Re: [graylog2] Re: Graylog v2.0: Setting IP of web interface

[Roland Hill]

Hi,

Graylog v2x supports ES v2x, but note that Graylog v2x is an Alpha release.

Graylog 1x does not support ES v2x as you correctly read in the documents.

--
Regards,

Roland
On 9/02/2016 7:39 pm, "Shrawan Bhagwat"  wrote:

> Hi All,
>
> I have a query here.
> As mentioned in the documentation of Graylog, Elasticsearch -2.0x is not
> supportable.
>
> Then how on Ubuntu it's working?
>
> Regards,
> Shrawan
>
> On Monday, 8 February 2016 14:35:23 UTC+5:30, Jochen Schalanda wrote:
>>
>> Hi Roland,
>>
>> you can change the network interface the Graylog web interface is
>> listening on using the web_listen_uri configuration setting in your
>> graylog.conf file (see
>> https://github.com/Graylog2/graylog2-server/blob/2.0.0-alpha.1/graylog2-server/src/main/java/org/graylog2/Configuration.java#L53-L54
>> ).
>>
>>
>> Cheers,
>> Jochen
>>
>> On Sunday, 7 February 2016 20:21:08 UTC+1, Roland Hill wrote:
>>>
>>> Hi,
>>>
>>> I have just migrated from 1.3.3 to v2.0 alpha using the tarball on a
>>> Ubuntu 15.10 system.
>>>
>>> This is just a home system; nothing mission critical.
>>>
>>> Elasticsearch (v2.2.0) and graylog all start/healthy well but I can't
>>> seem to get to the web interface in my browser.
>>>
>>> The (hopefully) relevant portion of my log is here:
>>>
>>> 2016-02-08 08:13:36,784 INFO : org.glassfish.grizzly.http.server.
>>> NetworkListener - Started listener bound to [127.0.0.1:9000]
>>> 2016-02-08 08:13:36,786 INFO : org.glassfish.grizzly.http.server.
>>> HttpServer - [HttpServer] Started.
>>> 2016-02-08 08:13:36,787 INFO : org.graylog2.initializers.
>>> WebInterfaceService - Started Web Interface at 
>>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>>> NetworkListener - Started listener bound to [192.168.0.10:12900]
>>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>>> HttpServer - [HttpServer-1] Started.
>>> 2016-02-08 08:13:43,511 INFO : org.graylog2.shared.initializers.
>>> RestApiService - Started REST API at 
>>> 2016-02-08 08:13:43,520 INFO : org.graylog2.shared.initializers.
>>> ServiceManagerListener - Services are healthy
>>>
>>> From this I see my web interface is available at http://127.0.0.1:9000,
>>> however I need it to be the IP of the server.
>>>
>>> Where do I set this? I know I'm missing something obvious but can't put
>>> a finger on it!
>>>
>>> Thanks, and well done on the alpha release Graylog.
>>>
>>> --
>>> Roland Hill
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/b8a1a5b7-e6a1-4465-9bd1-320321ed56c2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CA%2BGGh2UQd096Y9Nyj6LS6JCPXhdwp2wNrD-5WDXaOH8K6pW3Bg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog v2.0: Setting IP of web interface

[Shrawan Bhagwat]

Hi All,

I have a query here.
As mentioned in the documentation of Graylog, Elasticsearch -2.0x is not 
supportable.

Then how on Ubuntu it's working?

Regards,
Shrawan

On Monday, 8 February 2016 14:35:23 UTC+5:30, Jochen Schalanda wrote:
>
> Hi Roland,
>
> you can change the network interface the Graylog web interface is 
> listening on using the web_listen_uri configuration setting in your 
> graylog.conf file (see 
> https://github.com/Graylog2/graylog2-server/blob/2.0.0-alpha.1/graylog2-server/src/main/java/org/graylog2/Configuration.java#L53-L54
> ).
>
>
> Cheers,
> Jochen
>
> On Sunday, 7 February 2016 20:21:08 UTC+1, Roland Hill wrote:
>>
>> Hi,
>>
>> I have just migrated from 1.3.3 to v2.0 alpha using the tarball on a 
>> Ubuntu 15.10 system.
>>
>> This is just a home system; nothing mission critical.
>>
>> Elasticsearch (v2.2.0) and graylog all start/healthy well but I can't 
>> seem to get to the web interface in my browser.
>>
>> The (hopefully) relevant portion of my log is here:
>>
>> 2016-02-08 08:13:36,784 INFO : org.glassfish.grizzly.http.server.
>> NetworkListener - Started listener bound to [127.0.0.1:9000]
>> 2016-02-08 08:13:36,786 INFO : org.glassfish.grizzly.http.server.
>> HttpServer - [HttpServer] Started.
>> 2016-02-08 08:13:36,787 INFO : org.graylog2.initializers.
>> WebInterfaceService - Started Web Interface at 
>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>> NetworkListener - Started listener bound to [192.168.0.10:12900]
>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>> HttpServer - [HttpServer-1] Started.
>> 2016-02-08 08:13:43,511 INFO : org.graylog2.shared.initializers.
>> RestApiService - Started REST API at 
>> 2016-02-08 08:13:43,520 INFO : org.graylog2.shared.initializers.
>> ServiceManagerListener - Services are healthy
>>
>> From this I see my web interface is available at http://127.0.0.1:9000, 
>> however I need it to be the IP of the server.
>>
>> Where do I set this? I know I'm missing something obvious but can't put a 
>> finger on it!
>>
>> Thanks, and well done on the alpha release Graylog.
>>
>> --
>> Roland Hill
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b8a1a5b7-e6a1-4465-9bd1-320321ed56c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Timezone confusion with Graylog install

