Re: [graylog2] Re: alerting plugins seem to lack all context?

[Jason Haar]

On Wed, Sep 7, 2016 at 4:30 AM, Jochen Schalanda  wrote:

> You could also try to use netcat or Wireshark to record the request the
> HTTP Alarm Callback is sending.
>

Great idea. Now I see the problem. That POST is of a JSON blob - it's not a
normal "web form". That's why I can't find any POST variables  - there
aren't any.

So now I'm using the following to get me an array of field->values - works
fine :-)

$json = file_get_contents('php://input');
$obj = json_decode($json);



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAFChrgJpZvvPHr6MYYbGy7THgMb3m38QFx1GCfd0Mp%3DJAM9%3DkA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Sidecar permission denied error

[Werner van der Merwe]

NXlog's User and Group is set to root as well

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/72b68b26-2716-4dd2-8801-29bdf0220413%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Sidecar permission denied error

[Werner van der Merwe]

Hi,

We've rolled sidecar out on most of our CentOS farm with huge success.

We're facing some uphill with a legacy app using Postgres 9.1 running on 
Ubuntu 12.05.
==> /var/log/graylog/collector-sidecar/nxlog_stderr.log <==
2016-09-07 15:44:12 ERROR failed to open /var/log/postgresql/postgresql-9.1-
main.log;Permission denied

Yet NXLog is running as root
ls -l /run/graylog/collector-sidecar/nxlog.pid
-rw-r--r-- 1 root root 6 Sep  7 15:27 /run/graylog/collector-sidecar/nxlog.
pid


The actual log is owned by postgres
ls -l /var/log/postgresql/postgresql-9.1-main.log
-rw-r- 1 postgres adm 36540150 Sep  7 16:04 /var/log/postgresql/
postgresql-9.1-main.log


Running sidecar 0.0.9 and NXLog 2.9.1716







-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e9b51930-2710-40ae-a226-f882562fe3ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog email alert frequency

[Ajay Kumar]

Thank you for the response.
Just out of curiosity, is it a limitation by design or intentionally feature is 
kept like that? Realtime alert for critical events might be important in many 
use cases.

Would it be possible to get this implemented with professional services?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6c2bceb3-9363-401f-b804-428184cfb786%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Cisco syslog message source field includes date info and more

[Thomas]

Does anyone have any suggestions here?
Am I the only one using this extractor from the Market Place and that is 
having this issue?


On Friday, 2 September 2016 11:11:09 UTC+8, Thomas wrote:
>
> Community
>
> I have created a new extractor using the following
> https://marketplace.graylog.org/addons/90396261-812c-4fa8-ad8f-a17771c9f8e0
>
> I am receiving syslog messages from my Cisco equipment, however the 
> "source" field in GrayLog contains more than just the name of the source 
> field.
> It includes date information as well.
>
>
> I'll give you an example
>
> Syslog message from my Cisco 4507 switch
>
> 9/1/2016 3:07 AM : C4K_REDUNDANCY-5-CONFIGSYNC  215: 4507-HOSTNAME: .Sep 
>  1 03:07:14 EST-DST: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has 
> been successfully synchronized to the standby supervisor
>
> The source field in GrayLog is as follows
>
> 215: 4507-HOSTNAME: .Sep 1 03:07:14 EST-DST:
>
> Messages from my Cisco ASA5500 has the following source field
> Sep 01 2016 22:58:05 5500-FW1 :
>
>
> RegEx for the source field is as follows, which is unchanged from the 
> extractor
>
>
> "regex_value": ">(.+?)%"
>
> Any suggestion to how this can be resolved such that only the host name if 
> included in the source field?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/02734492-2ced-4c22-9f03-4b5e23a200ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Change "dynamic_templates" and "store_generic"

[SancheZZS]

I added  new templates mygraylog and mygraylog2. 
curl -X GET 'http://localhost:9200/_template?pretty' returns
http://pastebin.com/qnweRuqb

After that I cretated  new fields ipt2323 and ipt2301. It doesn't work for 
me 
  "ipt2301" : {
"type" : "string",
"index" : "not_analyzed"
  },
  "ipt2323" : {
"type" : "string",
"index" : "not_analyzed"
  },

curl -X GET 'http://localhost:9200/graylog2_0?pretty'
http://pastebin.com/dkaFZq3A
What am I missing ? 

