala.concurrent.forkjoin.ForkJoinPool#runWorker (ForkJoinPool.java:1979)
> scala.concurrent.forkjoin.ForkJoinWorkerThread#run
> (ForkJoinWorkerThread.java:107)
>
> Request information Method GET Query
>
>
> Referer http://10.0.1.54:9000/system?page=0 Connection keep-alive Accept
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language en-US,en;q=0.5 Accept-Encoding gzip, deflate User-Agent
> Mozilla/5.0
> (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0 Host
> 10.0.1.54:9000
>
--
You received this message because you are subscribed to the Google
[graylog2] Re: Required disk space for a new graylog2 installation unter Linux...
Hi Klaus, unfortunately it's not that easy to calculate the exact disk space requirement for the given numbers. For example your log messages could be as small as a few bytes and as big as several kilobytes or even megabytes. Additionally it's important how heterogenous the log messages are. If they are identical for the most part, they take less disk space than if they have large entropy. And last but not least the inverted index being used for full text searches by Elasticsearch/Lucene might grow or shrink in size over the lifetime of the indices (due to cleanup operations, segment merges, etc.). If we guess that the log messages are 1 kilobyte in size on average, you might need between 16 and 32 gigabytes of disk space (1,024 bytes * 1,200,000 messages * 7 days * 2 replicas), but that's totally rule of thumb and you'll have to try it yourself and monitor the setup closely. Cheers, Jochen On Monday, 2 November 2015 09:57:19 UTC+1, kl...@tachtler.net wrote: > > Hi Group, > > I'm new to graylog2 and I would like to know, how much disk space is > required for a small system with up to *15 server* and a log volume about > > * * 1,200,000 messages* > ** in 7 days* > > Is there a formula to calculate the disk space? > > > Thank you! > Klaus. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f56c5571-fb0c-49fd-85bd-b73c9c0fece7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: ldap-login only if user in a special group
This "User Search Pattern" works for us:
(&(memberof=CN=graylog
user,OU=groups,OU=company,DC=subdomain,DC=domain,DC=com)(sAMAccountName={0}))
give it a try
Denny
Am Montag, 2. November 2015 09:18:04 UTC+1 schrieb Stefan Krüger:
>
> Hello
>
> is it possible to configure Graylog to check if the user in a special
> group? We don't use the overlay MemberOf.
> Maybe somthing like this:
> GroupDN: cn=Graylog-Agents,cn=groups,dc=example,dc=de
> AccessAttr: memberUid
>
> thanks for help!
>
> When i try
> Search base DN= 'cn=Graylog-Agents,cn=groups,dc=example,dc=de' (the group)
> User Search Pattern= '(memberUid={0})'
>
> and i do a User Check it find my login but he said invalid credentials
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/2b33d90f-e390-48dd-9f22-ead698cf5c43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] JSON timestamp - is Drools a solution?
We are ingesting a large amount of log data that is JSON formatted. There is a timestamp field in the JSON blob that doesn't meet the format that the core JSON extractor expects. In considering how to fix this, I have a number of questions. I hoping that collectively you might know the answers: 1) Where in the codebase does the JSON extractor list possible field names that it might consider to be a message timestamp (can't quite see this). 2) Are Drools rules applied prior to extractors running i.e. could we munge the input with Drools? 3) In the event that no timestamp is identified in the message, what timestamp is recorded? When the collector reads the line, when the server receives the lines, or when it is written to the ES index? 4) If we modified the JSON extractor to optionally allow the same type of flexible date matching as permitted in the regex extractor (Flexible date converter), is the graylog project typically receptive to PRs? I wouldn't want to be out of sync with upstream for a long, or potentially indefinite, period. Many thanks! Patrick -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e37c47ca-7809-4dd8-96e4-fbdef898ae01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