[Eric Green]

Okay, I think setting the servers to UTC handled the storage side of 
things. However, the web side was still messed up until I changed the 
timezone in web.conf to UTC and restarted graylog-webserver. 

All seems to be functioning now, I watch the event stream and it's getting 
logged with the correct time. I'm thinking the handoff from syslog-ng to 
Graylog may have been what was confusing things on the service side, 
syslog-ng was already handing UTC times to Graylog (since the events were 
coming from the cloud, which operates in UTC because there's no "local" 
time there), and then Graylog assumed they were localtime syslogs and added 
another 8-hour offset to turn them into UTC.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d399cb35-c471-4b0e-b5b0-d4fbec36f6fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Timezone confusion with Graylog install

[Eric Green]

Syslog (in the syslog-ng log flatfile) generates this line then sends it 
via UDP to Graylog. I then want to process it into a stream matching 
'Completed rules on'. 

Feb  9 02:14:15 ip-10-100-2-136 
|vnn|INFO|quartzScheduler_Worker-11|services.com.viakoo.vnns.dbms.SiteStateQueueService|
 
Completed rules on site LaAvenida/77765889 company Acme Widget Co/50799808 
in 2.107sec. totaltime=5.382 sec

.

Okay, so here's the event from the Graylog log that's supposed to be going 
into a stream (I set an output to stdout to log the events). As you can 
see, the stream regexp matched the above:

2016-02-08T18:14:11.912-08:00 INFO  [LoggingOutput] Writing message:  
source: ip-10-2-4-21 | message: ip-10-2-4-21 
|vnn|INFO|quartzScheduler_Worker-1|services.com.viakoo.vnns.dbms.SiteStateQueueService|
 
Completed rules on site LaAvenida/77765889 company Acme Widget Co/50799808 
in 1.485sec. totaltime=4.965 sec. { api_thread: quartzScheduler_Worker-1 | 
perf_siteid: 77765889 | perf_companyname: Acme Widget Co | perf_totaltime: 
4.965 | perf_ruletime: 1.485 | gl2_source_node: 
7b0ccf7a-2d69-4217-b536-fcf19d574a42 | perf_sitename: LaAvenida | 
api_loglevel: INFO | gl2_remote_port: 37839 | gl2_remote_ip: 12.8.XXX.XXX | 
api_class: services.com.viakoo.vnns.dbms.SiteStateQueueService | timestamp: 
2016-02-09T02:13:32.000-08:00 | api_message: Completed rules on site 
LaAvenida/77765889 company Acme Widget Co/50799808 in 1.485sec. 
totaltime=4.965 sec. | api_timestamp: vnn | level: 6 | facility: user-level 
| _id: b6fb3a80-ced2-11e5-895e-525400e68097 | gl2_source_input: 
56afc86099323257c052444a | perf_companyid: 50799808 }


I look for the string "Completed Rules on site LaAvenida"  on Kibana in the 
Elasticsearch cluster: "No results found".

Hmm. Says to widen the search. So I do -- to widen it to the corresponding 
UTC time, and I get:


Then I check with the Mongo database and validate that this is the correct 
stream ID that corresponds to the stream I set up in Graylog. Yes, it is. 

So I go into Graylog into the Streams view:

"Nothing found in stream SitesProcessedProduction"

Hmm, that's not so useful. 

