[graylog2] UDP Debugging

[David Arnold]

Hi 
I have the following docker-compose file, on top of docker-for-windows 0.12 
and rancher:
elasticsearch:
  command: elasticsearch -Des.cluster.name='graylog'
  image: elasticsearch:2
  volumes: ['graylog-elst:/usr/share/elasticsearch/data']
graylog:
  environment: {GRAYLOG_PASSWORD_SECRET: '${graylog_secret}', 
GRAYLOG_REST_TRANSPORT_URI: 'http://${graylog_fqdn}:12900',
GRAYLOG_ROOT_PASSWORD_SHA2: '${graylog_password}'}
  image: graylog2/server:2.1.0-beta.2-1
  labels: {io.rancher.container.hostname_override: container_name}
  links: ['mongodb:mongo', 'elasticsearch:elasticsearch']
  restart: always
  expose: ['12201/udp']
  volumes: ['graylog-data:/usr/share/graylog/data']
lb:
  image: rancher/load-balancer-service
  labels: {io.rancher.scheduler.global: 'true'}
  links: ['graylog:graylog']
  ports: ['9000:9000', '12900:12900', '12201:12201/udp', '12202:12202']
  restart: always
mongodb:
  image: mongo:3
  labels: {io.rancher.container.hostname_override: container_name}
  volumes: ['graylog-mngo:/data/db']


lb is rancher's haproxy 1.5 loadbalancer. From mi machine I can happily do:

curl -XPOST http://192.168.0.9:12202/gelf -p0 -d '{"short_message":"Hello 
there 2", "host":"example.org", "facility":"test", "_foo":"bar"}'

and hooray, everything as expected.

Now I start another container with 

gelf-address=udp://192.168.0.9:12201/gelf

Yet, there is an unbearable silence all over the place.

I really don't know quite well how to debug and see if graylog is accepting 
as expected.
So here is the question:

What can I do to enter the graylog docker and test the UDP Input?

I can't enter moby linux VM (docker-for-windows has blocked the access), 
but I can do those kind of stuff on localhost or from within a peer 
container as well.

Thank's for any help. I hit the point where I don't advance by myself 
anymore.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/406cf55e-eee3-4ab3-821d-bdc3ecb3df50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

make sure that you're editing the correct configuration file for 
Elasticsearch. Since both ES nodes do not pick up any settings from the 
configuration file (neither cluster name, nor node name, nor network 
settings), I'm suspecting that you're simply writing to the wrong file(s).

Cheers,
Jochen 

On Tuesday, 2 August 2016 19:59:28 UTC+2, Nathan Mace wrote:
>
> Jochen,
>
> I've looked over the config files and this thread (and then double 
> checked).  I've cleaned up the two config files for ES (removed all the 
> comments and posted here just the uncommented lines). I also added options 
> that seemed like they might help.  But the log files still show it trying 
> to bind port 9300 on 127.0.0.1.  I've done everything I know to do to make 
> it NOT use the loopback interface.  The config's as they exist now are:
>
> cluster.name: graylog
> node.name: node2
> node.master: false
> network.host: x.x.x.149
> network.publish_host: x.x.x.149
> transport.tcp.port: 9300
> http.port: 9200
> discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
> discovery.zen.minimum_master_nodes: 1
>
>
> cluster.name: graylog
> node.name: node1
> node.master: true
> network.host: x.x.x.146
> network.publish_host: x.x.x.146
> transport.tcp.port: 9300
> http.port: 9200
> discovery.zen.ping.unicast.hosts: ["x.x.x.149", "x.x.x.146"]
> discovery.zen.minimum_master_nodes: 1
>
> I am completely out of ideas.
>
>
> Nathan
>
>
>
> On Tuesday, August 2, 2016 at 12:48:39 PM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> it seems your Elasticsearch config is still wrong. Both nodes only bind 
>> to localhost:
>>
>> ES node 1:
>>> [2016-08-02 09:19:16,184][INFO ][transport ] [Betty Ross Banner] 
>>> publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {
>>> 127.0.0.1:9300}
>>>
>>  
>>
>> ES node 2:
>>> [2016-08-02 09:19:16,064][INFO ][transport ] [Invisible Woman] 
>>> publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {
>>> 127.0.0.1:9300}
>>
>>
>> I suggest you double check the configuration files and do the changes I 
>> suggested in the numerous mails before.
>>
>> Cheers,
>> Jochen
>>
>>
>> On Tuesday, 2 August 2016 18:43:16 UTC+2, Nathan Mace wrote:
>>>
>>> Please see attached files.  I got the elasticsearch.log file from 
>>> /var/log/elasticsearch on both nodes.  Additionally I got graylog.log from 
>>> the same location on both nodes.  Even though node 2 doesn't have graylog 
>>> installed it had a log file for it.  Not sure why that is.
>>>
>>> Thanks!
>>>
>>> Nathan
>>>
>>> On Tuesday, August 2, 2016 at 11:10:49 AM UTC-4, Jochen Schalanda wrote:

 Hi Nathan,

 please post the *complete* log files of your Elasticsearch and Graylog 
 nodes.

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 16:56:58 UTC+2, Nathan Mace wrote:
>
> Removing the leading whitespaces didn't help.
>
> However in looking through the logs I found this in the primary node's 
> graylog.log file:
>
> ConnectTransportException[[ansted-search-01][x.x.x.149:9300] 
> connect_timeout[30s]]; nested: ConnectException[Connection refused: 
> /x.x.x.149:9300];
> at 
> org.elasticsearch.transport.netty.NettyTransport.connectToChannels(NettyTransport.java:987)
> at 
> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:920)
> at 
> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:893)
> at 
> org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:260)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery.joinElectedMaster(ZenDiscovery.java:434)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery.innerJoinCluster(ZenDiscovery.java:386)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery.access$4800(ZenDiscovery.java:91)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery$JoinThreadControl$1.run(ZenDiscovery.java:1237)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
> It was repeated several times.  That is it trying to connect to the 
> second node on port 9300 and not being able to.  I see in the 
> documentation 
> that 9300 is the default port and I have nothing in either of the ES YML 
> files referencing that port number, so it seems to be all default.  If I 
> do 
> a netstat on both hosts they are both listening on port 9200 and 9300.  
> It 
> would seem that it is listening, but only allowing connections to 9300 
> from 
> localhost?  What would I need to change to allow a connect from the other 
> node?
>
> Nathan
>
> On Tuesday, August 2, 2016 at 10:22:44 AM UTC-4, Jochen Schalanda 
> wrote:
>>
>> Hi Nathan,
>>

Re: [graylog2] Graylog Sidecar reports "unable to map property tags"

[Marius Sturm]

Hi,
please create a new issue with all versions (Sidecar and Graylog server)
and some more log lines. This issue should already be fixed but I can take
another look.
Did you notice that the installation path on Windows systems changed? It
was installed in \Program Files(x86) even though it's a 64bit binary. Maybe
you still execute the old binary? Try the one in \Program Files to verify.

Cheers,
Marius


On 3 August 2016 at 00:19, Pete GS  wrote:

> I seem to be encountering this same issue with 0.0.9-beta-1.
>
> time="2016-08-03T08:13:26+10:00" level=error msg="[UpdateRegistration]
> Failed to
>  report collector status to server: PUT
> http://graylog.lab.melbourneit.com:12900
>
> /plugins/org.graylog.plugins.collector/collectors/628a678c-77eb-4aef-96f1-0bde93
> 19cd96: 400 Unable to map property tags.\nKnown properties include:
> operating_sy
> stem"
>
> I'm pretty sure everything is configured correctly and my Graylog
> environment is a fresh one installed two days ago with 2.0.3.
>
> Do you need me to open a new issue or update the existing issue opened by
> Jeremy?
>
> Cheers, Pete
>
> On Monday, 18 July 2016 23:15:31 UTC+10, Jeremy Farr wrote:
>>
>> Done.  https://github.com/Graylog2/collector-sidecar/issues/39
>>
>> On Monday, July 18, 2016 at 3:35:36 AM UTC-5, Marius Sturm wrote:
>>>
>>> Hi,
>>> could you please create an issue for that over here:
>>> https://github.com/Graylog2/collector-sidecar/issues
>>> Please add your collector_sidecar.yml file to the ticket.
>>>
>>> Thanks,
>>> Marius
>>>
>>>
>>> On 15 July 2016 at 20:25, Jeremy Farr  wrote:
>>>
 So I'm using nxlog and I've installed the graylog sidecar.  I'm
 manually starting it with my configuration file so I can monitor it.  Just
 after reporting that nxlog is starting it gives a 400 error related to the
 property tags.  I've attached the screen shot. I've changed the tag and
 ensured it's the same as what I've got in the config on the graylog side. I
 am using the alpha release of the collector just FYI.


 

 --
 You received this message because you are subscribed to the Google
 Groups "Graylog Users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to graylog2+u...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/graylog2/440c674f-b5ea-4315-9733-2e5c4429c41e%40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> --
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com 
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/24ed9163-b9f9-43f3-a444-f7ca94f7a0a4%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBb%2BiCbm3L-DtDbrNSLQ0C3Hp3rw-hppWNxRJ%2BT7TpJ66hg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

[Arief Hydayat]

On Monday, August 1, 2016 at 3:55:04 PM UTC+8, Aykisn wrote:
>
> You can't display logs in dashboard with graylog. So yeah if you want to 
> see what those warning logs are, you will need to use a query (don't know 
> what you meant by "1 by 1"though).
>

Hi Aykisn,
I mean 1 by 1 like I did above.
 

> Alternatives are stream dashboards or cli dashboards but I personally 
> sticked to just using queries in the search page (plus, if I'm not 
> mistaken, stream dashboard isn't supported anymore since you can now see 
> the logs in real time with the "update every x" in the dearch page).
>

Is the way I did OK? or Is there any other way or option?
Because not every person know how to do query or CLI dashboard. Sometimes 
when we click here and there it will make it unfriendly. :-D

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0cf68366-cc61-4f0d-84a8-bd708fc6fd62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Active Directory Settings

[Pete GS]

No problems at all Joshua, glad I could help!

And yes, essentially it looked like your search was being too specific.

The other part is the "cn=people". "cn" refers to an AD container eg. user
or group. "ou" refers to an AD Organisational Unit. So if "people" is
actually an OU, the syntax should be "ou=people".

In our Production environment I need to have a more direct base DN due to
the large structure, so I have to specify "ou=blah,dc=blah,dc=com" to make
it work.

Cheers, Pete

On Wed, Aug 3, 2016 at 1:33 PM, Joshua Walderbach 
wrote:

> Removing cn=people and cn=Graylog did not trick!  Thank you!!  I want to
> understand everything that is happening, I hope you don't mind me tapping
> your brain some more.
>
> The Search Base DN is telling GL to search, in my example, the
> domainname.corp for users.  The search pattern specifically looks for an
> object class called user followed by their account name.  Display Name
> Attribute tells GL how to display the name.  Group Search then looks for
> groups listed under the OU of Roles and again in the domain.  Then an
> object class of group followed by a name of Graylog*.  So putting too much
> search criteria can cause an issue because you're looking to definitively,
> but broadening the scope allowed it to work.  Is that correct?
>
> Thank you again for your help!  This community has been very quick and
> eager to assist.
>
> -Joshua
>
> On Tue, Aug 2, 2016 at 5:49 PM, Pete GS  wrote:
>
>> Ah! I would remove the "cn=people" from your search base and the
>> "cn=Graylog*" from your Group search base and Group search pattern to start
>> with.
>>
>> If the number of groups returned is too large, you can try adding the
>> "cn=Graylog*" back to just the search pattern entry.
>>
>> If all your accounts are in an OU called "people" and you want to
>> restrict user searches to this OU, the correct syntax would be
>> "ou=people,dc=domainname,dc=corp".
>>
>> Cheers, Pete
>>
>> On Wednesday, 3 August 2016 09:36:18 UTC+10, Joshua Walderbach wrote:
>>>
>>> So while I can log in as a domain user, the test and user login work in
>>> the LDAP settings page, under LDAP Group Mapping it says:
>>>
>>> "No LDAP/Active Directory groups found. Please verify that your LDAP
>>> group mapping  
>>> settings
>>> are correct."
>>>
>>> If I click on that link, it takes me to my LDAP Settings page.  Here is
>>> my settings now:
>>>
>>>
>>> ​
>>>
>>> On Tue, Aug 2, 2016 at 5:24 PM, Pete GS  wrote:
>>>
 Glad to hear it!

 If your company uses AD for authentication, then using AD groups will
 make it nice and easy to automatically assign roles to users via AD group
 membership.

 The second part of my email was about that topic.

 Once LDAP is configured, navigate to the LDAP Group Mapping tab where
 you should see a list of all your AD groups. Simply use the pull down
 beside the appropriate groups to assign the Graylog role to the group.

 One point to note is make sure your users are members of only one
 Graylog related group. Some applications/systems don't work well when a
 user is mapped to multiple groups that it uses for authentication and this
 can cause unexpected results. I'm not sure if Graylog has issues with this
 or not but it's safer just to ensure each user is a member of one group
 only that's used for Graylog LDAP group mapping.

 Hope that answers your question.

 Cheers, Pete

 On Wednesday, 3 August 2016 08:57:24 UTC+10, Joshua Walderbach wrote:
>
> Ok I got it to work, I can log in as a domain user.  However editing
> my user to be Admin doesn't stick.  I see it wants me to bind AD Groups to
> Graylog Roles.  Can you point me in the right direction there?
>
> On Tue, Aug 2, 2016 at 4:11 PM, Pete GS  wrote:
>
>> H seems my updates to my fields didn't get saved for some reason.
>>
>> Simply substitute the distinguished name "dc=company,dc=corp" for
>> "dc=lab,dc=melbourneit,dc=com".
>>
>> All else should stay the same.
>>
>> Cheers, Pete
>>
>> On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>>>
>>> I need help getting the correct Search Base DN, User Search Pattern,
>>> and Group Mapping variables in Graylog 2.x.  I'm using Active Directory 
>>> and
>>> after entering information into step 1., Test Server Connection is OK.  
>>> In
>>> my domain, company.corp,  there is a OU called Roles and in that a Group
>>> called Graylog.  I've assigned users to the Group.  I've tried several
>>> different combinations and unable to get anything to work when I run a
>>> Login test.  Fails to connect or find user.
>>>
>>> Would anyone be so kind to explain what I need to do here?  AD is a
>>> major weak spot for me.  Working on that.
>>>
>>>
>>>
>>>
>>> 

[graylog2] Re: Source name is IP instead of DNS

[walderbachjoshua]

Hello,

I added 

$Hostname = 'hostnamehere';

inside the  ...  within my nxlog.conf file.  