вторник, 6 сентября 2016 г., 19:35:59 UTC+3 пользователь Jochen Schalanda 
написал:
>
> Hi,
>
> you can simply create your own index mapping and put it into a custom 
> index template to achieve this. The Graylog index template has the lowest 
> priority ("order") and any other index template can override its settings.
>
> See 
> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/mapping.html 
> and 
> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices-templates.html
>  
> for details.
>
> Cheers,
> Jochen
>
> On Tuesday, 6 September 2016 17:20:17 UTC+2, SancheZZS wrote:
>>
>> Hello!
>> After first run graylog2 I have defaut template in Elasticsearch
>> curl -X GET 'http://loclahost:9200/_template?pretty'
>> http://pastebin.com/e5LPiGzC
>>
>> How to change mapping in "dynamic_templates" and "store_generic" from
>> "index" : "not_analyzed" to
>>
>> "analyzer" : "standard",
>> "index" : "analyzed",
>> "type" : "string"
>> ?
>>
>> I want that any new field, created in web interface, must have "index" : 
>> "analyzed". By default they have 
>> "index" : "not_analyzed",
>> "type" : "string"
>>
>> Any advice is greatly appreciated.
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cf26694b-fdd0-4380-8f77-256deb5e141b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Install

[Chad]

If I can't load the cloud-aws plugin.  How can I point graylog at an 
existing cluster?

On Tuesday, September 6, 2016 at 2:38:51 PM UTC-5, Chad wrote:
>
> New install on AWS EC2 utilizing the cloud-aws plugin for the existing 
> elasticsearch cluster.
>
> All ES nodes are working correctly.  But when starting the graylog.
>
> Caused by: ElasticsearchException[Missing mandatory plugins [cloud-aws]]
> at org.elasticsearch.plugins.PluginsService.(PluginsService.java:165)
> at org.elasticsearch.node.Node.(Node.java:158)
> at org.elasticsearch.node.GraylogNode.(GraylogNode.java:37)
> at 
> org.graylog2.bindings.providers.EsNodeProvider.get(EsNodeProvider.java:57)
> at 
> org.graylog2.bindings.providers.EsNodeProvider.get(EsNodeProvider.java:40)
> at 
> com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:81)
>
>
> How do I install the cloud-aws plugin on the graylog ES client?
>
> Thanks,
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6d72d9f8-4a47-48cc-ac3b-caec29606201%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Install

[Chad]

New install on AWS EC2 utilizing the cloud-aws plugin for the existing 
elasticsearch cluster.

All ES nodes are working correctly.  But when starting the graylog.

Caused by: ElasticsearchException[Missing mandatory plugins [cloud-aws]]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:165)
at org.elasticsearch.node.Node.(Node.java:158)
at org.elasticsearch.node.GraylogNode.(GraylogNode.java:37)
at 
org.graylog2.bindings.providers.EsNodeProvider.get(EsNodeProvider.java:57)
at 
org.graylog2.bindings.providers.EsNodeProvider.get(EsNodeProvider.java:40)
at 
com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:81)


How do I install the cloud-aws plugin on the graylog ES client?

Thanks,



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ba510c3d-a03e-46d9-96c0-82a48206dcf1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog isn't processing messages

[8bits1beard]

Thats what I ended up doing.  I stopped Graylog and Elasticsearch before 
making my changes to the log path.  I wonder 1. Why the logs were so big 
and 2. Why I had to delete the journal.  Next time I won't wait so long, 
this time I lost 500k messages by the time I deleted the journal.