I look at the Query, and specifically at the timestamps within it (I asked 
for two hours of data):

  "range": {
"timestamp": {
  "from": "2016-02-09 00:38:09.164",
  "to": "2016-02-09 02:38:09.164",
  "include_lower": true,
  "include_upper": true
}


Huh. That should have matched. Still nothing. Then I go to the advanced 
settings and set it to search in the future:

  "range": {
"timestamp": {
  "from": "2016-02-08 20:40:32.818",
  "to": "2016-02-09 11:00:00.000",
  "include_lower": true,
  "include_upper": true
}
  }
},

And I get results:
February 9th 2016, 02:14:15.000 
message:ip-10-100-2-136 
|vnn|INFO|quartzScheduler_Worker-11|services.com.viakoo.vnns.dbms.SiteStateQueueService|
 Completed rules on site LaAvenida/77765889 company 
Acme Widget Co/50799808 in 2.107sec. totaltime=5.382 sec. api_thread:
quartzScheduler_Worker-11 perf_siteid:77,765,889 perf_companyname:Acme 
Widget Co perf_totaltime:5.382 perf_ruletime:2.107 gl2_source_node:
7b0ccf7a-2d69-4217-b536-fcf19d574a42 perf_sitename:LaAvenida api_loglevel:
INFOgl2_remote_port:37,839 gl2_remote_ip:12.8.XXX.XXX api_class:
services.com.viakoo.vnns.dbms.SiteStateQueueService timestamp:February 9th 
2016, 02:14:15.000 api_message:Completed rules on site LaAvenida/77765889 
company Acme Widget Co/50799808 in 2.107sec. totaltime=5.382 sec. 
api_timestamp:vnn level:6facility:user-level _id:
d0c87401-ced2-11e5-895e-525400e68097 source:ip-10-100-2-136 
gl2_source_input:56afc86099323257c052444a perf_companyid:50,799,808 streams:
56b8226199320b2eb5538266 _type:message _index:graylog2_28

Yep, that's my message alright -- logged properly in UTC time, like 
ElasticSearch is supposed to do. I expand to see the JSON and get the 
stream ID out of it:

"streams": [   "56b8226199320b2eb5538266" ]
*2016-02-09 02:14:12.000* ip-10-2-4-67

ip-10-2-4-67 
|vnn|INFO|quartzScheduler_Worker-12|services.com.viakoo.vnns.dbms.SiteStateQueueService|
 
Completed rules on site LaAvenida/77765889 company Acme Widget Co/50799808 
in 1.71sec. totaltime=2.156 sec. 
Permalink 
Copy
 
ID
Test against stream 
 ced90010-ced2-11e5-895e-525400e68097 

Received by*Syslog UDP* on  7b0ccf7a / 12.8.243.244 

Stored in indexgraylog2_28Routed into streams
   
   - SitesProcessedProduction 
   

[graylog2] Re: Web interface not connecting, mongodb down

[Obie]

Here's some log info...

2016-02-08_21:41:56.23058 2016-02-08T16:41:56.230-0500 [initandlisten] 
MongoDB starting : pid=13559 port=27017 
dbpath=/var/opt/graylog/data/mongodb 64-bit host=graylog
2016-02-08_21:41:56.23069 2016-02-08T16:41:56.230-0500 [initandlisten] db 
version v2.6.4
2016-02-08_21:41:56.23072 2016-02-08T16:41:56.230-0500 [initandlisten] git 
version: 3a830be0eb92d772aa855ebb711ac91d658ee910
2016-02-08_21:41:56.23075 2016-02-08T16:41:56.230-0500 [initandlisten] 
build info: Linux build7.nj1.10gen.cc 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri 
Jan 3 21:39:27 UTC 2014 x86_64 BOOST_LIB_VERSION=1_49
2016-02-08_21:41:56.23078 2016-02-08T16:41:56.230-0500 [initandlisten] 
allocator: tcmalloc
2016-02-08_21:41:56.23081 2016-02-08T16:41:56.230-0500 [initandlisten] 
options: { storage: { dbPath: "/var/opt/graylog/data/mongodb" } }
2016-02-08_21:41:56.23237 2016-02-08T16:41:56.232-0500 [initandlisten] 
journal dir=/var/opt/graylog/data/mongodb/journal
2016-02-08_21:41:56.23257 2016-02-08T16:41:56.232-0500 [initandlisten] 
recover : no journal files present, no recovery needed
2016-02-08_21:41:56.23709 2016-02-08T16:41:56.237-0500 [initandlisten] 
2016-02-08_21:41:56.23712 2016-02-08T16:41:56.237-0500 [initandlisten] 
2016-02-08_21:41:56.23715 2016-02-08T16:41:56.237-0500 [initandlisten] need 
to upgrade database local with pdfile version 4.21, new version: 4.5
2016-02-08_21:41:56.23718 2016-02-08T16:41:56.237-0500 [initandlisten]   
Not upgrading, exiting
2016-02-08_21:41:56.23721 2016-02-08T16:41:56.237-0500 [initandlisten]   
run --upgrade to upgrade dbs, then start again
2016-02-08_21:41:56.23723 2016-02-08T16:41:56.237-0500 [initandlisten] 
2016-02-08_21:41:56.23726 2016-02-08T16:41:56.237-0500 [initandlisten] 
dbexit: 
2016-02-08_21:41:56.23729 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: going to close listening sockets...
2016-02-08_21:41:56.23732 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: going to flush diaglog...
2016-02-08_21:41:56.23734 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: going to close sockets...
2016-02-08_21:41:56.23741 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: waiting for fs preallocator...
2016-02-08_21:41:56.23744 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: lock for final commit...
2016-02-08_21:41:56.23747 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: final commit...
2016-02-08_21:41:56.23751 2016-02-08T16:41:56.237-0500 [initandlisten] 
shutdown: closing all files...
2016-02-08_21:41:56.23762 2016-02-08T16:41:56.237-0500 [initandlisten] 
closeAllFiles() finished
2016-02-08_21:41:56.23769 2016-02-08T16:41:56.237-0500 [initandlisten] 
journalCleanup...
2016-02-08_21:41:56.23772 2016-02-08T16:41:56.237-0500 [initandlisten] 
removeJournalFiles
2016-02-08_21:41:56.24015 2016-02-08T16:41:56.240-0500 [initandlisten] 
shutdown: removing fs lock...
2016-02-08_21:41:56.24058 2016-02-08T16:41:56.240-0500 [initandlisten] 
dbexit: really exiting now