On Tuesday, August 2, 2016 at 9:31:41 AM UTC-6, Marvin Popyk wrote:
>
> Hello,
>
> We just installed Graylog and our getting logs from a bunch of Linux 
> Ubuntu 14.04 machines.  However, under source, it is giving the IP address 
> instead of the DNS or hostname.  I've installed the DNS resolver plugin but 
> i can't seem to get that working either.  
>
> Any idea how i can get graylog to post the hostname instead of IP address? 
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0f91ab49-f311-401c-ae21-b3376dc3820d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Active Directory Settings

[Joshua Walderbach]

Removing cn=people and cn=Graylog did not trick!  Thank you!!  I want to
understand everything that is happening, I hope you don't mind me tapping
your brain some more.

The Search Base DN is telling GL to search, in my example, the
domainname.corp for users.  The search pattern specifically looks for an
object class called user followed by their account name.  Display Name
Attribute tells GL how to display the name.  Group Search then looks for
groups listed under the OU of Roles and again in the domain.  Then an
object class of group followed by a name of Graylog*.  So putting too much
search criteria can cause an issue because you're looking to definitively,
but broadening the scope allowed it to work.  Is that correct?

Thank you again for your help!  This community has been very quick and
eager to assist.

-Joshua

On Tue, Aug 2, 2016 at 5:49 PM, Pete GS  wrote:

> Ah! I would remove the "cn=people" from your search base and the
> "cn=Graylog*" from your Group search base and Group search pattern to start
> with.
>
> If the number of groups returned is too large, you can try adding the
> "cn=Graylog*" back to just the search pattern entry.
>
> If all your accounts are in an OU called "people" and you want to restrict
> user searches to this OU, the correct syntax would be
> "ou=people,dc=domainname,dc=corp".
>
> Cheers, Pete
>
> On Wednesday, 3 August 2016 09:36:18 UTC+10, Joshua Walderbach wrote:
>>
>> So while I can log in as a domain user, the test and user login work in
>> the LDAP settings page, under LDAP Group Mapping it says:
>>
>> "No LDAP/Active Directory groups found. Please verify that your LDAP
>> group mapping  
>> settings
>> are correct."
>>
>> If I click on that link, it takes me to my LDAP Settings page.  Here is
>> my settings now:
>>
>>
>> ​
>>
>> On Tue, Aug 2, 2016 at 5:24 PM, Pete GS  wrote:
>>
>>> Glad to hear it!
>>>
>>> If your company uses AD for authentication, then using AD groups will
>>> make it nice and easy to automatically assign roles to users via AD group
>>> membership.
>>>
>>> The second part of my email was about that topic.
>>>
>>> Once LDAP is configured, navigate to the LDAP Group Mapping tab where
>>> you should see a list of all your AD groups. Simply use the pull down
>>> beside the appropriate groups to assign the Graylog role to the group.
>>>
>>> One point to note is make sure your users are members of only one
>>> Graylog related group. Some applications/systems don't work well when a
>>> user is mapped to multiple groups that it uses for authentication and this
>>> can cause unexpected results. I'm not sure if Graylog has issues with this
>>> or not but it's safer just to ensure each user is a member of one group
>>> only that's used for Graylog LDAP group mapping.
>>>
>>> Hope that answers your question.
>>>
>>> Cheers, Pete
>>>
>>> On Wednesday, 3 August 2016 08:57:24 UTC+10, Joshua Walderbach wrote:

 Ok I got it to work, I can log in as a domain user.  However editing my
 user to be Admin doesn't stick.  I see it wants me to bind AD Groups to
 Graylog Roles.  Can you point me in the right direction there?

 On Tue, Aug 2, 2016 at 4:11 PM, Pete GS  wrote:

> H seems my updates to my fields didn't get saved for some reason.
>
> Simply substitute the distinguished name "dc=company,dc=corp" for
> "dc=lab,dc=melbourneit,dc=com".
>
> All else should stay the same.
>
> Cheers, Pete
>
> On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>>
>> I need help getting the correct Search Base DN, User Search Pattern,
>> and Group Mapping variables in Graylog 2.x.  I'm using Active Directory 
>> and
>> after entering information into step 1., Test Server Connection is OK.  
>> In
>> my domain, company.corp,  there is a OU called Roles and in that a Group
>> called Graylog.  I've assigned users to the Group.  I've tried several
>> different combinations and unable to get anything to work when I run a
>> Login test.  Fails to connect or find user.
>>
>> Would anyone be so kind to explain what I need to do here?  AD is a
>> major weak spot for me.  Working on that.
>>
>>
>>
>>
>> 
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/5LG1b_2a5AU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/22fa0696-13fb-4e17-8470-52e00912ad78%40googlegroups.com
>>>

Re: [graylog2] Re: Active Directory Settings

[Pete GS]

Ah! I would remove the "cn=people" from your search base and the 
"cn=Graylog*" from your Group search base and Group search pattern to start 
with.

If the number of groups returned is too large, you can try adding the 
"cn=Graylog*" back to just the search pattern entry.

If all your accounts are in an OU called "people" and you want to restrict 
user searches to this OU, the correct syntax would be 
"ou=people,dc=domainname,dc=corp".

Cheers, Pete

On Wednesday, 3 August 2016 09:36:18 UTC+10, Joshua Walderbach wrote:
>
> So while I can log in as a domain user, the test and user login work in 
> the LDAP settings page, under LDAP Group Mapping it says:
>
> "No LDAP/Active Directory groups found. Please verify that your LDAP 
> group mapping  
> settings 
> are correct."
>
> If I click on that link, it takes me to my LDAP Settings page.  Here is my 
> settings now:
>
>
> ​
>
> On Tue, Aug 2, 2016 at 5:24 PM, Pete GS > 
> wrote:
>
>> Glad to hear it!
>>
>> If your company uses AD for authentication, then using AD groups will 
>> make it nice and easy to automatically assign roles to users via AD group 
>> membership.
>>
>> The second part of my email was about that topic.
>>
>> Once LDAP is configured, navigate to the LDAP Group Mapping tab where you 
>> should see a list of all your AD groups. Simply use the pull down beside 
>> the appropriate groups to assign the Graylog role to the group.
>>
>> One point to note is make sure your users are members of only one Graylog 
>> related group. Some applications/systems don't work well when a user is 
>> mapped to multiple groups that it uses for authentication and this can 
>> cause unexpected results. I'm not sure if Graylog has issues with this or 
>> not but it's safer just to ensure each user is a member of one group only 
>> that's used for Graylog LDAP group mapping.
>>
>> Hope that answers your question.
>>
>> Cheers, Pete
>>
>> On Wednesday, 3 August 2016 08:57:24 UTC+10, Joshua Walderbach wrote:
>>>
>>> Ok I got it to work, I can log in as a domain user.  However editing my 
>>> user to be Admin doesn't stick.  I see it wants me to bind AD Groups to 
>>> Graylog Roles.  Can you point me in the right direction there?
>>>
>>> On Tue, Aug 2, 2016 at 4:11 PM, Pete GS  wrote:
>>>
 H seems my updates to my fields didn't get saved for some reason.

 Simply substitute the distinguished name "dc=company,dc=corp" for 
 "dc=lab,dc=melbourneit,dc=com".

 All else should stay the same.

 Cheers, Pete

 On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>
> I need help getting the correct Search Base DN, User Search Pattern, 
> and Group Mapping variables in Graylog 2.x.  I'm using Active Directory 
> and 
> after entering information into step 1., Test Server Connection is OK.  
> In 
> my domain, company.corp,  there is a OU called Roles and in that a Group 
> called Graylog.  I've assigned users to the Group.  I've tried several 
> different combinations and unable to get anything to work when I run a 
> Login test.  Fails to connect or find user.
>
> Would anyone be so kind to explain what I need to do here?  AD is a 
> major weak spot for me.  Working on that.
>
>
>
>
> 
>
> -- 
 You received this message because you are subscribed to a topic in the 
 Google Groups "Graylog Users" group.
 To unsubscribe from this topic, visit 
 https://groups.google.com/d/topic/graylog2/5LG1b_2a5AU/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to 
 graylog2+u...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/graylog2/22fa0696-13fb-4e17-8470-52e00912ad78%40googlegroups.com
  
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> -- 
>>>
>>> 
>>> 
>>> joshua walderbach  | OPERATIONS ENGINEER |  303.495.6980 x732
>>>
>>> 
>>> 
>>>  
>>> 
>>>  
>>> 3457 RINGSBY CT, #111 | DENVER, CO 80216
>>> WWW.INFLUENCE.TV  | EMAIL PRIVACY POLICY 
>>> 
>>>
>>>   
>>> 

Re: [graylog2] Re: Active Directory Settings

[Pete GS]

Glad to hear it!

If your company uses AD for authentication, then using AD groups will make 
it nice and easy to automatically assign roles to users via AD group 
membership.

The second part of my email was about that topic.

Once LDAP is configured, navigate to the LDAP Group Mapping tab where you 
should see a list of all your AD groups. Simply use the pull down beside 
the appropriate groups to assign the Graylog role to the group.

One point to note is make sure your users are members of only one Graylog 
related group. Some applications/systems don't work well when a user is 
mapped to multiple groups that it uses for authentication and this can 
cause unexpected results. I'm not sure if Graylog has issues with this or 
not but it's safer just to ensure each user is a member of one group only 
that's used for Graylog LDAP group mapping.

Hope that answers your question.

Cheers, Pete

On Wednesday, 3 August 2016 08:57:24 UTC+10, Joshua Walderbach wrote:
>
> Ok I got it to work, I can log in as a domain user.  However editing my 
> user to be Admin doesn't stick.  I see it wants me to bind AD Groups to 
> Graylog Roles.  Can you point me in the right direction there?
>
> On Tue, Aug 2, 2016 at 4:11 PM, Pete GS > 
> wrote:
>
>> H seems my updates to my fields didn't get saved for some reason.
>>
>> Simply substitute the distinguished name "dc=company,dc=corp" for 
>> "dc=lab,dc=melbourneit,dc=com".
>>
>> All else should stay the same.
>>
>> Cheers, Pete
>>
>> On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>>>
>>> I need help getting the correct Search Base DN, User Search Pattern, and 
>>> Group Mapping variables in Graylog 2.x.  I'm using Active Directory and 
>>> after entering information into step 1., Test Server Connection is OK.  In 
>>> my domain, company.corp,  there is a OU called Roles and in that a Group 
>>> called Graylog.  I've assigned users to the Group.  I've tried several 
>>> different combinations and unable to get anything to work when I run a 
>>> Login test.  Fails to connect or find user.
>>>
>>> Would anyone be so kind to explain what I need to do here?  AD is a 
>>> major weak spot for me.  Working on that.
>>>
>>>
>>>
>>>
>>> 
>>>
>>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Graylog Users" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/graylog2/5LG1b_2a5AU/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to 
>> graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/22fa0696-13fb-4e17-8470-52e00912ad78%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
>  
> 
>   
> joshua walderbach  | OPERATIONS ENGINEER |  303.495.6980 x732
>  
> 
>   
>  
> 
>  
> 3457 RINGSBY CT, #111 | DENVER, CO 80216
> WWW.INFLUENCE.TV  | EMAIL PRIVACY POLICY 
> 
>
>   
>       
> 
>  
> WE ARE A TRIBE
> We believe we can significantly impact the quality of life and aliveness 
> on the planet with technology.
> As such, we will be relentless in delivering “WOW” technology solutions to 
> the world that are elegantly
> simple, game-changing to entire industries, *and* impactful to the 
> quality of millions of people’s lives.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e42e7801-ba95-4179-a581-88911590eecd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Active Directory Settings

[Joshua Walderbach]

Ok I got it to work, I can log in as a domain user.  However editing my
user to be Admin doesn't stick.  I see it wants me to bind AD Groups to
Graylog Roles.  Can you point me in the right direction there?

On Tue, Aug 2, 2016 at 4:11 PM, Pete GS  wrote:

> H seems my updates to my fields didn't get saved for some reason.
>
> Simply substitute the distinguished name "dc=company,dc=corp" for
> "dc=lab,dc=melbourneit,dc=com".
>
> All else should stay the same.
>
> Cheers, Pete
>
> On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>>
>> I need help getting the correct Search Base DN, User Search Pattern, and
>> Group Mapping variables in Graylog 2.x.  I'm using Active Directory and
>> after entering information into step 1., Test Server Connection is OK.  In
>> my domain, company.corp,  there is a OU called Roles and in that a Group
>> called Graylog.  I've assigned users to the Group.  I've tried several
>> different combinations and unable to get anything to work when I run a
>> Login test.  Fails to connect or find user.
>>
>> Would anyone be so kind to explain what I need to do here?  AD is a major
>> weak spot for me.  Working on that.
>>
>>
>>
>>
>> 
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/graylog2/5LG1b_2a5AU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/22fa0696-13fb-4e17-8470-52e00912ad78%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 



joshua walderbach  | OPERATIONS ENGINEER |  303.495.6980 x732






3457 RINGSBY CT, #111 | DENVER, CO 80216
WWW.INFLUENCE.TV  | EMAIL PRIVACY POLICY


  
  


WE ARE A TRIBE
We believe we can significantly impact the quality of life and aliveness on
the planet with technology.
As such, we will be relentless in delivering “WOW” technology solutions to
the world that are elegantly
simple, game-changing to entire industries, *and* impactful to the quality
of millions of people’s lives.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADR58eRqX5o5B3jOzCXn4YdRegUyb8FAtjTcrMQQUFTPaVOzLQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog Sidecar reports "unable to map property tags"

[Pete GS]

I seem to be encountering this same issue with 0.0.9-beta-1.

time="2016-08-03T08:13:26+10:00" level=error msg="[UpdateRegistration] 
Failed to
 report collector status to server: PUT 
http://graylog.lab.melbourneit.com:12900
/plugins/org.graylog.plugins.collector/collectors/628a678c-77eb-4aef-96f1-0bde93
19cd96: 400 Unable to map property tags.\nKnown properties include: 
operating_sy
stem"

I'm pretty sure everything is configured correctly and my Graylog 
environment is a fresh one installed two days ago with 2.0.3.