On Monday, September 5, 2016 at 4:55:10 AM UTC-6, Phil Sumner wrote:
>
> You may need to delete the journal too, just be aware that you'll lose any 
> messages in there.
>
> On Friday, 2 September 2016 18:04:28 UTC+1, 8bits...@gmail.com wrote:
>>
>> Here is my elasticsearch log starting from when I restarted the 
>> elasticsearch service.  http://pastebin.com/4WR3Nn5K
>>
>> On Friday, September 2, 2016 at 10:57:37 AM UTC-6, 8bits...@gmail.com 
>> wrote:
>>>
>>> I had changed the path for elasticsearch data to a second HDD, but not 
>>> the logs.  Today my root HDD reached 99% as a result.  I stopped Graylog, 
>>> deleted the elasticsearch logs at /var/log/elasticsearch, and edited the 
>>> elasticsearch.yml to point to the second HDD.  I rebooted my machine and my 
>>> HDD's now have ample space again.  However, Graylog isn't processing any 
>>> incoming messages.  I have ~400k messages showing unprocessed.  On the 
>>> overview page everything is green.  I've restarted, Graylog, Elasticsearch, 
>>> and the server.  No change.  Any ideas on what I can do?
>>>
>>> The journal contains 406,203 unprocessed messages in 5 segments. 0
>>>  messages appended, 0 messages read in the last second.
>>>
>>> Thanks in advance for your help.
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c3fa33bd-ff67-4ed8-89d5-0aa9c3bbf236%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Coloros Graphics

[Jochen Schalanda]

Hi,

using custom palettes for the graphs on dashboards are currently not 
supported by Graylog.

If you want to learn how to create dashboards in general, please take a 
look at 
http://docs.graylog.org/en/2.1/pages/getting_started/create_dashboard.html.

Cheers,
Jochen

On Tuesday, 6 September 2016 17:06:24 UTC+2, Валерий Казанцев wrote:
>
> Hello! I want colors graphics in dashboard. How can I do this?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0345eadc-4b6a-4186-92cf-88ce4f6771de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog in Docker 2.1

[Hernán Fernández]

started with

docker run  --link some-mongo:mongo --link some-elasticsearch:elasticsearch
-p 9000:9000 -p 12900:12900 -p 514:5140/udp -e GRAYLOG_WEB_ENDPOINT_URI="
http://127.0.0.1:9000/api; -d graylog2/server


Loging windows start ok, but when press *Sing in*. It give me a message
"Error -the server returned: 404 - cannot POST
http://127.0.0.1:9000/api/system/sessions (404)"




Hernán Fernández

On Sep 6, 2016 05:42, "Jochen Schalanda"  wrote:

> Hi Hernán,
>
> please make sure that you're using the latest version of the Docker image (
> 2.1.0-2 at the time of writing).
>
> Cheers,
> Jochen
>
> On Friday, 2 September 2016 22:48:30 UTC+2, Hernán Fernández wrote:
>>
>> Hello,
>>
>> I just saw that the rest api is running now on the web interface and the
>> variable GRAYLOG_REST_TRANSPORT_URI="http://127.0.0.1:12900; has been
>> changed by GRAYLOG_WEB_ENDPOINT_URI="http://127.0.0.1:9000/api; in
>> docker installation webpage http://docs.graylog.org/en/2.1
>> /pages/installation/docker.html
>>
>> the problem is that http://127.0.0.1:9000/api give me an 404 error,
>> (apparently it still working with 12900 port), but any idea why the system
>> doesn't work has the documentation say?
>>
>> I'm starting the container with
>>
>> docker run  --link some-mongo:mongo --link some-elasticsearch:elasticsearch
>> -e GRAYLOG_WEB_ENDPOINT_URI="http://127.0.0.1:9000/api; -p 9000:9000 -p
>> 514:5140/udp -d graylog2/server
>>
>> thanks
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/to
> pic/graylog2/VwNZqXz-E8o/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/graylog2/e7454f28-deda-4d01-9700-562cf3908a13%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CABYKu7BUTp0L0kJqxPKjn%2BwCbS18va7Vd1nCY4FThSRRQS3k0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: alerting plugins seem to lack all context?

[Jochen Schalanda]

Hi Jason,

I couldn't reproduce your problems with the HTTP Alarm Callback.