>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/007b4344-25d9-4c76-9e49-be6c6453b822%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Does Graylog2 have an input that reads from Kafka?

[Tech Id]

Hi,

We have lots of log-data being pumped into Kafka topics and it goes onto 
Hadoop for Hive querying.
Now we want to push the same into graylog2.

So I was wondering if graylog2 has a kafka-reader-plugin (input) ?
Please point me to the same if so.

Thanks
T.Id

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7f116834-707a-46fc-91f5-bc5d49ab5309%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Web interface not connecting, mongodb down

[Obie]

I tried an upgrade to the appliance today and it failed miserably. When I 
reverted to snapshot, I can no longer connect.

Graylog Web Interface is disconnected.

The web interface was unable to connect to any Graylog node in the cluster 
so far.

Please check that the configured nodes shown on the left hand side are 
correct and that the servers are reachable.

Discovered nodes

None of the configured nodes could be reached recently.







ubuntu@graylog:/$ sudo graylog-ctl status
run: elasticsearch: (pid 20897) 2522s; run: log: (pid 1070) 5154s
down: etcd: 1s, normally up, want up; run: log: (pid 1067) 5155s
run: graylog-server: (pid 19289) 18s; run: log: (pid 1071) 5154s
run: graylog-web: (pid 20930) 2522s; run: log: (pid 1072) 5154s
run: mongodb: (pid 19514) 0s; run: log: (pid 1068) 5155s
run: nginx: (pid 21019) 2520s; run: log: (pid 1069) 5155s
ubuntu@graylog:/$ 


I presume the issue is that mongodb is not starting. Any ideas on what to 
try?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1d36ec10-3897-417d-9cbb-b50622cfe9eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog v2.0: Setting IP of web interface

[Roland Hill]

Thanks Jochen. I can access the Web UI now. Appreciate the link to
reference too.

--
Regards,

Roland

On Mon, Feb 8, 2016 at 10:05 PM, Jochen Schalanda 
wrote:

> Hi Roland,
>
> you can change the network interface the Graylog web interface is
> listening on using the web_listen_uri configuration setting in your
> graylog.conf file (see
> https://github.com/Graylog2/graylog2-server/blob/2.0.0-alpha.1/graylog2-server/src/main/java/org/graylog2/Configuration.java#L53-L54
> ).
>
>
> Cheers,
> Jochen
>
> On Sunday, 7 February 2016 20:21:08 UTC+1, Roland Hill wrote:
>>
>> Hi,
>>
>> I have just migrated from 1.3.3 to v2.0 alpha using the tarball on a
>> Ubuntu 15.10 system.
>>
>> This is just a home system; nothing mission critical.
>>
>> Elasticsearch (v2.2.0) and graylog all start/healthy well but I can't
>> seem to get to the web interface in my browser.
>>
>> The (hopefully) relevant portion of my log is here:
>>
>> 2016-02-08 08:13:36,784 INFO : org.glassfish.grizzly.http.server.
>> NetworkListener - Started listener bound to [127.0.0.1:9000]
>> 2016-02-08 08:13:36,786 INFO : org.glassfish.grizzly.http.server.
>> HttpServer - [HttpServer] Started.
>> 2016-02-08 08:13:36,787 INFO : org.graylog2.initializers.
>> WebInterfaceService - Started Web Interface at 
>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>> NetworkListener - Started listener bound to [192.168.0.10:12900]
>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>> HttpServer - [HttpServer-1] Started.
>> 2016-02-08 08:13:43,511 INFO : org.graylog2.shared.initializers.
>> RestApiService - Started REST API at 
>> 2016-02-08 08:13:43,520 INFO : org.graylog2.shared.initializers.
>> ServiceManagerListener - Services are healthy
>>
>> From this I see my web interface is available at http://127.0.0.1:9000,
>> however I need it to be the IP of the server.
>>
>> Where do I set this? I know I'm missing something obvious but can't put a
>> finger on it!
>>
>> Thanks, and well done on the alpha release Graylog.
>>
>> --
>> Roland Hill
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/7d716515-1b41-4119-b3fb-1b698a12ee2c%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CA%2BGGh2X-VA9WQTC27XwKB%2BH9899r7mwWE4GyZD%3DEDF%3Dxr1vPLQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog v2.0: Setting IP of web interface