Do you need me to open a new issue or update the existing issue opened by 
Jeremy?

Cheers, Pete

On Monday, 18 July 2016 23:15:31 UTC+10, Jeremy Farr wrote:
>
> Done.  https://github.com/Graylog2/collector-sidecar/issues/39
>
> On Monday, July 18, 2016 at 3:35:36 AM UTC-5, Marius Sturm wrote:
>>
>> Hi,
>> could you please create an issue for that over here: 
>> https://github.com/Graylog2/collector-sidecar/issues
>> Please add your collector_sidecar.yml file to the ticket.
>>
>> Thanks,
>> Marius
>>
>>
>> On 15 July 2016 at 20:25, Jeremy Farr  wrote:
>>
>>> So I'm using nxlog and I've installed the graylog sidecar.  I'm manually 
>>> starting it with my configuration file so I can monitor it.  Just after 
>>> reporting that nxlog is starting it gives a 400 error related to the 
>>> property tags.  I've attached the screen shot. I've changed the tag and 
>>> ensured it's the same as what I've got in the config on the graylog side. I 
>>> am using the alpha release of the collector just FYI.
>>>
>>>
>>> 
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to graylog2+u...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/graylog2/440c674f-b5ea-4315-9733-2e5c4429c41e%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> -- 
>> Developer
>>
>> Tel.: +49 (0)40 609 452 077
>> Fax.: +49 (0)40 609 452 078
>>
>> TORCH GmbH - A Graylog Company
>> Poolstraße 21
>> 20335 Hamburg
>> Germany
>>
>> https://www.graylog.com 
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>> Geschäftsführer: Lennart Koopmann (CEO)
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/24ed9163-b9f9-43f3-a444-f7ca94f7a0a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Active Directory Settings

[Pete GS]

H seems my updates to my fields didn't get saved for some reason.

Simply substitute the distinguished name "dc=company,dc=corp" for 
"dc=lab,dc=melbourneit,dc=com".

All else should stay the same.

Cheers, Pete

On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>
> I need help getting the correct Search Base DN, User Search Pattern, and 
> Group Mapping variables in Graylog 2.x.  I'm using Active Directory and 
> after entering information into step 1., Test Server Connection is OK.  In 
> my domain, company.corp,  there is a OU called Roles and in that a Group 
> called Graylog.  I've assigned users to the Group.  I've tried several 
> different combinations and unable to get anything to work when I run a 
> Login test.  Fails to connect or find user.
>
> Would anyone be so kind to explain what I need to do here?  AD is a major 
> weak spot for me.  Working on that.
>
>
>
>
> 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/22fa0696-13fb-4e17-8470-52e00912ad78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Active Directory Settings

[Pete GS]

You can pretty much copy the examples provided verbatim for it to work.

In our test lab environment I just use the provided examples with our 
domain etc. substituted.

Our Production AD is quite different though and very large with many OU's, 
so I have to be more specific in that scenario.

One key item to note that I learnt a long time ago in an unrelated scenario 
though is to use the Delegate Control Wizard in Active Directory to grant 
the user you use for LDAP lookups permissions to read all user attributes. 
Without doing this, some user attributes are unavailable and this can 
impact the ability to lookup group memberships.

In my scenario I have a domain user called 
"maint_graylogl...@my.domain.com" that is only a member of Domain Users. I 
have run the Delegate Control Wizard to assign the task "Read all user 
information"

Here's my guess at the entries you need:

3. User mapping
Search Base DN
The base tree to limit the Active Directory search query to, e.g. 
cn=users,dc=example,dc=com.
User Search Pattern
For example (&(objectClass=user)(sAMAccountName={0})). The string {0} will 
be replaced by the entered username.
Display Name attribute
Which Active Directory attribute to use for the full name of the user in 
Graylog, e.g. displayName.
Try to load a test user using the form below, if you are unsure which 
attribute to use.


















4. Group Mapping(optional)
Group Search Base DN
The base tree to limit the Active Directory group search query to, e.g. 
cn=users,dc=example,dc=com.
Group Search Pattern
The search pattern used to find groups in Active Directory for mapping to 
Graylog roles, e.g. (objectClass=group)or 
(&(objectClass=group)(cn=graylog*)).
Group Name Attribute
Which Active Directory attribute to use for the full name of the group, 
usually cn.

















Note that I haven't specified the "Roles" OU or the group name "Graylog".

Instead, I use the LDAP group mapping to do this.

I have two groups "GraylogAdmins" and "GraylogUsers" that are mapped via 
the LDAP Group Mapping page. The Admins role is the default built in role, 
but ReadAll is a user defined role with read privileges on a stream that 
allows users to read all incoming data.



   - 
   - GraylogAdmins
   NoneAdminReadAllReader
   - 
   - 
   - 
   - 
   - 
   - 
   - GraylogUsers
   NoneAdminReadAllReader
   - 
   






I hope that helps.

Cheers, Pete




On Wednesday, 3 August 2016 06:08:11 UTC+10, Joshua Walderbach wrote:
>
> I need help getting the correct Search Base DN, User Search Pattern, and 
> Group Mapping variables in Graylog 2.x.  I'm using Active Directory and 
> after entering information into step 1., Test Server Connection is OK.  In 
> my domain, company.corp,  there is a OU called Roles and in that a Group 
> called Graylog.  I've assigned users to the Group.  I've tried several 
> different combinations and unable to get anything to work when I run a 
> Login test.  Fails to connect or find user.
>
> Would anyone be so kind to explain what I need to do here?  AD is a major 
> weak spot for me.  Working on that.
>
>
>
>
> 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1ce7c54f-958b-4d53-b1b8-9ce8d7224fab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Active Directory Settings

[Joshua Walderbach]

I need help getting the correct Search Base DN, User Search Pattern, and 
Group Mapping variables in Graylog 2.x.  I'm using Active Directory and 
after entering information into step 1., Test Server Connection is OK.  In 
my domain, company.corp,  there is a OU called Roles and in that a Group 
called Graylog.  I've assigned users to the Group.  I've tried several 
different combinations and unable to get anything to work when I run a 
Login test.  Fails to connect or find user.

Would anyone be so kind to explain what I need to do here?  AD is a major 
weak spot for me.  Working on that.





-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/18c636ec-c2cc-46e5-b1ff-87c03d0d7871%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Nathan Mace]

Jochen,

I've looked over the config files and this thread (and then double 
checked).  I've cleaned up the two config files for ES (removed all the 
comments and posted here just the uncommented lines). I also added options 
that seemed like they might help.  But the log files still show it trying 
to bind port 9300 on 127.0.0.1.  I've done everything I know to do to make 
it NOT use the loopback interface.  The config's as they exist now are:

cluster.name: graylog
node.name: node2
node.master: false
network.host: x.x.x.149
network.publish_host: x.x.x.149
transport.tcp.port: 9300
http.port: 9200
discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
discovery.zen.minimum_master_nodes: 1


cluster.name: graylog
node.name: node1
node.master: true
network.host: x.x.x.146
network.publish_host: x.x.x.146
transport.tcp.port: 9300
http.port: 9200
discovery.zen.ping.unicast.hosts: ["x.x.x.149", "x.x.x.146"]
discovery.zen.minimum_master_nodes: 1

I am completely out of ideas.


Nathan



On Tuesday, August 2, 2016 at 12:48:39 PM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> it seems your Elasticsearch config is still wrong. Both nodes only bind to 
> localhost:
>
> ES node 1:
>> [2016-08-02 09:19:16,184][INFO ][transport ] [Betty Ross Banner] 
>> publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {
>> 127.0.0.1:9300}
>>
>  
>
> ES node 2:
>> [2016-08-02 09:19:16,064][INFO ][transport ] [Invisible Woman] 
>> publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {
>> 127.0.0.1:9300}
>
>
> I suggest you double check the configuration files and do the changes I 
> suggested in the numerous mails before.
>
> Cheers,
> Jochen
>
>
> On Tuesday, 2 August 2016 18:43:16 UTC+2, Nathan Mace wrote:
>>
>> Please see attached files.  I got the elasticsearch.log file from 
>> /var/log/elasticsearch on both nodes.  Additionally I got graylog.log from 
>> the same location on both nodes.  Even though node 2 doesn't have graylog 
>> installed it had a log file for it.  Not sure why that is.
>>
>> Thanks!
>>
>> Nathan
>>
>> On Tuesday, August 2, 2016 at 11:10:49 AM UTC-4, Jochen Schalanda wrote:
>>>
>>> Hi Nathan,
>>>
>>> please post the *complete* log files of your Elasticsearch and Graylog 
>>> nodes.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 16:56:58 UTC+2, Nathan Mace wrote:

 Removing the leading whitespaces didn't help.

 However in looking through the logs I found this in the primary node's 
 graylog.log file:

 ConnectTransportException[[ansted-search-01][x.x.x.149:9300] 
 connect_timeout[30s]]; nested: ConnectException[Connection refused: 
 /x.x.x.149:9300];
 at 
 org.elasticsearch.transport.netty.NettyTransport.connectToChannels(NettyTransport.java:987)
 at 
 org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:920)
 at 
 org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:893)
 at 
 org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:260)
 at 
 org.elasticsearch.discovery.zen.ZenDiscovery.joinElectedMaster(ZenDiscovery.java:434)
 at 
 org.elasticsearch.discovery.zen.ZenDiscovery.innerJoinCluster(ZenDiscovery.java:386)
 at 
 org.elasticsearch.discovery.zen.ZenDiscovery.access$4800(ZenDiscovery.java:91)
 at 
 org.elasticsearch.discovery.zen.ZenDiscovery$JoinThreadControl$1.run(ZenDiscovery.java:1237)
 at 
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at 
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at java.lang.Thread.run(Thread.java:745)

 It was repeated several times.  That is it trying to connect to the 
 second node on port 9300 and not being able to.  I see in the 
 documentation 
 that 9300 is the default port and I have nothing in either of the ES YML 
 files referencing that port number, so it seems to be all default.  If I 
 do 
 a netstat on both hosts they are both listening on port 9200 and 9300.  It 
 would seem that it is listening, but only allowing connections to 9300 
 from 
 localhost?  What would I need to change to allow a connect from the other 
 node?

 Nathan

 On Tuesday, August 2, 2016 at 10:22:44 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> I'm not sure how Elasticsearch handles leading whitespace in their 
> configuration file. I'd recommend making sure that the configuration 
> settings really start at the beginning of a line.
>
> Additionally, please post the complete log files of your Elasticsearch 
> and Graylog nodes.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 16:00:47 UTC+2, Nathan Mace wrote:
>>
>> Oh good grief!  Clearly been staring at this problem to long, I 
>> completely missed those hash signs.
>>
>> O

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

it seems your Elasticsearch config is still wrong. Both nodes only bind to 
localhost:

ES node 1:
> [2016-08-02 09:19:16,184][INFO ][transport ] [Betty Ross Banner] 
> publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, 
> {127.0.0.1:9300}
>
 

ES node 2:
> [2016-08-02 09:19:16,064][INFO ][transport ] [Invisible Woman] 
> publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, 
> {127.0.0.1:9300}


I suggest you double check the configuration files and do the changes I 
suggested in the numerous mails before.

Cheers,
Jochen


On Tuesday, 2 August 2016 18:43:16 UTC+2, Nathan Mace wrote:
>
> Please see attached files.  I got the elasticsearch.log file from 
> /var/log/elasticsearch on both nodes.  Additionally I got graylog.log from 
> the same location on both nodes.  Even though node 2 doesn't have graylog 
> installed it had a log file for it.  Not sure why that is.
>
> Thanks!
>
> Nathan
>
> On Tuesday, August 2, 2016 at 11:10:49 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> please post the *complete* log files of your Elasticsearch and Graylog 
>> nodes.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 16:56:58 UTC+2, Nathan Mace wrote:
>>>
>>> Removing the leading whitespaces didn't help.
>>>
>>> However in looking through the logs I found this in the primary node's 
>>> graylog.log file:
>>>
>>> ConnectTransportException[[ansted-search-01][x.x.x.149:9300] 
>>> connect_timeout[30s]]; nested: ConnectException[Connection refused: 
>>> /x.x.x.149:9300];
>>> at 
>>> org.elasticsearch.transport.netty.NettyTransport.connectToChannels(NettyTransport.java:987)
>>> at 
>>> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:920)
>>> at 
>>> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:893)
>>> at 
>>> org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:260)
>>> at 
>>> org.elasticsearch.discovery.zen.ZenDiscovery.joinElectedMaster(ZenDiscovery.java:434)
>>> at 
>>> org.elasticsearch.discovery.zen.ZenDiscovery.innerJoinCluster(ZenDiscovery.java:386)
>>> at 
>>> org.elasticsearch.discovery.zen.ZenDiscovery.access$4800(ZenDiscovery.java:91)
>>> at 
>>> org.elasticsearch.discovery.zen.ZenDiscovery$JoinThreadControl$1.run(ZenDiscovery.java:1237)
>>> at 
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> at 
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>> It was repeated several times.  That is it trying to connect to the 
>>> second node on port 9300 and not being able to.  I see in the documentation 
>>> that 9300 is the default port and I have nothing in either of the ES YML 
>>> files referencing that port number, so it seems to be all default.  If I do 
>>> a netstat on both hosts they are both listening on port 9200 and 9300.  It 
>>> would seem that it is listening, but only allowing connections to 9300 from 
>>> localhost?  What would I need to change to allow a connect from the other 
>>> node?
>>>
>>> Nathan
>>>
>>> On Tuesday, August 2, 2016 at 10:22:44 AM UTC-4, Jochen Schalanda wrote:

 Hi Nathan,

 I'm not sure how Elasticsearch handles leading whitespace in their 
 configuration file. I'd recommend making sure that the configuration 
 settings really start at the beginning of a line.

