[graylog2] Re: geolocation

2016-10-24 Thread manimaran 


Hi, 

Thank's all. finally I fixed that DB issue by using updated DB from max 
mind :-) :-).

And finally I have one query. it is possible to display geo-values along 
with IP's in map???


*once again thank's for your support folks. *



On Tuesday, October 18, 2016 at 1:59:20 PM UTC+5:30, mani...@qrsolutions.in 
wrote:
>
> Hi Folks,
>
> I need some help regarding geolocation (world map ) in graylog by using 
> the Pfsense logs. 
>
> While I am trying to create a map it shows the error that (Map widget is 
> only available for fields containing geo data).
>  
>
>
> Thanks and Regards,
> Manimaran
> Cell: +919962626220
>

-- 


**Disclaimer**

"This email and any attachments are confidential and are for the intended 
addressee[s] only. Unauthorised use of this communication is prohibited. If 
you have received this communication in error, please notify the sender and 
remove them from your system. Confidentiality is not waived or lost by 
reason of the mistaken delivery to you. Please scan this email and any 
attachment(s) for viruses. It is your responsibility to check them before 
opening"

End of Disclaimer*

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/140b1553-0d1e-4f4e-8ac7-30b9917c1cac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] GELF VIA HTTP No Message

2016-10-24 Thread chris . neal 
http://docs.graylog.org/en/2.1/pages/sending_data.html#gelf-via-http


Following the Documentation I created a GELF HTTP Listener.
Using CURL I just tried to send the basic message.

C:\Program Files\cURL>curl -XPOST http://graylog:12201/gelf -p0 -d 
'{"short_message":"Hello 
there","host":"example.org","facility":"test","_foo":"bar"}' -v -B
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 10.0.5.90...
* Connected to gralog (10.0.5.90) port 12201 (#0)
> POST /gelf HTTP/1.0
> Host: graylog:12201
> User-Agent: curl/7.46.0
> Accept: */*
> Content-Length: 69
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 69 out of 69 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 202 Accepted
< Content-Length: 0
< Connection: close
<
* Closing connection 0

So I get a 202 Accepted.. But when trying to locate messages received by 
input...   It is showing no response.

Ideas anyone?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/442b0ae6-7723-4f02-81be-f5b520de3953%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Send Rsyslog Via GELF to Graylog

2016-10-24 Thread Benbrahim Anass 
is there a better way to filter this logs?

Le lundi 24 octobre 2016 12:02:06 UTC+2, Benbrahim Anass a écrit :
>
> i dont have only windows machines, i have hp router, linux servers ...all 
> of those sends there logs to a centralized syslog server and this last 
> forward everything to another graylog server via rsyslog
> i dont want to reconfigure every equipement to send data to graylog, i 
> already have a syslog server 
> i've read that i need logstash for indexing everything but i'm not sure
>
> Le lundi 24 octobre 2016 11:35:54 UTC+2, Jochen Schalanda a écrit :
>>
>> Hi,
>>
>> this looks like a Windows EventLog. Why not send it directly to Graylog 
>> by using nxlog  or Winlogbeat 
>> ? Both can be 
>> managed by the Graylog Collector Sidecar 
>> .
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 24 October 2016 10:03:35 UTC+2, Benbrahim Anass wrote:
>>>
>>> beacause using Gork and extractors is a pain in the ass, GELF is mores 
>>> structured than syslog msgs , i've showed you the message i recieve from 
>>> the syslog server it got all kinds of informations and to extracte them one 
>>> by one is pretty complicated
>>> look at this
>>> cbv-w0033.production.infra {"EventTime": "2016-10-24 
>>> 09:29:34","Hostname":"..-W0025..","Keywords":4611686052787126272,"EventType":"INFO","SeverityValue":2,"Severity":"INFO","EventID":100,"SourceName":"Microsoft-Windows-Diagnosis-DPS","ProviderGuid":"{6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3}","Version":0,"Task":1,"OpcodeValue":12,"RecordNumber":524,"ActivityID":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","ProcessID":1804,"ThreadID":5436,"Channel":"Microsoft-Windows-Diagnosis-DPS/Operational","Domain":"AUTORITE
>>>  
>>> NT","AccountName":"SERVICE LOCAL","UserID":"S-1-5-19","AccountType":"Well 
>>> Known Group","Message":"Le module de diagnostic 
>>> {282396B2-6C46-4D66-B413-70B0445DF33C} 
>>> (%SystemRoot%\\system32\\diagperf.dll) a détecté un problème pour le 
>>> scénario {186F47EF-626C-4670-800A-4A30756BABAD}, instance 
>>> {BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}, ID d’activité d’origine 
>>> {----}.","Category":"Cycle de vie du 
>>> scénario","Opcode":"Un module de diagnostic a détecté un 
>>> problème","ScenarioId":"{186F47EF-626C-4670-800A-4A30756BABAD}","InstanceId":"{BBBA6034-2F3E-4F98-88DC-FB4F4AB0A74A}","OriginalActivityId":"{----}","DiagnosticModuleImageName":"%SystemRoot%\\system32\\diagperf.dll","DiagnosticModuleId":"{282396B2-6C46-4D66-B413-70B0445DF33C}","EventReceivedTime":"2016-10-24
>>>  
>>> 09:29:35","SourceModuleName":"in","SourceModuleType":"im_msvistalog"}#015
>>>
>>> Le lundi 24 octobre 2016 09:49:16 UTC+2, Jochen Schalanda a écrit :