Just to make sure, I've added a test case to our test harness for Graylog 
(see 
https://github.com/Graylog2/graylog2-server/commit/2b05856b6982b14508f3d0d23957ccdb54ec0eeb
).

You could also try to use netcat or Wireshark to record the request the 
HTTP Alarm Callback is sending.

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ed4b0e73-3646-46c7-a2a8-3a3d7c0b3bc3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Change "dynamic_templates" and "store_generic"

[SancheZZS]

Hello!
After first run graylog2 I have defaut template in Elasticsearch
curl -X GET 'http://loclahost:9200/_template?pretty'
http://pastebin.com/e5LPiGzC

How to change mapping in "dynamic_templates" and "store_generic" from
"index" : "not_analyzed" to

"analyzer" : "standard",
"index" : "analyzed",
"type" : "string"
?

I want that any new field, created in web interface, must have "index" : 
"analyzed". By default they have 
"index" : "not_analyzed",
"type" : "string"

Any advice is greatly appreciated.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5d304168-1cdf-4324-ae28-b93602f55e52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Coloros Graphics

[Валерий Казанцев]

Hello! I want colors graphics in dashboard. How can I do this?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8a057e40-7dec-434a-897d-5d4b8e9638bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Bigger production setup

[Jochen Schalanda]

Hi Daniel,

there's currently no detailed guide for creating a setup like the one in 
the image you've posted (and which is in the Graylog documentation).

This being said, setting up these single components (primarily 
Elasticsearch, MongoDB, and Graylog itself) shouldn't be too hard.

Is there anything specifically you're currently stuck with?

Cheers,
Jochen


On Tuesday, 6 September 2016 14:52:47 UTC+2, Daniel Reif wrote:
>
> Good morning guys!!
>
> Is there any guide or documentation to develop the infrastructure below?
> I found some separate articles for each thing, but I'm having trouble 
> joining them.
>
> [image: ../_images/extended_setup.png]
>
> Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fdc80ae1-d3ba-44d7-aa26-528edb73a298%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Updating to Graylog 2.1.0 from 2.0.3

[Jochen Schalanda]

Hi,

it depends on how you've installed Graylog in the first place. Generally 
speaking, Graylog 2.1.0 is a drop-in replacement for Graylog 2.0.x.

Cheers,
Jochen

On Tuesday, 6 September 2016 12:48:06 UTC+2, Ciprian wrote:
>
> Hello, 
>
> I have noticed that a new version of Graylog has been released and 
> therefore I am wondering how can I upgrade to it. 
> Will I lose any settings?
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1b6e9556-f270-4f07-8f45-ddc2300e5ea4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Updating to Graylog 2.1.0 from 2.0.3

[Ciprian]

Hello, 

I have noticed that a new version of Graylog has been released and 
therefore I am wondering how can I upgrade to it. 
Will I lose any settings?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2cd32a07-2e52-431e-b940-1a4714b30fb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: GELF basic concepts. How to collect log data?

[Jochen Schalanda]

Hi,

the Graylog Marketplace offers GELF appenders for most of the existing Java 
logging frameworks: https://marketplace.graylog.org/addons?tag=java

Simply choose one that works with your logging framework (SLF4J merely 
provides an API and relies on another logging framework).

Cheers,
Jochen

On Sunday, 4 September 2016 15:22:47 UTC+2, BuDm wrote:
>
> I'm pretty new to graylog and now I'm struggling with sending in log data. 
> I found that there are 2 ways:
>
>- Using collectors (Beats, NXlog)
>- Using GELF-library (send log data directly from the application)
>
> I'm currently work on a Java application which generates fairly large 
> amount of log data. Some of the log messages might be really huge (like 
> state dumps, if some component of the system dies). Would it be sensible to 
> use GELF-client like this one  in 
> such a case? The thing is in the project we currently use slf4j for 
> logging
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fb0f024e-2168-484e-9c5c-0823e40cddbe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: fighting 2.1 install on ubuntu 14.04

[Jochen Schalanda]

Hi,

please post the complete Graylog configuration file you're using and the 
complete logs of your Graylog node(s). It looks like there's some invalid 
configuration setting.