 Additionally, please post the complete log files of your Elasticsearch 
 and Graylog nodes.

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 16:00:47 UTC+2, Nathan Mace wrote:
>
> Oh good grief!  Clearly been staring at this problem to long, I 
> completely missed those hash signs.
>
> OK, now ES is happily running on the proper IP addresses.  I can 
> access it via curl from other hosts.  So that's a large improvement. 
> However Graylog still only reports 1 node in the web interface.  I've 
> attached the current versions of the config files (vs copy/paste).  Given 
> my tunnel vision on the hash signs, this seems like it will be something 
> obvious but I can't find it.
>
> Thank you so much for the help!
>
> Nathan
>
> On Tuesday, August 2, 2016 at 9:30:58 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> leading hash signs (the # character) mean that the line is commented 
>> out.
>>
>> For example the following line is completely ignored:
>>
>> # discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
>>
>>
>> While this line is "active" and will be obeyed:
>>
>> cluster.name: graylog
>>
>>
>> Maybe you've only copy & pasted your configuration files in a strange 
>> way (which is why I would always recommend to send them as attachments), 
>> but that's how it looks like.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 20

[graylog2] Re: Add Elastic Search Nodes?

[Nathan Mace]

Please see attached files.  I got the elasticsearch.log file from 
/var/log/elasticsearch on both nodes.  Additionally I got graylog.log from 
the same location on both nodes.  Even though node 2 doesn't have graylog 
installed it had a log file for it.  Not sure why that is.

Thanks!

Nathan

On Tuesday, August 2, 2016 at 11:10:49 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> please post the *complete* log files of your Elasticsearch and Graylog 
> nodes.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 16:56:58 UTC+2, Nathan Mace wrote:
>>
>> Removing the leading whitespaces didn't help.
>>
>> However in looking through the logs I found this in the primary node's 
>> graylog.log file:
>>
>> ConnectTransportException[[ansted-search-01][x.x.x.149:9300] 
>> connect_timeout[30s]]; nested: ConnectException[Connection refused: 
>> /x.x.x.149:9300];
>> at 
>> org.elasticsearch.transport.netty.NettyTransport.connectToChannels(NettyTransport.java:987)
>> at 
>> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:920)
>> at 
>> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:893)
>> at 
>> org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:260)
>> at 
>> org.elasticsearch.discovery.zen.ZenDiscovery.joinElectedMaster(ZenDiscovery.java:434)
>> at 
>> org.elasticsearch.discovery.zen.ZenDiscovery.innerJoinCluster(ZenDiscovery.java:386)
>> at 
>> org.elasticsearch.discovery.zen.ZenDiscovery.access$4800(ZenDiscovery.java:91)
>> at 
>> org.elasticsearch.discovery.zen.ZenDiscovery$JoinThreadControl$1.run(ZenDiscovery.java:1237)
>> at 
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> at 
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>>
>> It was repeated several times.  That is it trying to connect to the 
>> second node on port 9300 and not being able to.  I see in the documentation 
>> that 9300 is the default port and I have nothing in either of the ES YML 
>> files referencing that port number, so it seems to be all default.  If I do 
>> a netstat on both hosts they are both listening on port 9200 and 9300.  It 
>> would seem that it is listening, but only allowing connections to 9300 from 
>> localhost?  What would I need to change to allow a connect from the other 
>> node?
>>
>> Nathan
>>
>> On Tuesday, August 2, 2016 at 10:22:44 AM UTC-4, Jochen Schalanda wrote:
>>>
>>> Hi Nathan,
>>>
>>> I'm not sure how Elasticsearch handles leading whitespace in their 
>>> configuration file. I'd recommend making sure that the configuration 
>>> settings really start at the beginning of a line.
>>>
>>> Additionally, please post the complete log files of your Elasticsearch 
>>> and Graylog nodes.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 16:00:47 UTC+2, Nathan Mace wrote:

 Oh good grief!  Clearly been staring at this problem to long, I 
 completely missed those hash signs.

 OK, now ES is happily running on the proper IP addresses.  I can access 
 it via curl from other hosts.  So that's a large improvement. However 
 Graylog still only reports 1 node in the web interface.  I've attached the 
 current versions of the config files (vs copy/paste).  Given my tunnel 
 vision on the hash signs, this seems like it will be something obvious but 
 I can't find it.

 Thank you so much for the help!

 Nathan

 On Tuesday, August 2, 2016 at 9:30:58 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> leading hash signs (the # character) mean that the line is commented 
> out.
>
> For example the following line is completely ignored:
>
> # discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
>
>
> While this line is "active" and will be obeyed:
>
> cluster.name: graylog
>
>
> Maybe you've only copy & pasted your configuration files in a strange 
> way (which is why I would always recommend to send them as attachments), 
> but that's how it looks like.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 15:23:22 UTC+2, Nathan Mace wrote:
>>
>> Thanks Jochen.  I will make the changes.  However I am very confused 
>> by your comment about the second node having the cluster.name 
>> setting unset.  I'm showing that it is set to "graylog" just like the 
>> first 
>> node.  I'm not sure at all what you mean.
>>
>> Nathan
>>
>> On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda 
>> wrote:
>>>
>>> Hi Nathan,
>>>
>>> check the elasticsearch_network_host setting of your Graylog nodes. 
>>> It should be set to one (and only one!) public IP address of the 
>>> Graylog 
>>> node which can be accessed by all other Elasticsearch nodes in the 
>>> cluster.  elastics

[graylog2] Source name is IP instead of DNS

[Marvin Popyk]

Hello,

We just installed Graylog and our getting logs from a bunch of Linux Ubuntu 
14.04 machines.  However, under source, it is giving the IP address instead 
of the DNS or hostname.  I've installed the DNS resolver plugin but i can't 
seem to get that working either.  

Any idea how i can get graylog to post the hostname instead of IP address? 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cfec31c6-2e80-4710-bfc6-bb1296b3b5c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

please post the *complete* log files of your Elasticsearch and Graylog 
nodes.

Cheers,
Jochen

On Tuesday, 2 August 2016 16:56:58 UTC+2, Nathan Mace wrote:
>
> Removing the leading whitespaces didn't help.
>
> However in looking through the logs I found this in the primary node's 
> graylog.log file:
>
> ConnectTransportException[[ansted-search-01][x.x.x.149:9300] 
> connect_timeout[30s]]; nested: ConnectException[Connection refused: 
> /x.x.x.149:9300];
> at 
> org.elasticsearch.transport.netty.NettyTransport.connectToChannels(NettyTransport.java:987)
> at 
> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:920)
> at 
> org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:893)
> at 
> org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:260)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery.joinElectedMaster(ZenDiscovery.java:434)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery.innerJoinCluster(ZenDiscovery.java:386)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery.access$4800(ZenDiscovery.java:91)
> at 
> org.elasticsearch.discovery.zen.ZenDiscovery$JoinThreadControl$1.run(ZenDiscovery.java:1237)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
> It was repeated several times.  That is it trying to connect to the second 
> node on port 9300 and not being able to.  I see in the documentation that 
> 9300 is the default port and I have nothing in either of the ES YML files 
> referencing that port number, so it seems to be all default.  If I do a 
> netstat on both hosts they are both listening on port 9200 and 9300.  It 
> would seem that it is listening, but only allowing connections to 9300 from 
> localhost?  What would I need to change to allow a connect from the other 
> node?
>
> Nathan
>
> On Tuesday, August 2, 2016 at 10:22:44 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> I'm not sure how Elasticsearch handles leading whitespace in their 
>> configuration file. I'd recommend making sure that the configuration 
>> settings really start at the beginning of a line.
>>
>> Additionally, please post the complete log files of your Elasticsearch 
>> and Graylog nodes.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 16:00:47 UTC+2, Nathan Mace wrote:
>>>
>>> Oh good grief!  Clearly been staring at this problem to long, I 
>>> completely missed those hash signs.
>>>
>>> OK, now ES is happily running on the proper IP addresses.  I can access 
>>> it via curl from other hosts.  So that's a large improvement. However 
>>> Graylog still only reports 1 node in the web interface.  I've attached the 
>>> current versions of the config files (vs copy/paste).  Given my tunnel 
>>> vision on the hash signs, this seems like it will be something obvious but 
>>> I can't find it.
>>>
>>> Thank you so much for the help!
>>>
>>> Nathan
>>>
>>> On Tuesday, August 2, 2016 at 9:30:58 AM UTC-4, Jochen Schalanda wrote:

 Hi Nathan,

 leading hash signs (the # character) mean that the line is commented 
 out.

 For example the following line is completely ignored:

 # discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]


 While this line is "active" and will be obeyed:

 cluster.name: graylog


 Maybe you've only copy & pasted your configuration files in a strange 
 way (which is why I would always recommend to send them as attachments), 
 but that's how it looks like.

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 15:23:22 UTC+2, Nathan Mace wrote:
>
> Thanks Jochen.  I will make the changes.  However I am very confused 
> by your comment about the second node having the cluster.name setting 
> unset.  I'm showing that it is set to "graylog" just like the first node. 
>  I'm not sure at all what you mean.
>
> Nathan
>
> On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> check the elasticsearch_network_host setting of your Graylog nodes. 
>> It should be set to one (and only one!) public IP address of the Graylog 
>> node which can be accessed by all other Elasticsearch nodes in the 
>> cluster.  elasticsearch_discovery_zen_ping_unicast_hosts should be a 
>> comma-separated list of host/port pairs containing the addresses of the 
>> Elasticsearch nodes, for example:
>>
>> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, 
>> x.x.x.149
>>
>>
>> See 
>> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>>  
>> for details.
>>
>> Additionally, the cluster.name of your second Elasticsearch node is 
>> unset, which make

[graylog2] Extractor not running on inputs that should match

[Phil Sumner]

I've set up some simple Grok extractors and tested that they match against 
a sample of input messages in the Graylog interface, but when further 
messages come in the extractors do not seem to "kick in", and the 
additional fields that I see on other inputs with similar extractors don't 
get added on.  This was working at some point, but I deleted and recreated 
the extractors for some reason I've now forgotten.

An example Grok pattern:
%{HOSTNAME:source_unit} diskmonitor\:%{GREEDYDATA:UNWANTED}partition %{WORD:
partition} has only %{POSINT:percent_free}

And an example input message:
ip-10-244-63-14 diskmonitor: 011d0004:3: Disk partition var has only 12% 
free

Below is an example of a message that came in after I updated the extractor:



I can't figure out what's going on here, am I missing something obvious?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ac14ada5-997c-4214-be14-c6dcc98996e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Nathan Mace]

Removing the leading whitespaces didn't help.

However in looking through the logs I found this in the primary node's 
graylog.log file:

ConnectTransportException[[ansted-search-01][x.x.x.149:9300] 
connect_timeout[30s]]; nested: ConnectException[Connection refused: 
/x.x.x.149:9300];
at 
org.elasticsearch.transport.netty.NettyTransport.connectToChannels(NettyTransport.java:987)
at 
org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:920)
at 
org.elasticsearch.transport.netty.NettyTransport.connectToNode(NettyTransport.java:893)
at 
org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:260)
at 
org.elasticsearch.discovery.zen.ZenDiscovery.joinElectedMaster(ZenDiscovery.java:434)
at 
org.elasticsearch.discovery.zen.ZenDiscovery.innerJoinCluster(ZenDiscovery.java:386)
at 
org.elasticsearch.discovery.zen.ZenDiscovery.access$4800(ZenDiscovery.java:91)
at 
org.elasticsearch.discovery.zen.ZenDiscovery$JoinThreadControl$1.run(ZenDiscovery.java:1237)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

It was repeated several times.  That is it trying to connect to the second 
node on port 9300 and not being able to.  I see in the documentation that 
9300 is the default port and I have nothing in either of the ES YML files 
referencing that port number, so it seems to be all default.  If I do a 
netstat on both hosts they are both listening on port 9200 and 9300.  It 
would seem that it is listening, but only allowing connections to 9300 from 
localhost?  What would I need to change to allow a connect from the other 
node?

Nathan

On Tuesday, August 2, 2016 at 10:22:44 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> I'm not sure how Elasticsearch handles leading whitespace in their 
> configuration file. I'd recommend making sure that the configuration 
> settings really start at the beginning of a line.
>
> Additionally, please post the complete log files of your Elasticsearch and 
> Graylog nodes.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 16:00:47 UTC+2, Nathan Mace wrote:
>>
>> Oh good grief!  Clearly been staring at this problem to long, I 
>> completely missed those hash signs.
>>
>> OK, now ES is happily running on the proper IP addresses.  I can access 
>> it via curl from other hosts.  So that's a large improvement. However 
>> Graylog still only reports 1 node in the web interface.  I've attached the 
>> current versions of the config files (vs copy/paste).  Given my tunnel 
>> vision on the hash signs, this seems like it will be something obvious but 
>> I can't find it.
>>
>> Thank you so much for the help!
>>
>> Nathan
>>
>> On Tuesday, August 2, 2016 at 9:30:58 AM UTC-4, Jochen Schalanda wrote:
>>>
>>> Hi Nathan,
>>>
>>> leading hash signs (the # character) mean that the line is commented 
>>> out.
>>>
>>> For example the following line is completely ignored:
>>>
>>> # discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
>>>
>>>
>>> While this line is "active" and will be obeyed:
>>>
>>> cluster.name: graylog
>>>
>>>
>>> Maybe you've only copy & pasted your configuration files in a strange 
>>> way (which is why I would always recommend to send them as attachments), 
>>> but that's how it looks like.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 15:23:22 UTC+2, Nathan Mace wrote:

 Thanks Jochen.  I will make the changes.  However I am very confused by 
 your comment about the second node having the cluster.name setting 
 unset.  I'm showing that it is set to "graylog" just like the first node. 
  I'm not sure at all what you mean.