[Roland Hill]

Perfect - thanks Johan!

--
Regards,

Roland

On Mon, Feb 8, 2016 at 9:05 PM, JohanE  wrote:

> Hi Roland,
> Just add:
> web_listen_uri = http://0.0.0.0:9000/
> in server.conf
>
> //johan
>
> Den söndag 7 februari 2016 kl. 20:21:08 UTC+1 skrev Roland Hill:
>>
>> Hi,
>>
>> I have just migrated from 1.3.3 to v2.0 alpha using the tarball on a
>> Ubuntu 15.10 system.
>>
>> This is just a home system; nothing mission critical.
>>
>> Elasticsearch (v2.2.0) and graylog all start/healthy well but I can't
>> seem to get to the web interface in my browser.
>>
>> The (hopefully) relevant portion of my log is here:
>>
>> 2016-02-08 08:13:36,784 INFO : org.glassfish.grizzly.http.server.
>> NetworkListener - Started listener bound to [127.0.0.1:9000]
>> 2016-02-08 08:13:36,786 INFO : org.glassfish.grizzly.http.server.
>> HttpServer - [HttpServer] Started.
>> 2016-02-08 08:13:36,787 INFO : org.graylog2.initializers.
>> WebInterfaceService - Started Web Interface at 
>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>> NetworkListener - Started listener bound to [192.168.0.10:12900]
>> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
>> HttpServer - [HttpServer-1] Started.
>> 2016-02-08 08:13:43,511 INFO : org.graylog2.shared.initializers.
>> RestApiService - Started REST API at 
>> 2016-02-08 08:13:43,520 INFO : org.graylog2.shared.initializers.
>> ServiceManagerListener - Services are healthy
>>
>> From this I see my web interface is available at http://127.0.0.1:9000,
>> however I need it to be the IP of the server.
>>
>> Where do I set this? I know I'm missing something obvious but can't put a
>> finger on it!
>>
>> Thanks, and well done on the alpha release Graylog.
>>
>> --
>> Roland Hill
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/9a90d3f6-2020-4a66-aabd-6473c496cd63%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CA%2BGGh2U3s8L1BSncWZ7Zj0OPo037jhx3HjkwyqoN55VoDoVNig%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog 2.0.0 alpha - can't log into web-gui

[thePretender]

- tar ball, not OVA
- Yes, wasn't a problem with 1.3.2
- No, tested with HTTPS with same result

This is the output from the console:

"Download the React DevTools for a better development experience: 
https://fb.me/react-devtools"; vendor.js:402:1688
unreachable code after return statement app.f09f6a84a11bb9a40b39.js:4773:4
unreachable code after return statement app.f09f6a84a11bb9a40b39.js line 7 
> eval:4773:4
mutating the [[Prototype]] of an object will cause your code to run very 
slowly; instead create the object with the correct initial [[Prototype]] 
value using Object.create app.f09f6a84a11bb9a40b39.js line 1 > eval:19:415
Password fields present on an insecure (http://) page. This is a security 
risk that allows user login credentials to be stolen.[Learn More] 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1c732455-02ee-4c23-82af-d90eb2f0c717%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] MongoDB, replica-set, readPreference=secondary: no login possible

[Andreas Grüninger]

We use graylog 1.3.3, elasticsearch 1.7.4, mongodb 3.1.6, java 1.8, 
OpenIndiana (Illumos kernel from December 2015).
The last week we installed the stack for graylog in a 4 node cluster.
Each node has a zone with graylog and elasticsearch and a zone with mongodb.

Everything works so far.
We have  33 streams but the rate of incoming messages is low (about 700 
messages/s). We expect higher rates in the next weeks.
In mongodb we created a replicaset and defined it in the mongodb-uri.