Cheers,
Jochen

On Sunday, 4 September 2016 06:22:07 UTC+2, mach...@gmail.com wrote:
>
> I've been fighting a 2.1 graylog install on an Ubuntu 14.04 EC2 m4.large 
> instance for most of the day now. I've gone through a bunch of attempts 
> following official guide, digitalocean, and a few others. Mongo, java8, 
> elasticsearch, and other package deps all install fine.
>
> I am hoping to install graylog with the deb package as that seems to be 
> the best/recommended route.
>
> After the install and mandatory configs this is the only error I see in 
> the server.log file.
>
> 2016-09-04T03:38:54.588Z ERROR [CmdLineTool] Guice error (more detail on 
>> log level debug): Error in custom provider, 
>> java.lang.IllegalArgumentException: port out of range:-1
>
>
> Manually checking to see if the ports are listening with nc or scanning 
> everything with nmap verifies they are in fact down. 
>
> nmap -sT -O localhost
> nc -vz localhost 12900
> nc -vz localhost 9000
>
> So it seems to me that graylog server isn't starting/listening properly. 
> But I have nothing else to go on. I see graylog process running. And 
> Mongo/Elasticsearch are up too. 
>
> Any guidance appreciated.
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b5567cd7-1ecd-428a-93d9-938a66a6635a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog in Docker 2.1

[Jochen Schalanda]

Hi Hernán,

please make sure that you're using the latest version of the Docker image (
2.1.0-2 at the time of writing).

Cheers,
Jochen

On Friday, 2 September 2016 22:48:30 UTC+2, Hernán Fernández wrote:
>
> Hello,
>
> I just saw that the rest api is running now on the web interface and the 
> variable GRAYLOG_REST_TRANSPORT_URI="http://127.0.0.1:12900; has been 
> changed by GRAYLOG_WEB_ENDPOINT_URI="http://127.0.0.1:9000/api; in docker 
> installation webpage 
> http://docs.graylog.org/en/2.1/pages/installation/docker.html
>
> the problem is that http://127.0.0.1:9000/api give me an 404 error, 
> (apparently it still working with 12900 port), but any idea why the system 
> doesn't work has the documentation say?
>
> I'm starting the container with
>
> docker run  --link some-mongo:mongo --link 
> some-elasticsearch:elasticsearch -e GRAYLOG_WEB_ENDPOINT_URI="
> http://127.0.0.1:9000/api; -p 9000:9000 -p 514:5140/udp -d graylog2/server
>
> thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e7454f28-deda-4d01-9700-562cf3908a13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: alerting plugins seem to lack all context?

[Jochen Schalanda]

Hi Jason,

which outputs are you using specifically?

If these are 3rd party plugins, you might want to create a GitHub issue in 
the issue trackers of those projects.

Cheers,
Jochen

On Tuesday, 6 September 2016 00:47:34 UTC+2, Jason Haar wrote:
>
> Hi there
>
> I've been playing around with alerts. The native "email" alert works as 
> expected, but the HTTP and "Execute command" alarm options lack all detail 
> about the event that triggered the alert
>
> I've written a script that simply dumps the command line options and 
> environment vars to a file - nothing related to the event shows up. 
> Similarly, the HTTP does a POST - but contains no variables at all
>
> What am I missing? The alerting options are really not that sophisticated, 
> so I'd rather dump "alerts" into my own workflow program - but nothing 
> besides email appears to have any actual data??
>
> -- 
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dec4bb1c-b913-4535-b152-026467329950%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog not connecting to elasticsearch

[Jochen Schalanda]

Hi Karan,

please post the current Graylog and Elasticsearch configuration files 
you're using (after the changes you've made).