 Nathan

 On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> check the elasticsearch_network_host setting of your Graylog nodes. 
> It should be set to one (and only one!) public IP address of the Graylog 
> node which can be accessed by all other Elasticsearch nodes in the 
> cluster.  elasticsearch_discovery_zen_ping_unicast_hosts should be a 
> comma-separated list of host/port pairs containing the addresses of the 
> Elasticsearch nodes, for example:
>
> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, 
> x.x.x.149
>
>
> See 
> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>  
> for details.
>
> Additionally, the cluster.name of your second Elasticsearch node is 
> unset, which makes it default to "elasticsearch". The logs of that 
> Elasticsearch node should show this pretty clearly.
>
> Also take a look at the network.host settings of both your 
> Elasticsearch nodes. This setting must be customized to your network 
> setup, 
> otherwise they'll only bind to the local network interfac

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

I'm not sure how Elasticsearch handles leading whitespace in their 
configuration file. I'd recommend making sure that the configuration 
settings really start at the beginning of a line.

Additionally, please post the complete log files of your Elasticsearch and 
Graylog nodes.

Cheers,
Jochen

On Tuesday, 2 August 2016 16:00:47 UTC+2, Nathan Mace wrote:
>
> Oh good grief!  Clearly been staring at this problem to long, I completely 
> missed those hash signs.
>
> OK, now ES is happily running on the proper IP addresses.  I can access it 
> via curl from other hosts.  So that's a large improvement. However Graylog 
> still only reports 1 node in the web interface.  I've attached the current 
> versions of the config files (vs copy/paste).  Given my tunnel vision on 
> the hash signs, this seems like it will be something obvious but I can't 
> find it.
>
> Thank you so much for the help!
>
> Nathan
>
> On Tuesday, August 2, 2016 at 9:30:58 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> leading hash signs (the # character) mean that the line is commented out.
>>
>> For example the following line is completely ignored:
>>
>> # discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
>>
>>
>> While this line is "active" and will be obeyed:
>>
>> cluster.name: graylog
>>
>>
>> Maybe you've only copy & pasted your configuration files in a strange way 
>> (which is why I would always recommend to send them as attachments), but 
>> that's how it looks like.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 15:23:22 UTC+2, Nathan Mace wrote:
>>>
>>> Thanks Jochen.  I will make the changes.  However I am very confused by 
>>> your comment about the second node having the cluster.name setting 
>>> unset.  I'm showing that it is set to "graylog" just like the first node. 
>>>  I'm not sure at all what you mean.
>>>
>>> Nathan
>>>
>>> On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:

 Hi Nathan,

 check the elasticsearch_network_host setting of your Graylog nodes. It 
 should be set to one (and only one!) public IP address of the Graylog node 
 which can be accessed by all other Elasticsearch nodes in the cluster.  
 elasticsearch_discovery_zen_ping_unicast_hosts should be a 
 comma-separated list of host/port pairs containing the addresses of the 
 Elasticsearch nodes, for example:

 elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, 
 x.x.x.149


 See 
 http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
  
 for details.

 Additionally, the cluster.name of your second Elasticsearch node is 
 unset, which makes it default to "elasticsearch". The logs of that 
 Elasticsearch node should show this pretty clearly.

 Also take a look at the network.host settings of both your 
 Elasticsearch nodes. This setting must be customized to your network 
 setup, 
 otherwise they'll only bind to the local network interface (i. e. 
 127.0.0.1 or ::1). See 
 https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
  
 for details.

 Cheers,
 Jochen

 On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:
>
> Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
> Secondary Node (ES Only): IP Address: x.x.x.149
>
> Both on the same subnet.  Can ping each other.
> […]
>


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/675935ef-8d5c-4fe0-a048-7eae9d3a5649%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog Issue to login after server.conf change

[Jochen Schalanda]

Hi Guillaume,

that's the wrong port. The POST request must be directed to the Graylog 
REST API.

Make sure to remove or comment out the web_endpoint_uri setting in your 
Graylog configuration file.

Cheers,
Jochen

On Tuesday, 2 August 2016 16:28:43 UTC+2, Guillaume Migaszewski wrote:
>
> Dear Jochen , 
>
> Attached my server.conf. 
>
>
> Also some additional  curl output 
>
>  curl -v -XPOST 10.1.0.215:9000/system/sessions
> * About to connect() to 10.1.0.215 port 9000 (#0)
> *   Trying 10.1.0.215... connected
> * Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0)
> > POST /system/sessions HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
> 3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> > Host: 10.1.0.215:9000
> > Accept: */*
> >
> < HTTP/1.1 405 Method Not Allowed
> < Allow: GET,OPTIONS
> < X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838
> < Vary: Accept-Encoding
> < Content-Type: application/json
> < Date: Tue, 02 Aug 2016 14:27:43 GMT
> < Content-Length: 59
> <
> * Connection #0 to host 10.1.0.215 left intact
> * Closing connection #0
> {"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[
>
>
>
> Guillaume.
>
>
> On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Guillaume,
>>
>> please post your complete Graylog configuration file or be more explicit 
>> about how the relevant settings (rest_* and web_*) are configured right 
>> now.
>>
>> Also check the Developer Console of your web browser for error messages 
>> and post them here.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Dear Graylog users, 
>>>
>>> I have done an rpm install of Graylog . At first I was not able to login 
>>> from any other machine than localhost .As a result , with your assistance , 
>>> I have changed following settings  server.conf 
>>>
>>> rest_listen_uri = http://127.0.0.1:12900/
>>> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)
>>>
>>> web_listen_uri = http://127.0.0.1:9000/
>>> web_listen_uri = http://10.1.0.215:9000/
>>>
>>>
>>> As a result  I can reach login screen from any workstation. But after 
>>> sending my credentials I have following error message : 
>>>
>>> Error - the server returned: 405 - cannot POST /system/sessions (405)
>>>
>>>
>>> All resources I have found are speaking about reverse proxy or ssl use 
>>> but I have none of it . 
>>>
>>> It has been a while I did not have such a hard time to install an 
>>> application on Linux. ;) .But I will not give up.
>>>
>>> Thanks for your help.
>>>
>>> Guillaume.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/377c47c3-2242-430e-a32b-5983b14d9a71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog Issue to login after server.conf change

[Guillaume Migaszewski]

Dear Jochen , 

Attached my server.conf. 


Also some additional  curl output 

 curl -v -XPOST 10.1.0.215:9000/system/sessions
* About to connect() to 10.1.0.215 port 9000 (#0)
*   Trying 10.1.0.215... connected
* Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0)
> POST /system/sessions HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 
NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 10.1.0.215:9000
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Allow: GET,OPTIONS
< X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838
< Vary: Accept-Encoding
< Content-Type: application/json
< Date: Tue, 02 Aug 2016 14:27:43 GMT
< Content-Length: 59
<
* Connection #0 to host 10.1.0.215 left intact
* Closing connection #0
{"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[



Guillaume.


On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> please post your complete Graylog configuration file or be more explicit 
> about how the relevant settings (rest_* and web_*) are configured right 
> now.
>
> Also check the Developer Console of your web browser for error messages 
> and post them here.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Graylog users, 
>>
>> I have done an rpm install of Graylog . At first I was not able to login 
>> from any other machine than localhost .As a result , with your assistance , 
>> I have changed following settings  server.conf 
>>
>> rest_listen_uri = http://127.0.0.1:12900/
>> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)
>>
>> web_listen_uri = http://127.0.0.1:9000/
>> web_listen_uri = http://10.1.0.215:9000/
>>
>>
>> As a result  I can reach login screen from any workstation. But after 
>> sending my credentials I have following error message : 
>>
>> Error - the server returned: 405 - cannot POST /system/sessions (405)
>>
>>
>> All resources I have found are speaking about reverse proxy or ssl use 
>> but I have none of it . 
>>
>> It has been a while I did not have such a hard time to install an 
>> application on Linux. ;) .But I will not give up.
>>
>> Thanks for your help.
>>
>> Guillaume.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8b277a0b-e32a-466c-916e-56e02430f0d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
# If you are running more than one instances of Graylog server you have to 
select one of these
# instances as master. The master will perform some periodical tasks that 
non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after 
restarts. It is a good idea
# to use an absolute file path here if you are starting Graylog server from 
init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at 
least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret = removed

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to 
initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If 
you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = removed

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user. See 
http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

# REST API listen URI. Must be reachable by other Graylog server nodes if you 
run a cluster.
# When using Graylog Collectors, this URI will be used to receive heartbeat 
messages and must be accessible for all collectors.
rest_listen_uri = http://10.1.0.215:12900/

# REST API transport address. Defaults to the value of rest_listen_uri. 
Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system 
address is used.
# If set, this will be promoted in the cluster discovery APIs, so other nodes 
may try to connect on
# this address and it is used to generate URLs addressing entities in the REST 
API. (see rest_listen_uri)
# You will need to define this, if your Graylog server is running behind a HTTP 
proxy that is rewriting
# the scheme, host name or URI.
# This

[graylog2] Re: Extractors and Pipelines

[Jochen Schalanda]

Hi Linwood,

the processor pipelines and its rule language are supposed to replace 
Drools, extractors, static fields, and possibly stream rules in the long 
run.

Cheers,
Jochen

On Monday, 1 August 2016 22:28:33 UTC+2, Linwood Ferguson wrote:
>
> And by the way -- rearranging the order made the pipeline I had set up as 
> a test work fine, so I did get by that. But still curious where these 
> should be viewed in the greater context, what they should be considered to 
> replace (if anything) for someone with no legacy to migrate?
>
>
> On Monday, August 1, 2016 at 3:55:19 PM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Linwood,
>>
>> you can lookup and change the order of the traditional filters (such as 
>> extractors) and the new message processor pipeline in the web interface on 
>> the System -> Configurations -> Message Processors Configuration page.
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 1 August 2016 21:49:08 UTC+2, Linwood Ferguson wrote:
>>>
>>> If a pipeline is connected to the default stream, does that mean it runs 
>>> before the extractors? 
>>>
>>> Have been experimenting, and I do not seem to see (and the simulator 
>>> does not show) fields created in an extractor associated with input source 
>>> when it arrives in the pipeline.
>>>
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ed503585-e0b7-404f-9a7c-6cf88e7ea017%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Nathan Mace]

Oh good grief!  Clearly been staring at this problem to long, I completely 
missed those hash signs.

OK, now ES is happily running on the proper IP addresses.  I can access it 
via curl from other hosts.  So that's a large improvement. However Graylog 
still only reports 1 node in the web interface.  I've attached the current 
versions of the config files (vs copy/paste).  Given my tunnel vision on 
the hash signs, this seems like it will be something obvious but I can't 
find it.

Thank you so much for the help!

Nathan

On Tuesday, August 2, 2016 at 9:30:58 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> leading hash signs (the # character) mean that the line is commented out.
>
> For example the following line is completely ignored:
>
> # discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]
>
>
> While this line is "active" and will be obeyed:
>
> cluster.name: graylog
>
>
> Maybe you've only copy & pasted your configuration files in a strange way 
> (which is why I would always recommend to send them as attachments), but 
> that's how it looks like.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 15:23:22 UTC+2, Nathan Mace wrote:
>>
>> Thanks Jochen.  I will make the changes.  However I am very confused by 
>> your comment about the second node having the cluster.name setting 
>> unset.  I'm showing that it is set to "graylog" just like the first node. 
>>  I'm not sure at all what you mean.
>>
>> Nathan
>>
>> On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>>>
>>> Hi Nathan,
>>>
>>> check the elasticsearch_network_host setting of your Graylog nodes. It 
>>> should be set to one (and only one!) public IP address of the Graylog node 
>>> which can be accessed by all other Elasticsearch nodes in the cluster.  
>>> elasticsearch_discovery_zen_ping_unicast_hosts should be a 
>>> comma-separated list of host/port pairs containing the addresses of the 
>>> Elasticsearch nodes, for example:
>>>
>>> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, 
>>> x.x.x.149
>>>
>>>
>>> See 
>>> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>>>  
>>> for details.
>>>
>>> Additionally, the cluster.name of your second Elasticsearch node is 
>>> unset, which makes it default to "elasticsearch". The logs of that 
>>> Elasticsearch node should show this pretty clearly.
>>>
>>> Also take a look at the network.host settings of both your 
>>> Elasticsearch nodes. This setting must be customized to your network setup, 
>>> otherwise they'll only bind to the local network interface (i. e. 
>>> 127.0.0.1 or ::1). See 
>>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
>>>  
>>> for details.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:

 Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
 Secondary Node (ES Only): IP Address: x.x.x.149

 Both on the same subnet.  Can ping each other.
 […]

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0bc74b4f-a3ca-434c-b22b-056d766d2174%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


node2 elasticsearch.yml
Description: Binary data


node1 elasticsearch.yml
Description: Binary data
# If you are running more than one instances of Graylog server you have to 
select one of these
# instances as master. The master will perform some periodical tasks that 
non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after 
restarts. It is a good idea
# to use an absolute file path here if you are starting Graylog server from 
init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at 
least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret =

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to 
initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If 
you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = 

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user. See 
http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC

# Set plugin d

[graylog2] Re: Get notice/next action from the Dashboard for message that we need (Warning, Error & Critical messages)

[Linwood Ferguson]

With the caveat I just started doing graylog, but I am exploring some of 
the same stuff

Are you asking how to query for the 54,492 messages without doing it 
manually?You get half way there with the widget on the bottom that 
replays the query (it then shows the messages that make up the whole pie) 
and then you can manually type in the  "level=3" for the one you want.

I really wish there were hot spots on the graphs to take you directly to 
those, i.e. click on the line you highlighted anywhere, and up pops 54,492 
messages with the full query for that line.