The uris are:
mongodb_uri = 
mongodb://username:password@mongodb-s1:27017,mongodb-s2:27017,mongodb-s3:27017,mongodb-s4:27017/graylog?replicaSet=rs1&readPreference=primary
and
mongodb_uri = 
mongodb://username:password@mongodb-s1:27017,mongodb-s2:27017,mongodb-s3:27017,mongodb-s4:27017/graylog?replicaSet=rs1&readPreference=secondary

When I used the option "readPreference=secondary" the processing of 
messages is still working (elasticsearch writes new documents) but the 
login in the graylog-web-interface does not work anymore.
After the typing in of username/password and clicking on "Sign in" I am 
back on the login screen.
If I change "readPreference=secondary" to "readPreference=primary" (which 
is the default) the login works as it should.

I tried to use this option because I observed a very cpu usage of the 
mongodb process.
With "readPreference=primary" all writes and all reads go to the master

The output of mongostat is like this and I have no idea if 9349 read 
queries are normal for the processing of 700 messages:

  insert query update delete getmore command % dirty % used 
flushes  vsizeres qr|qw ar|aw netIn netOut conn set repl time
 localhost:27017*11*0*43 *0  3644|0 0.4
1.3   0 217.0M 193.0M   0|0   1|0   31k55k   12 kwh  SEC 14:03:45
mongodb-s1:27017 *0  9349 15  8 322   212|0 0.2
4.8   0 543.0M 379.0M   0|0   3|0  806k 7m  141 kwh  PRI 14:03:46
mongodb-s2:27017*11*0*41 *0   0 8|0 0.3
1.4   0 211.0M 191.0M   0|0   1|0  964b17k9 kwh  SEC 14:03:45
mongodb-s3:27017*11*0*40 *0   0 7|0 0.2
1.3   0 211.0M 191.0M   0|0   1|0  702b17k9 kwh  SEC 14:03:45
mongodb-s4:27017*11*0*43 *0  3742|0 0.4
1.3   0 217.0M 193.0M   0|0   1|0   30k55k   12 kwh  SEC 14:03:45

The mongodb process in mongodb-s1 used 25% of cpu which corresponds to 6 of 
24 logical cores. That is really too much.
When I changed the option to "readPreference=secondary" the reads are 
equally handled by the secondaries and the master handles only the writes. 
CPU usage on all 4 instances was then between 0 and 1%. And this was my 
expectation.

Do you have a clue why the mongodb master had this high rate of cpu usage?
Is there a chance to use "readPreference=secondary" and still having a 
login?

Regards

Andreas







-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/48782b60-29f2-4cbe-a8ef-bf70dce40287%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: API downloading file instead of displaying after 1.3.3 update

[Jochen Schalanda]

Hi Jeff,

make sure that you are providing a proper Accept HTTP header (i. e. Accept: 
application/json) with all your requests to the Graylog REST API.


Cheers,
Jochen

On Monday, 8 February 2016 18:08:40 UTC+1, Jeff Lounsbery wrote:
>
> I have updated to 1.3.3 on the OVA appliance and everything seems to be 
> working fine except the API calls. They are just downloading a file called 
> "relative" with the results in it instead of displaying the results in the 
> browser like it has before. Has anyone seen this happen before and know of 
> a resolution? Thank you.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d55e6f56-4921-4e12-929b-473131dd658b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] API downloading file instead of displaying after 1.3.3 update

[Jeff Lounsbery]

I have updated to 1.3.3 on the OVA appliance and everything seems to be 
working fine except the API calls. They are just downloading a file called 
"relative" with the results in it instead of displaying the results in the 
browser like it has before. Has anyone seen this happen before and know of 
a resolution? Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0848792e-a4b1-4fcf-b04c-321d689fa294%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog 2.0.0 alpha - can't log into web-gui

[Edmundo Alvarez]

Hi,

Thank you for testing version 2.0! We need more information to see where the 
problem is:
- Do you use an OVA?
- Is Graylog behind a firewall or proxy?
- Are you using HTTPS?

Please also attach any errors you see in your browser's console and/or Graylog 
server logs.

Regards,
Edmundo

> On 08 Feb 2016, at 17:53, thePretender  wrote:
> 
> Hi,
> 
> I'm messing around trying to get the alpha up and running, but i get this 
> error when trying to log in to the gui:
> Error - the server returned: undefined - Bad request
> I can't seem to able to find any corresponding errors in the log files, can 
> someone point me in the right direction?
> 
> mongodb v3.0.9
> elasticsearch v2.2.0 (cluster status green)
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/e8ec5f59-ed21-4877-af2a-eedd5a394b66%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/FBC56E89-04EC-4F3C-AAEC-B07F49EB0CF2%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog 2.0.0 alpha - can't log into web-gui

[Jochen Schalanda]

Hi,

are there any errors in the developer's console of your browser? How 
exactly did you set up Graylog 2.0.0-alpha.1 (e. g. using the tar-ball or 
one of the virtual appliances)?

