Re: [graylog2] my first syslog input is failing
Hi Jochen,
Thanks! Changed user to root, restarted server, and the input is starting
ok now.
However, when I send test messages to the input, I don't see anything in
input/search window.
In the log, I see this:
2017-01-22T21:05:47.002+08:00 WARN [NettyTransport] receiveBufferSize
(SO_RCVBUF) for input SyslogUDPInput{title=diskstation,
type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be
262144 but is 212992.
I have two choices on my syslog sender: BSD (RFC3164) and IETF (RFC
5424). I've tried both just to be sure, but no additional error messages
nor message show up in GrayLog.
Any suggestion?
Thanks!
On Fri, Jan 20, 2017 at 5:47 PM, Jochen Schalanda
wrote:
> Hi Jason,
>
> you're trying to bind the input to a privileged port (<1024) which is only
> possible if Graylog was started by the system's root user or was configured
> accordingly (e. g. with authbind).
>
> See http://docs.graylog.org/en/2.1/pages/faq.html#how-can-
> i-start-an-input-on-a-port-below-1024 for details.
>
> Cheers,
> Jochen
>
> On Friday, 20 January 2017 10:43:08 UTC+1, JayJay wrote:
>>
>> Hi Richard,
>>
>>- allow_override_date:
>>true
>>- bind_address:
>>10.10.0.64 < I also tried 0.0.0.0 and 127.0.0.l
>>- expand_structured_data:
>>true
>>- force_rdns:
>>true
>>- override_source:
>>**
>>- port:
>>514
>>- recv_buffer_size:
>>262144
>>- store_full_message:
>>true
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/1MF1mFj6EhQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/3174ef87-bd92-4cfc-9a50-9b17a268a0bf%40googlegroups.com
>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/CAGUPOFsXPsQ5roE0-k7tGDnooxDUgxPtxWOb3Mu90NRuMTxKsw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] I know Reports don't Exist in GL2
Custom bash script and template system to generate automatically nice pdf reports (scheduling and send e-mail included). Backend consists from standard utils e.g. curl for api calls, jq, sed and awk for data normalization and pandoc to render pdf from markdown template... -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/92373c06-0a69-4fbb-8083-001e27bf16a5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: help input failing : graylog input format
Also the format of the logs i want to forward to my graylog server is cyberoamlog format Le samedi 21 janvier 2017 22:00:58 UTC, jony a écrit : > > i'm trying to connect a graylog input i created to my firewall ,except > that the firewall logs have a specific format not mentionned in the input > list on graylog . > Can someone please help me. I've tried different types of input in the > list but none of them seems to enable the connection ,and my input fails . > Also ,if i create one input through one specific port number , does the > second input i create have to use a different port number ? > Thank you > Waiting for your responses ;) > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/679ece9b-2ba3-4917-a8c7-36642bc5e338%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] help input failing : graylog input format
i'm trying to connect a graylog input i created to my firewall ,except that the firewall logs have a specific format not mentionned in the input list on graylog . Can someone please help me. I've tried different types of input in the list but none of them seems to enable the connection ,and my input fails . Also ,if i create one input through one specific port number , does the second input i create have to use a different port number ? Thank you Waiting for your responses ;) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/59ae7d30-8861-48f1-8a40-16bb50218be9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: log4j syslogappender and Graylog compatibility
Hi Gary, I haven't tried it out personally, but if the Syslog Appender adheres to RFC 3164 or RFC 5424, it should be fine (also see https://github.com/Graylog2/graylog-guide-syslog-linux/blob/master/README.md for some details about the recommended format). You can also use one of the many GELF Appenders from the Graylog Marketplace: https://marketplace.graylog.org/addons?search=log4j Cheers, Jochen On Friday, 20 January 2017 19:11:13 UTC+1, maxwell...@gmail.com wrote: > > Is it possible to directly use log4j syslogappender as a remote TCP input > into Graylog? > > -Gary > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3426f2df-ce54-4828-9589-e80753d491f5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