On Monday, July 25, 2016 at 10:52:47 AM UTC-4, Arief Hydayat wrote:
>
> Hi everyone,
>
>
> First of all I would like to say many thanks for your support. Especially 
> Jochen and Marius.
> I'm still exploring the Graylog. Just create a simple dashboard so that I 
> can see the visual data.
>
> Just wondering, from the Dashboard that I've create is to sort by Level. 
> So if I get the Error (Level 2) or Warning (Level 3) or maybe the Critical 
> (level 1) message I can see the incremental from the percentage of each.
> But somehow how could I can retrieve back all those messages?  Let say 
> from the dashboard I can see 7.47% is from Level 3 message, but from the 
> Count itself is 54.496 messages.
> Do I need to search by query all those messages 1 by 1?
>
>
>
> Really appreciate if you guys could explain to me how does it work or 
> maybe dashboard able to represent more than I know :-)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bd750260-0da4-4771-a1db-eb8487ea8295%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

check all of your logs (Graylog and Elasticsearch). Each will tell you 
which network interface they are listening to and how and where they want 
to connect.

Cheers,
Jochen

On Tuesday, 2 August 2016 15:32:31 UTC+2, Nathan Mace wrote:
>
> I made the changes, or at least the changes I understood.  I'm not sure 
> what you mean by the cluster.name setting being incorrect on the second 
> node.  I also am confused by the network.host setting on each ES node.  It 
> is customized to my network, each one is set to the servers respective IP 
> address.
>
> Now that I made the change and restarted services, in Graylog it still 
> shows only 1 node, the field for "Elasticsearch Cluster" just sits and 
> spins, and I have a number of unprocessed messages.
>
> Any ideas?
>
> Nathan
>
> On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> check the elasticsearch_network_host setting of your Graylog nodes. It 
>> should be set to one (and only one!) public IP address of the Graylog node 
>> which can be accessed by all other Elasticsearch nodes in the cluster.  
>> elasticsearch_discovery_zen_ping_unicast_hosts should be a 
>> comma-separated list of host/port pairs containing the addresses of the 
>> Elasticsearch nodes, for example:
>>
>> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, x.x.x.149
>>
>>
>> See 
>> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>>  
>> for details.
>>
>> Additionally, the cluster.name of your second Elasticsearch node is 
>> unset, which makes it default to "elasticsearch". The logs of that 
>> Elasticsearch node should show this pretty clearly.
>>
>> Also take a look at the network.host settings of both your Elasticsearch 
>> nodes. This setting must be customized to your network setup, otherwise 
>> they'll only bind to the local network interface (i. e. 127.0.0.1 or ::1). 
>> See 
>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
>>  
>> for details.
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:
>>>
>>> Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
>>> Secondary Node (ES Only): IP Address: x.x.x.149
>>>
>>> Both on the same subnet.  Can ping each other.
>>> […]
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7597af15-a41e-414c-a410-e28d40bbf99a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Nathan Mace]

I made the changes, or at least the changes I understood.  I'm not sure 
what you mean by the cluster.name setting being incorrect on the second 
node.  I also am confused by the network.host setting on each ES node.  It 
is customized to my network, each one is set to the servers respective IP 
address.

Now that I made the change and restarted services, in Graylog it still 
shows only 1 node, the field for "Elasticsearch Cluster" just sits and 
spins, and I have a number of unprocessed messages.

Any ideas?

Nathan

On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> check the elasticsearch_network_host setting of your Graylog nodes. It 
> should be set to one (and only one!) public IP address of the Graylog node 
> which can be accessed by all other Elasticsearch nodes in the cluster.  
> elasticsearch_discovery_zen_ping_unicast_hosts should be a 
> comma-separated list of host/port pairs containing the addresses of the 
> Elasticsearch nodes, for example:
>
> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, x.x.x.149
>
>
> See 
> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>  
> for details.
>
> Additionally, the cluster.name of your second Elasticsearch node is 
> unset, which makes it default to "elasticsearch". The logs of that 
> Elasticsearch node should show this pretty clearly.
>
> Also take a look at the network.host settings of both your Elasticsearch 
> nodes. This setting must be customized to your network setup, otherwise 
> they'll only bind to the local network interface (i. e. 127.0.0.1 or ::1). 
> See 
> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
>  
> for details.
>
> Cheers,
> Jochen
>
> On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:
>>
>> Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
>> Secondary Node (ES Only): IP Address: x.x.x.149
>>
>> Both on the same subnet.  Can ping each other.
>> […]
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bd0b86e3-1145-4a9b-87be-86a4ca1324d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

leading hash signs (the # character) mean that the line is commented out.

For example the following line is completely ignored:

# discovery.zen.ping.unicast.hosts: ["x.x.x.146", "x.x.x.149"]


While this line is "active" and will be obeyed:

cluster.name: graylog


Maybe you've only copy & pasted your configuration files in a strange way 
(which is why I would always recommend to send them as attachments), but 
that's how it looks like.

Cheers,
Jochen

On Tuesday, 2 August 2016 15:23:22 UTC+2, Nathan Mace wrote:
>
> Thanks Jochen.  I will make the changes.  However I am very confused by 
> your comment about the second node having the cluster.name setting unset. 
>  I'm showing that it is set to "graylog" just like the first node.  I'm not 
> sure at all what you mean.
>
> Nathan
>
> On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>>
>> Hi Nathan,
>>
>> check the elasticsearch_network_host setting of your Graylog nodes. It 
>> should be set to one (and only one!) public IP address of the Graylog node 
>> which can be accessed by all other Elasticsearch nodes in the cluster.  
>> elasticsearch_discovery_zen_ping_unicast_hosts should be a 
>> comma-separated list of host/port pairs containing the addresses of the 
>> Elasticsearch nodes, for example:
>>
>> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, x.x.x.149
>>
>>
>> See 
>> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>>  
>> for details.
>>
>> Additionally, the cluster.name of your second Elasticsearch node is 
>> unset, which makes it default to "elasticsearch". The logs of that 
>> Elasticsearch node should show this pretty clearly.
>>
>> Also take a look at the network.host settings of both your Elasticsearch 
>> nodes. This setting must be customized to your network setup, otherwise 
>> they'll only bind to the local network interface (i. e. 127.0.0.1 or ::1). 
>> See 
>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
>>  
>> for details.
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:
>>>
>>> Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
>>> Secondary Node (ES Only): IP Address: x.x.x.149
>>>
>>> Both on the same subnet.  Can ping each other.
>>> […]
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/807bf989-582a-4f68-aff2-b0b94accc82c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Nathan Mace]

Thanks Jochen.  I will make the changes.  However I am very confused by 
your comment about the second node having the cluster.name setting unset. 
 I'm showing that it is set to "graylog" just like the first node.  I'm not 
sure at all what you mean.

Nathan

On Tuesday, August 2, 2016 at 6:38:45 AM UTC-4, Jochen Schalanda wrote:
>
> Hi Nathan,
>
> check the elasticsearch_network_host setting of your Graylog nodes. It 
> should be set to one (and only one!) public IP address of the Graylog node 
> which can be accessed by all other Elasticsearch nodes in the cluster.  
> elasticsearch_discovery_zen_ping_unicast_hosts should be a 
> comma-separated list of host/port pairs containing the addresses of the 
> Elasticsearch nodes, for example:
>
> elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, x.x.x.149
>
>
> See 
> http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
>  
> for details.
>
> Additionally, the cluster.name of your second Elasticsearch node is 
> unset, which makes it default to "elasticsearch". The logs of that 
> Elasticsearch node should show this pretty clearly.
>
> Also take a look at the network.host settings of both your Elasticsearch 
> nodes. This setting must be customized to your network setup, otherwise 
> they'll only bind to the local network interface (i. e. 127.0.0.1 or ::1). 
> See 
> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
>  
> for details.
>
> Cheers,
> Jochen
>
> On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:
>>
>> Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
>> Secondary Node (ES Only): IP Address: x.x.x.149
>>
>> Both on the same subnet.  Can ping each other.
>> […]
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/93353a73-c651-4059-a210-363b60bfea0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog Issue to login after server.conf change

[Jochen Schalanda]

Hi Guillaume,

please post your complete Graylog configuration file or be more explicit 
about how the relevant settings (rest_* and web_*) are configured right now.

Also check the Developer Console of your web browser for error messages and 
post them here.

Cheers,
Jochen

On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote:
>
> Dear Graylog users, 
>
> I have done an rpm install of Graylog . At first I was not able to login 
> from any other machine than localhost .As a result , with your assistance , 
> I have changed following settings  server.conf 
>
> rest_listen_uri = http://127.0.0.1:12900/
> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)
>
> web_listen_uri = http://127.0.0.1:9000/
> web_listen_uri = http://10.1.0.215:9000/
>
>
> As a result  I can reach login screen from any workstation. But after 
> sending my credentials I have following error message : 
>
> Error - the server returned: 405 - cannot POST /system/sessions (405)
>
>
> All resources I have found are speaking about reverse proxy or ssl use but 
> I have none of it . 
>
> It has been a while I did not have such a hard time to install an 
> application on Linux. ;) .But I will not give up.
>
> Thanks for your help.
>
> Guillaume.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c5dac29a-ad67-4431-99a3-b93d168f230d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] New to graylog Issue to login after server.conf change

[Guillaume Migaszewski]

Dear Graylog users, 

I have done an rpm install of Graylog . At first I was not able to login 
from any other machine than localhost .As a result , with your assistance , 
I have changed following settings  server.conf 

rest_listen_uri = http://127.0.0.1:12900/
rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)

web_listen_uri = http://127.0.0.1:9000/
web_listen_uri = http://10.1.0.215:9000/


As a result  I can reach login screen from any workstation. But after 
sending my credentials I have following error message : 

Error - the server returned: 405 - cannot POST /system/sessions (405)


All resources I have found are speaking about reverse proxy or ssl use but 
I have none of it . 

It has been a while I did not have such a hard time to install an 
application on Linux. ;) .But I will not give up.

Thanks for your help.

Guillaume.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6fc975d9-a04d-4da6-8bcc-f7985d3ed99d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Indeed. I have tried this but did not have the idea to change both settings 
at the same time. 

So now I can have the login screen . I have another issue now ... will 
start a new thread If I cannot solve it by myslef. 

Jochen , A big thank you for your help. 

Cheers

Guillaume.



On Tuesday, August 2, 2016 at 1:44:34 PM UTC+2, Jochen Schalanda wrote:
>
> Hi 
>
> please read 
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#configuration-options
>  
> (and this time really do it).
>
> 127.0.0.1 is the so called loopback address that is only available on the 
> very machine itself. If you want to access Graylog from outside the 
> machine, you need to use the public IP address (or host name) of the system 
> in both of those settings, for example:
>
> web_listen_uri = http://10.1.0.215:9000
> rest_listen_uri = http://10.1.0.215:12900
>
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 13:16:14 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Jochen, 
>>
>> I have followed the step by setup install guide .
>> so my settings are default
>> rest_listen_uri = http://127.0.0.1:12900/
>>
>> I did one change here but no success 
>>
>> web_listen_uri = http://127.0.0.1:9000/
>>
>> Regards
>>
>> Guillaume.
>>
>> On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> did you configure the relevant settings (rest_listen_uri, web_listen_uri) 
>>> correctly?
>>>
>>> Please also check the logs of your Graylog server to find out on which 
>>> interfaces the Graylog web interface and the Graylog REST API are available.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote:

 Using Fiddler to troubleshoot connectivity from web browser . I have 
 following error message . Maybe it will speak to some experts .  I have 
 the 
 impression the server is refusing to create a connection , sending a reset 
 instead of an ack .


 [Fiddler] The connection to '10.1.0.215' failed. 
 Error: ConnectionRefused (0x274d). 
 System.Net.Sockets.SocketException No connection could be made because 
 the target machine actively refused it 10.1.0.215:9000



 On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
 wrote:
>
> Thanks a lot for this outstanding help . 
>
> I ll check those links .  I am impressed by your knowledge regarding 
> REST API and graylog.
>
> I ll let you know. 
>
> Thanks for your time.
>
> Guillaume.
>
> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda 
> wrote:
>>
>> Hi Guillaume,
>>
>> usually it's working out-of-the-box. Check the Developer (JavaScript) 
>> Console of your web browsers for error messages:
>>
>>- 
>>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>>
>> Typically the problem is either the mixed content policy of your web 
>> browser (e. g. using HTTPS only for the web interface but not for the 
>> Graylog REST API) or having the Graylog REST API not publicly accessible 
>> for your web browser.
>>
>> Cheers,
>> Jochen
>>
>>
>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>>
>>> Is it working out of the box or do I have to do something on web 
>>> browser side ? 
>>>
>>> Until now I was looking on server side , configuration file. But I 
>>> see no parameters for restriction ... .
>>>
>>> I am lost .
>>>
>>> Thanks for your assistance. 
>>>
>>> Guillaume.
>>>
>>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda 
>>> wrote:

 Hi Guillaume,

 the web interface of Graylog 2.x is accessing the Graylog REST API 
 directly. You browser must be able to communicate with the Graylog 
 REST API.

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski 
 wrote:
>
> Hello Jochen, 
>
> Thanks for your reply and for taking some time to read my post. 
>
> Classic install , rpm based. Yes I have seen this page... but it 
> is not entirely clear for me. I have no firewall in place for testing.
>
> Do I need to setup a proxy to access my graylog server web 
> interface from another computer than my server ?.
>
> from the Doc  
>
> Both the web interface port (http://127.0.0.1:9000/ by default, 
> see web_listen_uri) and the REST API port (http://127.0.0.1:12900 
> by default, see rest_listen_uri and rest_transport_uri) must b

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Jochen Schalanda]

Hi 

please read 
http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#configuration-options
 
(and this time really do it).