 Hi,

 the instructions on the rsyslog website 
  are 
 unsurprisingly for rsyslog.

 But why exactly do you want to forward your syslog messages using the 
 GELF protocol? You won't gain anything from it…

 Cheers,
 Jochen

 On Monday, 24 October 2016 09:26:38 UTC+2, Benbrahim Anass wrote:
>
> Hi everyone,
> i'm wondering if is it possible to send rsyslog data via GELF to 
> Graylog, i saw this tutorial but since i'm newbie i dont know where to 
> create that templet or any of that config
> http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html
> hope someone can explain that to me
> thanks in advance
>
> cheers 
> Anas
>


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c7564fd8-d8c8-496b-8710-60f3dad19a31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Plugins with UI Not Working?

2016-10-24 Thread Bob 
Is there an issue with plugins that contain a UI in the current 2.1.1 
release? I have tried 2 different plugins that should contain a UI 
component that are not loading. The plugins themselves are shown loading in 
the log file as well as in the node plugins UI. The first was the very new 
threat-intelligence plugin, but the second is the aggregates plugin which 
has had many releases.

-- 
CONFIDENTIALITY/EMAIL NOTICE: The material in this transmission contains
confidential and privileged information intended only for the addressee.
If you are not the intended recipient, please be advised that you have
received this material in error and that any forwarding, copying, printing,
distribution, use or disclosure of the material is strictly prohibited.
If you have received this material in error, please (i) do not read it,
(ii) reply to the sender that you received the message in error, and
(iii) erase or destroy the material. Emails are not secure and can be
intercepted, amended, lost or destroyed, or contain viruses. You are deemed
to have accepted these risks if you communicate with us by email. Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/fb747596-ee65-4bb0-b5d7-cc9d7b931af4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Send Rsyslog Via GELF to Graylog

2016-10-24 Thread Jochen Schalanda 
Hi,

the instructions on the rsyslog website 
 are 
unsurprisingly for rsyslog.

But why exactly do you want to forward your syslog messages using the GELF 
protocol? You won't gain anything from it…

Cheers,
Jochen

On Monday, 24 October 2016 09:26:38 UTC+2, Benbrahim Anass wrote:
>
> Hi everyone,
> i'm wondering if is it possible to send rsyslog data via GELF to Graylog, 
> i saw this tutorial but since i'm newbie i dont know where to create that 
> templet or any of that config
> http://www.rsyslog.com/doc/master/tutorials/gelf_forwarding.html
> hope someone can explain that to me
> thanks in advance
>
> cheers 
> Anas
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5191d5ed-ea61-4517-9320-bd793a61cc48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.