Cheers,
Jochen

On Tuesday, 6 September 2016 09:38:24 UTC+2, Karan Chandok wrote:
>
> Hi Jochen,
>
> Yes elasticsearch is running on same machine. I have removed white space 
> and removed unicast host setting as suggested by you however still same 
> error is coming.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ae03a43f-c6df-47f7-893a-74d455a00bed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Problems with Cisco Routers

[Jochen Schalanda]

Hi Israel,

Cisco appliances often don't send valid syslog messages (RFC 3164 or RFC 
5424) so that you have to use a Raw/Plaintext input instead of a Syslog 
input and extract the information you need either with extractors 
 or with rules of the 
message 
processing pipeline .

There are also ready-to-use content packs on the Graylog Marketplace 
simplifying the setup: https://marketplace.graylog.org/addons?tag=cisco

Cheers,
Jochen

On Monday, 5 September 2016 09:30:15 UTC+2, Israel Martinez Bermejo wrote:
>
> Hello  guys.
>
> I have configurated grayog with alls switches Extreme Networks and work 
> fine.
>
> But now, I am working with Cisco Router but have the problem in source 
> message, not put the IP or hsotname Cisco, it start with month, for example 
> now is Sep.
>
> I show an example:
>
>
>
>
> 
>
>
> Thans very much!
>
>
> Regards.
>
> Israel.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8e31ec4b-d641-4458-a9f3-a30261005cce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] How to configure multiple output

[IronCocker]

[root@mirror ~]# more /etc/graylog/collector-sidecar/generated/filebeat.yml
filebeat:
  prospectors:
  - document_type: linux
fields:
  gl2_source_collector: 0d2e5631-e187-4f09-b1a1-562908f44631
ignore_older: 0
input_type: log
paths:
- /var/log/*
scan_frequency: 10s
tail_files: true
  - document_type: nginx
fields:
  gl2_source_collector: 0d2e5631-e187-4f09-b1a1-562908f44631
ignore_older: 0
input_type: log
paths:
- /var/log/nginx/*
scan_frequency: 10s
tail_files: true
output:
  logstash:
hosts:
- 192.168.1.1:5044

Hi,
I configured two tags: *linux* and *nginx*, tag *linux* output 
['192.168.1.1:*5044*'], tag *nginx* output ['192.168.1.1:*5055*'], but 
*filebeat.yml* only have *linux* output, How should i do？
thx.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dcd40516-66cc-4510-b796-611cc57ae191%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog email alert frequency

[Jochen Schalanda]

Hi David,

Basically I want an email whenever an event matching the criteria hits that 
> stream. One email per event. Does anyone know if that's possible?


That's currently not possible.


Cheers,
Jochen 

On Tuesday, 12 April 2016 19:43:31 UTC+2, David Rux wrote:
>
> Hey all,
>
> I have a stream that's set to send an email whenever an alert is triggered 
> that matches a channel. The email is received and all is well but graylog 
> seems to group a series of events together before sending the email. Is 
> there any way to change this? Basically I want an email whenever an event 
> matching the criteria hits that stream. One email per event. Does anyone 
> know if that's possible? My alert condition is as follows:
>
> Trigger alert when a message arrives that has the field 
>
>  
> set to  and 
> then wait at least  minutes until triggering a new alert. (grace period) 
> When sending an alert, include the last  messages of the stream evaluated 
> for this alert condition.
>
> I would have thought that a 0 minute grace period would do this but I 
> tested it and graylog lumped 4 backlog messages into the email where I 
> wanted 4 emails with one event in each. When I set the number of included 
> messages to 1, I only get one email with one alert and it seems to ignore 
> the other events that I triggered despite being logged on the dashboard.
>
> Thanks,
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/98539d17-877b-4e58-849f-b85ef20bda53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Smtp configuration in conf file

[Jochen Schalanda]

Hi Ayksin,

you have to configure the SMTP settings on every Graylog instance.

Cheers,
Jochen

On Tuesday, 6 September 2016 07:32:34 UTC+2, Aykisn wrote:
>
> Hello,
>
> I was wondering if we needed to put the smtp configuration part in all the 
> graylog instances configuration file or just on one of them please ?
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8da41560-aa1d-4698-9507-681b3780e4e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.