127.0.0.1 is the so called loopback address that is only available on the 
very machine itself. If you want to access Graylog from outside the 
machine, you need to use the public IP address (or host name) of the system 
in both of those settings, for example:

web_listen_uri = http://10.1.0.215:9000
rest_listen_uri = http://10.1.0.215:12900


Cheers,
Jochen

On Tuesday, 2 August 2016 13:16:14 UTC+2, Guillaume Migaszewski wrote:
>
> Dear Jochen, 
>
> I have followed the step by setup install guide .
> so my settings are default
> rest_listen_uri = http://127.0.0.1:12900/
>
> I did one change here but no success 
>
> web_listen_uri = http://127.0.0.1:9000/
>
> Regards
>
> Guillaume.
>
> On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Guillaume,
>>
>> did you configure the relevant settings (rest_listen_uri, web_listen_uri) 
>> correctly?
>>
>> Please also check the logs of your Graylog server to find out on which 
>> interfaces the Graylog web interface and the Graylog REST API are available.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Using Fiddler to troubleshoot connectivity from web browser . I have 
>>> following error message . Maybe it will speak to some experts .  I have the 
>>> impression the server is refusing to create a connection , sending a reset 
>>> instead of an ack .
>>>
>>>
>>> [Fiddler] The connection to '10.1.0.215' failed. 
>>> Error: ConnectionRefused (0x274d). 
>>> System.Net.Sockets.SocketException No connection could be made because 
>>> the target machine actively refused it 10.1.0.215:9000
>>>
>>>
>>>
>>> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
>>> wrote:

 Thanks a lot for this outstanding help . 

 I ll check those links .  I am impressed by your knowledge regarding 
 REST API and graylog.

 I ll let you know. 

 Thanks for your time.

 Guillaume.

 On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> usually it's working out-of-the-box. Check the Developer (JavaScript) 
> Console of your web browsers for error messages:
>
>- 
>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>
> Typically the problem is either the mixed content policy of your web 
> browser (e. g. using HTTPS only for the web interface but not for the 
> Graylog REST API) or having the Graylog REST API not publicly accessible 
> for your web browser.
>
> Cheers,
> Jochen
>
>
> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>
>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>
>> Is it working out of the box or do I have to do something on web 
>> browser side ? 
>>
>> Until now I was looking on server side , configuration file. But I 
>> see no parameters for restriction ... .
>>
>> I am lost .
>>
>> Thanks for your assistance. 
>>
>> Guillaume.
>>
>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda 
>> wrote:
>>>
>>> Hi Guillaume,
>>>
>>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>>> directly. You browser must be able to communicate with the Graylog REST 
>>> API.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski 
>>> wrote:

 Hello Jochen, 

 Thanks for your reply and for taking some time to read my post. 

 Classic install , rpm based. Yes I have seen this page... but it is 
 not entirely clear for me. I have no firewall in place for testing.

 Do I need to setup a proxy to access my graylog server web 
 interface from another computer than my server ?.

 from the Doc  

 Both the web interface port (http://127.0.0.1:9000/ by default, 
 see web_listen_uri) and the REST API port (http://127.0.0.1:12900 
 by default, see rest_listen_uri and rest_transport_uri) must be 
 accessible 
 by everyone using the web interface. This means that both components 
 must 
 listen on a public network interface or be exposed to one using a 
 proxy or 
 NAT!


 I am not use to this REST API ... so I am confused. ... ah the good 
 old LAMP setup ... ;) .

 Regards

 Guillaume



 On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda 
 wrote:
>

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Dear Jochen, 

I have followed the step by setup install guide .
so my settings are default
rest_listen_uri = http://127.0.0.1:12900/

I did one change here but no success 

web_listen_uri = http://127.0.0.1:9000/

Regards

Guillaume.

On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> did you configure the relevant settings (rest_listen_uri, web_listen_uri) 
> correctly?
>
> Please also check the logs of your Graylog server to find out on which 
> interfaces the Graylog web interface and the Graylog REST API are available.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote:
>>
>> Using Fiddler to troubleshoot connectivity from web browser . I have 
>> following error message . Maybe it will speak to some experts .  I have the 
>> impression the server is refusing to create a connection , sending a reset 
>> instead of an ack .
>>
>>
>> [Fiddler] The connection to '10.1.0.215' failed. 
>> Error: ConnectionRefused (0x274d). 
>> System.Net.Sockets.SocketException No connection could be made because 
>> the target machine actively refused it 10.1.0.215:9000
>>
>>
>>
>> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
>> wrote:
>>>
>>> Thanks a lot for this outstanding help . 
>>>
>>> I ll check those links .  I am impressed by your knowledge regarding 
>>> REST API and graylog.
>>>
>>> I ll let you know. 
>>>
>>> Thanks for your time.
>>>
>>> Guillaume.
>>>
>>> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:

 Hi Guillaume,

 usually it's working out-of-the-box. Check the Developer (JavaScript) 
 Console of your web browsers for error messages:

- 
https://developers.google.com/web/tools/chrome-devtools/debug/console/
- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx

 Typically the problem is either the mixed content policy of your web 
 browser (e. g. using HTTPS only for the web interface but not for the 
 Graylog REST API) or having the Graylog REST API not publicly accessible 
 for your web browser.

 Cheers,
 Jochen


 On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>
> Well I have a connection refused message from IE 10 and Chrome 52 . 
>
> Is it working out of the box or do I have to do something on web 
> browser side ? 
>
> Until now I was looking on server side , configuration file. But I see 
> no parameters for restriction ... .
>
> I am lost .
>
> Thanks for your assistance. 
>
> Guillaume.
>
> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda 
> wrote:
>>
>> Hi Guillaume,
>>
>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>> directly. You browser must be able to communicate with the Graylog REST 
>> API.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Hello Jochen, 
>>>
>>> Thanks for your reply and for taking some time to read my post. 
>>>
>>> Classic install , rpm based. Yes I have seen this page... but it is 
>>> not entirely clear for me. I have no firewall in place for testing.
>>>
>>> Do I need to setup a proxy to access my graylog server web interface 
>>> from another computer than my server ?.
>>>
>>> from the Doc  
>>>
>>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>>> default, see rest_listen_uri and rest_transport_uri) must be accessible 
>>> by 
>>> everyone using the web interface. This means that both components must 
>>> listen on a public network interface or be exposed to one using a proxy 
>>> or 
>>> NAT!
>>>
>>>
>>> I am not use to this REST API ... so I am confused. ... ah the good 
>>> old LAMP setup ... ;) .
>>>
>>> Regards
>>>
>>> Guillaume
>>>
>>>
>>>
>>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda 
>>> wrote:

 Hi Guillaume,

 how exactly did you install Graylog (OVA, OS packages, or manual 
 install/environment specifics)? Did you read 
 http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html
 ?

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski 
 wrote:
>
> Dear Graylog group,
>
> I am new to graylog. I have successfully installed latest version 
> of graylog 2.0.3 according to official documentation. Graylog is 
> working 
> but  I can only login via local host http://127.0.0.1:9000 
> ... not ideal when your servers are se

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Jochen Schalanda]

Hi Guillaume,

did you configure the relevant settings (rest_listen_uri, web_listen_uri) 
correctly?

Please also check the logs of your Graylog server to find out on which 
interfaces the Graylog web interface and the Graylog REST API are available.

Cheers,
Jochen

On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote:
>
> Using Fiddler to troubleshoot connectivity from web browser . I have 
> following error message . Maybe it will speak to some experts .  I have the 
> impression the server is refusing to create a connection , sending a reset 
> instead of an ack .
>
>
> [Fiddler] The connection to '10.1.0.215' failed. 
> Error: ConnectionRefused (0x274d). 
> System.Net.Sockets.SocketException No connection could be made because the 
> target machine actively refused it 10.1.0.215:9000
>
>
>
> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
> wrote:
>>
>> Thanks a lot for this outstanding help . 
>>
>> I ll check those links .  I am impressed by your knowledge regarding REST 
>> API and graylog.
>>
>> I ll let you know. 
>>
>> Thanks for your time.
>>
>> Guillaume.
>>
>> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> usually it's working out-of-the-box. Check the Developer (JavaScript) 
>>> Console of your web browsers for error messages:
>>>
>>>- 
>>>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>>>
>>> Typically the problem is either the mixed content policy of your web 
>>> browser (e. g. using HTTPS only for the web interface but not for the 
>>> Graylog REST API) or having the Graylog REST API not publicly accessible 
>>> for your web browser.
>>>
>>> Cheers,
>>> Jochen
>>>
>>>
>>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:

 Well I have a connection refused message from IE 10 and Chrome 52 . 

 Is it working out of the box or do I have to do something on web 
 browser side ? 

 Until now I was looking on server side , configuration file. But I see 
 no parameters for restriction ... .

 I am lost .

 Thanks for your assistance. 

 Guillaume.

 On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> the web interface of Graylog 2.x is accessing the Graylog REST API 
> directly. You browser must be able to communicate with the Graylog REST 
> API.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>
>> Hello Jochen, 
>>
>> Thanks for your reply and for taking some time to read my post. 
>>
>> Classic install , rpm based. Yes I have seen this page... but it is 
>> not entirely clear for me. I have no firewall in place for testing.
>>
>> Do I need to setup a proxy to access my graylog server web interface 
>> from another computer than my server ?.
>>
>> from the Doc  
>>
>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>> default, see rest_listen_uri and rest_transport_uri) must be accessible 
>> by 
>> everyone using the web interface. This means that both components must 
>> listen on a public network interface or be exposed to one using a proxy 
>> or 
>> NAT!
>>
>>
>> I am not use to this REST API ... so I am confused. ... ah the good 
>> old LAMP setup ... ;) .
>>
>> Regards
>>
>> Guillaume
>>
>>
>>
>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda 
>> wrote:
>>>
>>> Hi Guillaume,
>>>
>>> how exactly did you install Graylog (OVA, OS packages, or manual 
>>> install/environment specifics)? Did you read 
>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html
>>> ?
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski 
>>> wrote:

 Dear Graylog group,

 I am new to graylog. I have successfully installed latest version 
 of graylog 2.0.3 according to official documentation. Graylog is 
 working 
 but  I can only login via local host http://127.0.0.1:9000 ... 
 not ideal when your servers are setup to init3 ... . 

 As a result I would like to know if this is the normal behavior . I 
 was thinking about using Apache with mod proxy ... a bit overkill but 
 ... .

 Thanks for you help.

 Guillaume.

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
t

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Using Fiddler to troubleshoot connectivity from web browser . I have 
following error message . Maybe it will speak to some experts .  I have the 
impression the server is refusing to create a connection , sending a reset 
instead of an ack .


[Fiddler] The connection to '10.1.0.215' failed. 
Error: ConnectionRefused (0x274d). 
System.Net.Sockets.SocketException No connection could be made because the 
target machine actively refused it 10.1.0.215:9000



On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
wrote:
>
> Thanks a lot for this outstanding help . 
>
> I ll check those links .  I am impressed by your knowledge regarding REST 
> API and graylog.
>
> I ll let you know. 
>
> Thanks for your time.
>
> Guillaume.
>
> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Guillaume,
>>
>> usually it's working out-of-the-box. Check the Developer (JavaScript) 
>> Console of your web browsers for error messages:
>>
>>- 
>>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>>
>> Typically the problem is either the mixed content policy of your web 
>> browser (e. g. using HTTPS only for the web interface but not for the 
>> Graylog REST API) or having the Graylog REST API not publicly accessible 
>> for your web browser.
>>
>> Cheers,
>> Jochen
>>
>>
>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>>
>>> Is it working out of the box or do I have to do something on web browser 
>>> side ? 
>>>
>>> Until now I was looking on server side , configuration file. But I see 
>>> no parameters for restriction ... .
>>>
>>> I am lost .
>>>
>>> Thanks for your assistance. 
>>>
>>> Guillaume.
>>>
>>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:

 Hi Guillaume,

 the web interface of Graylog 2.x is accessing the Graylog REST API 
 directly. You browser must be able to communicate with the Graylog REST 
 API.

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>
> Hello Jochen, 
>
> Thanks for your reply and for taking some time to read my post. 
>
> Classic install , rpm based. Yes I have seen this page... but it is 
> not entirely clear for me. I have no firewall in place for testing.
>
> Do I need to setup a proxy to access my graylog server web interface 
> from another computer than my server ?.
>
> from the Doc  
>
> Both the web interface port (http://127.0.0.1:9000/ by default, see 
> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
> default, see rest_listen_uri and rest_transport_uri) must be accessible 
> by 
> everyone using the web interface. This means that both components must 
> listen on a public network interface or be exposed to one using a proxy 
> or 
> NAT!
>
>
> I am not use to this REST API ... so I am confused. ... ah the good 
> old LAMP setup ... ;) .
>
> Regards
>
> Guillaume
>
>
>
> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda 
> wrote:
>>
>> Hi Guillaume,
>>
>> how exactly did you install Graylog (OVA, OS packages, or manual 
>> install/environment specifics)? Did you read 
>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html
>> ?
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Dear Graylog group,
>>>
>>> I am new to graylog. I have successfully installed latest version of 
>>> graylog 2.0.3 according to official documentation. Graylog is working 
>>> but 
>>>  I can only login via local host http://127.0.0.1:9000 ... not 
>>> ideal when your servers are setup to init3 ... . 
>>>
>>> As a result I would like to know if this is the normal behavior . I 
>>> was thinking about using Apache with mod proxy ... a bit overkill but 
>>> ... .
>>>
>>> Thanks for you help.
>>>
>>> Guillaume.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2b3187ab-8d1a-4a16-94a1-d8d8549c4443%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Thanks a lot for this outstanding help . 

I ll check those links .  I am impressed by your knowledge regarding REST 
API and graylog.

I ll let you know. 

Thanks for your time.

Guillaume.

On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> usually it's working out-of-the-box. Check the Developer (JavaScript) 
> Console of your web browsers for error messages:
>
>- 
>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>
> Typically the problem is either the mixed content policy of your web 
> browser (e. g. using HTTPS only for the web interface but not for the 
> Graylog REST API) or having the Graylog REST API not publicly accessible 
> for your web browser.
>
> Cheers,
> Jochen
>
>
> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>
>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>
>> Is it working out of the box or do I have to do something on web browser 
>> side ? 
>>
>> Until now I was looking on server side , configuration file. But I see no 
>> parameters for restriction ... .
>>
>> I am lost .
>>
>> Thanks for your assistance. 
>>
>> Guillaume.
>>
>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>>> directly. You browser must be able to communicate with the Graylog REST API.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:

 Hello Jochen, 

 Thanks for your reply and for taking some time to read my post. 