   - Chrome: https://developer.chrome.com/devtools/docs/console
   - Firefox: 
   
https://developer.mozilla.org/en-US/docs/Tools/Web_Console/Opening_the_Web_Console
   - IE: https://msdn.microsoft.com/en-us/library/dn255006(v=vs.85).aspx
   

Cheers,
Jochen

On Monday, 8 February 2016 17:53:49 UTC+1, thePretender wrote:
>
> Hi,
>
> I'm messing around trying to get the alpha up and running, but i get this 
> error when trying to log in to the gui:
> Error - the server returned: undefined - Bad request
> I can't seem to able to find any corresponding errors in the log files, 
> can someone point me in the right direction?
>
> mongodb v3.0.9
> elasticsearch v2.2.0 (cluster status green)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6fb096cc-e0cf-45ae-85e2-51e76a8dd0cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog 2.0.0 alpha - can't log into web-gui

[thePretender]

Hi,

I'm messing around trying to get the alpha up and running, but i get this 
error when trying to log in to the gui:
Error - the server returned: undefined - Bad request
I can't seem to able to find any corresponding errors in the log files, can 
someone point me in the right direction?

mongodb v3.0.9
elasticsearch v2.2.0 (cluster status green)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e8ec5f59-ed21-4877-af2a-eedd5a394b66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Help sending logs from server journald to graylog

[Stephen Fox]

Messing with this issue again today.

Using: https://github.com/travelping/journal-gateway-gelf

I was able to get journal-gateway-gelf sending logs to graylog; however, it 
runs for a minute or two then dies with this error:

journal-gateway-gelf: ./src/journal-gateway-gelf.c:290: get_entry_string: 
Assertion `rc == 0' failed.
Aborted
Anyone else have experience with this error?

I'm surprised I don't see more on this google group about sending journald 
logs to graylog. What are people using to send journald logs to graylog?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3fd45a5e-8963-45b1-8ea7-3db1914b0dd1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [Graylog] Mysql

[kaiser]

Thank you Jochen, I ll give it a try.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/66f36a0f-5781-4540-b83a-0c6f75fcaed1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to auto-Run Logstash Service when server Reboot?

[Shrawan Bhagwat]

Hi Roger,

We are using following combinations:
MongoDB-86_64-rhel62-3.0.3
Logstash-1.5.4
Elasticsearch-1.7.2
Graylog-1.2.1
Redis-3.0.1

After installation of any of the component, services were not created 
automatically. :(

On Friday, 5 February 2016 19:22:32 UTC+5:30, Roger Guzman wrote:
>
> mmm... ok... how to install mongodb y elasticsearch? 
> when I install this the services were created automagically :D
> versions?
>
> El viernes, 5 de febrero de 2016, 3:08:42 (UTC-4:30), Shrawan Bhagwat 
> escribió:
>>
>> Hi Roger,
>>
>> I have no Idea of how to create service of elasticsearch and mongodb.
>> I have gone through the following doc: 
>> https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-service.html
>> But still i am unable to do this.
>> We are having chkconfig installed on servers.
>>
>> can you please help us with this?
>>
>> Thanks :)
>>
>> Regards,
>> Shrawan
>>
>> On Friday, 5 February 2016 00:38:18 UTC+5:30, Roger Guzman wrote:
>>>
>>> There must first be initiated elasticsearch and  mongodb services, this 
>>> can be secured with the following instructions:
>>>
>>> chkconfig mongodb on
>>> chkconfig elasticsearch on
>>>
>>> Note: you might need to install chkconfig
>>>
>>> Then you must set the start graylog-server and graylog-web as follows:
>>>
>>> systemctl enable graylog-server
>>> systemctl enable graylog-web
>>>
>>>
>>> This should be enough, reboot and cross your fingers: D
>>>
>>> --
>>>
>>> Primero deben haber iniciado los servicios mongodb y elasticsearch, esto 
>>> lo puedes asegurar con las siguientes intrucciones:
>>>
>>> chkconfig mongodb on
>>> chkconfig elasticsearch on
>>>
>>> Luego se debe configurar el inicio graylog-server y graylog-web de la 
>>> siguiente forma:
>>>
>>> systemctl enable graylog-server
>>> systemctl enable graylog-web
>>>
>>> Con esto debería bastar, reinicia y reza :D
>>>
>>> El jueves, 4 de febrero de 2016, 11:56:02 (UTC-4:30), Shrawan Bhagwat 
>>> escribió:

 Hi Roger,

 We are using LINUX and UNIX.
 Please guide us for these.

 Thanks. :)

 Regards,
 Shrawan



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cbe4c2c7-1d85-44c0-aef9-b70e44f72276%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [Graylog] Mysql

[Jochen Schalanda]

Hi,

the Graylog Marketplace currently only offers a JDBC output plugin (which 
also supports MySQL) and a simple script to periodically send the MySQL 
status information to Graylog: 
https://marketplace.graylog.org/addons?tag=mysql

There's a JDBC input plugin for logstash (
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-jdbc.html) 
which you could use to read the required data from MySQL and send the 
result to Graylog via GELF (
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-gelf.html).