 Classic install , rpm based. Yes I have seen this page... but it is not 
 entirely clear for me. I have no firewall in place for testing.

 Do I need to setup a proxy to access my graylog server web interface 
 from another computer than my server ?.

 from the Doc  

 Both the web interface port (http://127.0.0.1:9000/ by default, see 
 web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
 default, see rest_listen_uri and rest_transport_uri) must be accessible by 
 everyone using the web interface. This means that both components must 
 listen on a public network interface or be exposed to one using a proxy or 
 NAT!


 I am not use to this REST API ... so I am confused. ... ah the good old 
 LAMP setup ... ;) .

 Regards

 Guillaume



 On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> how exactly did you install Graylog (OVA, OS packages, or manual 
> install/environment specifics)? Did you read 
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Graylog group,
>>
>> I am new to graylog. I have successfully installed latest version of 
>> graylog 2.0.3 according to official documentation. Graylog is working 
>> but 
>>  I can only login via local host http://127.0.0.1:9000 ... not 
>> ideal when your servers are setup to init3 ... . 
>>
>> As a result I would like to know if this is the normal behavior . I 
>> was thinking about using Apache with mod proxy ... a bit overkill but 
>> ... .
>>
>> Thanks for you help.
>>
>> Guillaume.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3301b380-5fcb-4f2d-aabb-4a2dec6bd39a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Jochen Schalanda]

Hi Guillaume,

usually it's working out-of-the-box. Check the Developer (JavaScript) 
Console of your web browsers for error messages:

   - https://developers.google.com/web/tools/chrome-devtools/debug/console/
   - https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
   
Typically the problem is either the mixed content policy of your web 
browser (e. g. using HTTPS only for the web interface but not for the 
Graylog REST API) or having the Graylog REST API not publicly accessible 
for your web browser.

Cheers,
Jochen


On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>
> Well I have a connection refused message from IE 10 and Chrome 52 . 
>
> Is it working out of the box or do I have to do something on web browser 
> side ? 
>
> Until now I was looking on server side , configuration file. But I see no 
> parameters for restriction ... .
>
> I am lost .
>
> Thanks for your assistance. 
>
> Guillaume.
>
> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Guillaume,
>>
>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>> directly. You browser must be able to communicate with the Graylog REST API.
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Hello Jochen, 
>>>
>>> Thanks for your reply and for taking some time to read my post. 
>>>
>>> Classic install , rpm based. Yes I have seen this page... but it is not 
>>> entirely clear for me. I have no firewall in place for testing.
>>>
>>> Do I need to setup a proxy to access my graylog server web interface 
>>> from another computer than my server ?.
>>>
>>> from the Doc  
>>>
>>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>>> default, see rest_listen_uri and rest_transport_uri) must be accessible by 
>>> everyone using the web interface. This means that both components must 
>>> listen on a public network interface or be exposed to one using a proxy or 
>>> NAT!
>>>
>>>
>>> I am not use to this REST API ... so I am confused. ... ah the good old 
>>> LAMP setup ... ;) .
>>>
>>> Regards
>>>
>>> Guillaume
>>>
>>>
>>>
>>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:

 Hi Guillaume,

 how exactly did you install Graylog (OVA, OS packages, or manual 
 install/environment specifics)? Did you read 
 http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?

 Cheers,
 Jochen

 On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>
> Dear Graylog group,
>
> I am new to graylog. I have successfully installed latest version of 
> graylog 2.0.3 according to official documentation. Graylog is working but 
>  I can only login via local host http://127.0.0.1:9000 ... not 
> ideal when your servers are setup to init3 ... . 
>
> As a result I would like to know if this is the normal behavior . I 
> was thinking about using Apache with mod proxy ... a bit overkill but ... 
> .
>
> Thanks for you help.
>
> Guillaume.
>


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c62cabc5-f30b-4429-8cf5-04f6e06b3e52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Add Elastic Search Nodes?

[Jochen Schalanda]

Hi Nathan,

check the elasticsearch_network_host setting of your Graylog nodes. It 
should be set to one (and only one!) public IP address of the Graylog node 
which can be accessed by all other Elasticsearch nodes in the cluster.  
elasticsearch_discovery_zen_ping_unicast_hosts should be a comma-separated 
list of host/port pairs containing the addresses of the Elasticsearch 
nodes, for example:

elasticsearch_discovery_zen_ping_unicast_hosts = x.x.x.146:9300, x.x.x.149


See 
http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#network-setup
 
for details.

Additionally, the cluster.name of your second Elasticsearch node is unset, 
which makes it default to "elasticsearch". The logs of that Elasticsearch 
node should show this pretty clearly.

Also take a look at the network.host settings of both your Elasticsearch 
nodes. This setting must be customized to your network setup, otherwise 
they'll only bind to the local network interface (i. e. 127.0.0.1 or ::1). 
See 
https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#common-network-settings
 
for details.

Cheers,
Jochen

On Monday, 1 August 2016 22:15:32 UTC+2, Nathan Mace wrote:
>
> Primary node (MonoDB, Graylog, and ES): IP Address: x.x.x.146
> Secondary Node (ES Only): IP Address: x.x.x.149
>
> Both on the same subnet.  Can ping each other.
> […]
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/58e0bf94-73b5-49e5-a075-211d72641705%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Well I have a connection refused message from IE 10 and Chrome 52 . 

Is it working out of the box or do I have to do something on web browser 
side ? 

Until now I was looking on server side , configuration file. But I see no 
parameters for restriction ... .

I am lost .

Thanks for your assistance. 

Guillaume.

On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> the web interface of Graylog 2.x is accessing the Graylog REST API 
> directly. You browser must be able to communicate with the Graylog REST API.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>
>> Hello Jochen, 
>>
>> Thanks for your reply and for taking some time to read my post. 
>>
>> Classic install , rpm based. Yes I have seen this page... but it is not 
>> entirely clear for me. I have no firewall in place for testing.
>>
>> Do I need to setup a proxy to access my graylog server web interface from 
>> another computer than my server ?.
>>
>> from the Doc  
>>
>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>> default, see rest_listen_uri and rest_transport_uri) must be accessible by 
>> everyone using the web interface. This means that both components must 
>> listen on a public network interface or be exposed to one using a proxy or 
>> NAT!
>>
>>
>> I am not use to this REST API ... so I am confused. ... ah the good old 
>> LAMP setup ... ;) .
>>
>> Regards
>>
>> Guillaume
>>
>>
>>
>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> how exactly did you install Graylog (OVA, OS packages, or manual 
>>> install/environment specifics)? Did you read 
>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:

 Dear Graylog group,

 I am new to graylog. I have successfully installed latest version of 
 graylog 2.0.3 according to official documentation. Graylog is working but 
  I can only login via local host http://127.0.0.1:9000 ... not 
 ideal when your servers are setup to init3 ... . 

 As a result I would like to know if this is the normal behavior . I was 
 thinking about using Apache with mod proxy ... a bit overkill but ... .

 Thanks for you help.

 Guillaume.

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dfc464e0-2c58-4947-ae83-7935d07a667a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Jochen Schalanda]

Hi Guillaume,

the web interface of Graylog 2.x is accessing the Graylog REST API 
directly. You browser must be able to communicate with the Graylog REST API.

Cheers,
Jochen

On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>
> Hello Jochen, 
>
> Thanks for your reply and for taking some time to read my post. 
>
> Classic install , rpm based. Yes I have seen this page... but it is not 
> entirely clear for me. I have no firewall in place for testing.
>
> Do I need to setup a proxy to access my graylog server web interface from 
> another computer than my server ?.
>
> from the Doc  
>
> Both the web interface port (http://127.0.0.1:9000/ by default, see 
> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by default, 
> see rest_listen_uri and rest_transport_uri) must be accessible by everyone 
> using the web interface. This means that both components must listen on a 
> public network interface or be exposed to one using a proxy or NAT!
>
>
> I am not use to this REST API ... so I am confused. ... ah the good old 
> LAMP setup ... ;) .
>
> Regards
>
> Guillaume
>
>
>
> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Guillaume,
>>
>> how exactly did you install Graylog (OVA, OS packages, or manual 
>> install/environment specifics)? Did you read 
>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>>
>> Cheers,
>> Jochen
>>
>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Dear Graylog group,
>>>
>>> I am new to graylog. I have successfully installed latest version of 
>>> graylog 2.0.3 according to official documentation. Graylog is working but 
>>>  I can only login via local host http://127.0.0.1:9000 ... not 
>>> ideal when your servers are setup to init3 ... . 
>>>
>>> As a result I would like to know if this is the normal behavior . I was 
>>> thinking about using Apache with mod proxy ... a bit overkill but ... .
>>>
>>> Thanks for you help.
>>>
>>> Guillaume.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/df8bfb92-7e87-4c9d-a671-e289b5aa2a9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Hello Jochen, 

Thanks for your reply and for taking some time to read my post. 

Classic install , rpm based. Yes I have seen this page... but it is not 
entirely clear for me. I have no firewall in place for testing.

Do I need to setup a proxy to access my graylog server web interface from 
another computer than my server ?.

from the Doc  

Both the web interface port (http://127.0.0.1:9000/ by default, see 
web_listen_uri) and the REST API port (http://127.0.0.1:12900 by default, 
see rest_listen_uri and rest_transport_uri) must be accessible by everyone 
using the web interface. This means that both components must listen on a 
public network interface or be exposed to one using a proxy or NAT!


I am not use to this REST API ... so I am confused. ... ah the good old 
LAMP setup ... ;) .

Regards

Guillaume



On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> how exactly did you install Graylog (OVA, OS packages, or manual 
> install/environment specifics)? Did you read 
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Graylog group,
>>
>> I am new to graylog. I have successfully installed latest version of 
>> graylog 2.0.3 according to official documentation. Graylog is working but 
>>  I can only login via local host http://127.0.0.1:9000 ... not ideal 
>> when your servers are setup to init3 ... . 
>>
>> As a result I would like to know if this is the normal behavior . I was 
>> thinking about using Apache with mod proxy ... a bit overkill but ... .
>>
>> Thanks for you help.
>>
>> Guillaume.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/80ba063a-3bcd-44ba-bd88-228706977687%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

[Jochen Schalanda]

Hi Guillaume,

how exactly did you install Graylog (OVA, OS packages, or manual 
install/environment specifics)? Did you read 
http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?

Cheers,
Jochen

On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>
> Dear Graylog group,
>
> I am new to graylog. I have successfully installed latest version of 
> graylog 2.0.3 according to official documentation. Graylog is working but 
>  I can only login via local host http://127.0.0.1:9000 ... not ideal 
> when your servers are setup to init3 ... . 
>
> As a result I would like to know if this is the normal behavior . I was 
> thinking about using Apache with mod proxy ... a bit overkill but ... .
>
> Thanks for you help.
>
> Guillaume.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1ee5221b-aafd-4bd1-88bf-76fe3bb9022a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] New to graylog fresh install can only login to graylog via localhost

[Guillaume Migaszewski]

Dear Graylog group,

I am new to graylog. I have successfully installed latest version of 
graylog 2.0.3 according to official documentation. Graylog is working but 
 I can only login via local host http://127.0.0.1:9000 ... not ideal 
when your servers are setup to init3 ... . 

As a result I would like to know if this is the normal behavior . I was 
thinking about using Apache with mod proxy ... a bit overkill but ... .

Thanks for you help.

Guillaume.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/accaf9e0-07c9-4890-923e-2cf3cd7cd0be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

[Jochen Schalanda]

Hi Arief,

On Tuesday, 2 August 2016 10:16:01 UTC+2, Arief Hydayat wrote:
>
> Later if I increase the memory, again Linux and the JVM will use as much 
> available memory as possible. and that's normal, right? :-)
>

Yes, that's correct.

 

> Just with next question anyway, those 3 components need to deploy on the 
> separate machine I mean need to apply HA?
>

You can deploy Graylog, Elasticsearch, and MongoDB on one machine (like it 
is now) or on multiple dedicated machines. See 
http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#multi-vm-setup
 
and http://docs.graylog.org/en/2.0/pages/configuration/multinode_setup.html 
for details.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/9ce5ae48-cc3f-4b7a-a517-92dde57c3ba4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

[Arief Hydayat]

Hi Jochen,

Thank you. Yes I understand after you explain about the linux and jvm. 
Later if I increase the memory, again Linux and the JVM will use as much 
available memory as possible. and that's normal, right? :-)

Just with next question anyway, those 3 components need to deploy on the 
separate machine I mean need to apply HA?

On Monday, August 1, 2016 at 12:02:58 PM UTC+8, Arief Hydayat wrote:
>
> Hi Jochen,
>
> Thanks for your reply. Yes, I'm still using and running the OVA appliance 
> for testing. *I see.. so by right the those 3 components need to deploy 
> on the separate machine or how?*
>
> Thank you for the link, very good read. Then may I reduce it back to 8GB 
> and about the JVM heap setting is here 
> http://docs.graylog.org/en/2.0/pages/faq.html right?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ed164e34-700b-4c40-ad57-a611e6f96f1a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Highly utilize RAM. Any option to reduce it?

[Jochen Schalanda]

Hi Arief,

what exactly is the problem? We've already established in the previous 
mails that Linux and the JVM will use as much available memory as possible.

Cheers,
Jochen

On Tuesday, 2 August 2016 05:10:48 UTC+2, Arief Hydayat wrote:
>
> Hi Jochen,
>
> Sorry for that, my bad. I'm asking about problems with the memory 
> consumption in the virtual machine. The Graylog VM (that I deploy using 
> OVA).
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5df49721-9770-4f1d-8e2b-3142755ac05d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.