Cheers,
Jochen

On Monday, 8 February 2016 10:44:41 UTC+1, kaiser wrote:
>
> Hello,
>
> I would like to get data in graylog from a mysql data base.
>
> Is this possible to connect to a mysql data base and send data to graylog?
>
> Regards.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d8b17a21-0dfe-46f6-b741-f49852824c20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [Graylog] Mysql

[kaiser]

Hello,

I would like to get data in graylog from a mysql data base.

Is this possible to connect to a mysql data base and send data to graylog?

Regards.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d496094b-1410-4b3c-9569-9929ccf678ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog v2.0: Setting IP of web interface

[Jochen Schalanda]

Hi Roland,

you can change the network interface the Graylog web interface is listening 
on using the web_listen_uri configuration setting in your graylog.conf file 
(see 
https://github.com/Graylog2/graylog2-server/blob/2.0.0-alpha.1/graylog2-server/src/main/java/org/graylog2/Configuration.java#L53-L54
).


Cheers,
Jochen

On Sunday, 7 February 2016 20:21:08 UTC+1, Roland Hill wrote:
>
> Hi,
>
> I have just migrated from 1.3.3 to v2.0 alpha using the tarball on a 
> Ubuntu 15.10 system.
>
> This is just a home system; nothing mission critical.
>
> Elasticsearch (v2.2.0) and graylog all start/healthy well but I can't seem 
> to get to the web interface in my browser.
>
> The (hopefully) relevant portion of my log is here:
>
> 2016-02-08 08:13:36,784 INFO : org.glassfish.grizzly.http.server.
> NetworkListener - Started listener bound to [127.0.0.1:9000]
> 2016-02-08 08:13:36,786 INFO : org.glassfish.grizzly.http.server.
> HttpServer - [HttpServer] Started.
> 2016-02-08 08:13:36,787 INFO : org.graylog2.initializers.
> WebInterfaceService - Started Web Interface at 
> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
> NetworkListener - Started listener bound to [192.168.0.10:12900]
> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
> HttpServer - [HttpServer-1] Started.
> 2016-02-08 08:13:43,511 INFO : org.graylog2.shared.initializers.
> RestApiService - Started REST API at 
> 2016-02-08 08:13:43,520 INFO : org.graylog2.shared.initializers.
> ServiceManagerListener - Services are healthy
>
> From this I see my web interface is available at http://127.0.0.1:9000, 
> however I need it to be the IP of the server.
>
> Where do I set this? I know I'm missing something obvious but can't put a 
> finger on it!
>
> Thanks, and well done on the alpha release Graylog.
>
> --
> Roland Hill
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7d716515-1b41-4119-b3fb-1b698a12ee2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog v2.0: Setting IP of web interface

[JohanE]

Hi Roland,
Just add:
web_listen_uri = http://0.0.0.0:9000/ 
in server.conf

//johan

Den söndag 7 februari 2016 kl. 20:21:08 UTC+1 skrev Roland Hill:
>
> Hi,
>
> I have just migrated from 1.3.3 to v2.0 alpha using the tarball on a 
> Ubuntu 15.10 system.
>
> This is just a home system; nothing mission critical.
>
> Elasticsearch (v2.2.0) and graylog all start/healthy well but I can't seem 
> to get to the web interface in my browser.
>
> The (hopefully) relevant portion of my log is here:
>
> 2016-02-08 08:13:36,784 INFO : org.glassfish.grizzly.http.server.
> NetworkListener - Started listener bound to [127.0.0.1:9000]
> 2016-02-08 08:13:36,786 INFO : org.glassfish.grizzly.http.server.
> HttpServer - [HttpServer] Started.
> 2016-02-08 08:13:36,787 INFO : org.graylog2.initializers.
> WebInterfaceService - Started Web Interface at 
> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
> NetworkListener - Started listener bound to [192.168.0.10:12900]
> 2016-02-08 08:13:43,510 INFO : org.glassfish.grizzly.http.server.
> HttpServer - [HttpServer-1] Started.
> 2016-02-08 08:13:43,511 INFO : org.graylog2.shared.initializers.
> RestApiService - Started REST API at 
> 2016-02-08 08:13:43,520 INFO : org.graylog2.shared.initializers.
> ServiceManagerListener - Services are healthy
>
> From this I see my web interface is available at http://127.0.0.1:9000, 
> however I need it to be the IP of the server.
>
> Where do I set this? I know I'm missing something obvious but can't put a 
> finger on it!
>
> Thanks, and well done on the alpha release Graylog.
>
> --
> Roland Hill
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9a90d3f6-2020-4a66-aabd-6473c496cd63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.