Re: [graylog2] Re: Can you import Exchange 2013 Audit logs into Graylog?

[Dustin Tennill]

I forgot to post it when I got finished.

Will reply to the group in the morning. 



Sent from my iPhone

> On Jan 22, 2017, at 6:21 PM, Wil Hutchins  wrote:
> 
> How did you guys go with getting Exchange 2013 info into Graylog?
> 
>> On Saturday, 21 May 2016 11:56:27 UTC+10, Dustin Tennill wrote:
>> That sounds pretty interesting, and I would like to help.
>> 
>> I was planning on trying to get a script together that would send message 
>> tracking logs into graylog this weekend. 
>> 
>> Dustin
>> 
>> 
>> 
>> 
>>> On Thursday, May 19, 2016 at 5:53:10 AM UTC-4, Rob wrote:
>>> Hi,
>>> 
>>> I have my Windows Event logs going to my Graylog servers like a charm - its 
>>> great.
>>> 
>>> With Exchange 2013 if you turn on Auditing the logs are stored with the 
>>> users mailbox and not in the Event log.
>>> 
>>> You can purchase 3rd party apps like Netwrix to send them to the Event log.
>>> 
>>> Is there a plugin or way to get the logs into Graylog say via nxlog without 
>>> using a paid 3rd party app?
>>> 
>>> There is a way to export the logs to an xml file - so maybe a scheduled 
>>> task could be created to create the xml files and the nxlog could send to 
>>> Graylog?
>>> 
>>> Any suggestions, tips or pointing me to some doco or plugins would be much 
>>> appreciated.
> 
> -- 
> You received this message because you are subscribed to a topic in the Google 
> Groups "Graylog Users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/graylog2/p6r8c38gHAQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/0c00b8ea-d2f8-4dc6-bb43-5143d79c612c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/DB2AAB28-BCDF-428C-B998-50E92F495D0D%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Tom Powers]

Have you tried powershell?   As I recallthere's a Get-Auditlog cmdletmy 
syntax may be off. But...if you could grab it that way,  even in a scheduled 
task...you could use export-csv syntax to get it to output

I can turn it in at my office and figure it outwhat info do you want out of 
it? 

Tp

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/807410fd-3d84-4db2-9910-74978cfeeae1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Good list of rules?

[Tom Powers]

GL2 is an incredible tool...and I'm learning more and more each day.

I've been through the docs and ask through the groups here...great info. 

Just a questionthe more rules I build,  the more I wonder what I'm missing

Ate there any good places to go for rules creation? I work on Windows  networks 
primarily. 

All insight is appreciated

Tp

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/227637ca-8476-40ea-bde8-1832b9726d74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Can you import Exchange 2013 Audit logs into Graylog?

[Wil Hutchins]

How did you guys go with getting Exchange 2013 info into Graylog?

On Saturday, 21 May 2016 11:56:27 UTC+10, Dustin Tennill wrote:
>
> That sounds pretty interesting, and I would like to help.
>
> I was planning on trying to get a script together that would send message 
> tracking logs into graylog this weekend. 
>
> Dustin
>
>
>
>
> On Thursday, May 19, 2016 at 5:53:10 AM UTC-4, Rob wrote:
>>
>> Hi,
>>
>> I have my Windows Event logs going to my Graylog servers like a charm - 
>> its great.
>>
>> With Exchange 2013 if you turn on Auditing the logs are stored with the 
>> users mailbox and not in the Event log.
>>
>> You can purchase 3rd party apps like Netwrix to send them to the Event 
>> log.
>>
>> Is there a plugin or way to get the logs into Graylog say via nxlog 
>> without using a paid 3rd party app?
>>
>> There is a way to export the logs to an xml file - so maybe a scheduled 
>> task could be created to create the xml files and the nxlog could send to 
>> Graylog?
>>
>> Any suggestions, tips or pointing me to some doco or plugins would be 
>> much appreciated.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0c00b8ea-d2f8-4dc6-bb43-5143d79c612c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: help input failing : graylog input format

[jony]

Le dimanche 22 janvier 2017 21:50:02 UTC, jony a écrit :
>
> i would like to connect many servers to graylog through tcp ,so i guess i 
> need a new input for each server ,and a different port number for each one 
> ,right ? 
>
> Le dimanche 22 janvier 2017 16:39:35 UTC, Jochen Schalanda a écrit :
>>
>> Hi,
>>
>> On Sunday, 22 January 2017 14:06:40 UTC+1, jony wrote:
>>>
>>> i think it is text based but can you confirm that to me ,here's a link 
>>> of the detailed log format :  
>>> https://kb.cyberoam.com/default.asp?id=1808
>>>
>>
>> This looks relatively easy to parse with extractors or the message 
>> processing pipeline:
>>
>> http://docs.graylog.org/en/2.1/pages/extractors.html
>> http://docs.graylog.org/en/2.1/pages/pipelines.html
>>
>> Take a look at the Key/Value extractor or the Grok extractor.
>>  
>>
>>> For the port number ;let's say i have 30 inputs all using tcp ,if i 
>>> choose for each one a different port number ,would that be okay ?? 
>>>
>>
>> Yes, that's no problem. But what exactly do you want to achieve? You 
>> don't need to start a separate input for each client (using the same 
>> protocol).
>>
>> Cheers,
>> Jochen
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cc202b56-1721-4d20-9411-f0d16c72574b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: help input failing : graylog input format

[jony]

i would like to connect many servers to graylog through tcp ,so i guess i 
need a new input for each server ,and a different port number for each one 
,right ? 

Le dimanche 22 janvier 2017 16:39:35 UTC, Jochen Schalanda a écrit :
>
> Hi,
>
> On Sunday, 22 January 2017 14:06:40 UTC+1, jony wrote:
>>
>> i think it is text based but can you confirm that to me ,here's a link of 
>> the detailed log format :  https://kb.cyberoam.com/default.asp?id=1808
>>
>
> This looks relatively easy to parse with extractors or the message 
> processing pipeline:
>
> http://docs.graylog.org/en/2.1/pages/extractors.html
> http://docs.graylog.org/en/2.1/pages/pipelines.html
>
> Take a look at the Key/Value extractor or the Grok extractor.
>  
>
>> For the port number ;let's say i have 30 inputs all using tcp ,if i 
>> choose for each one a different port number ,would that be okay ?? 
>>
>
> Yes, that's no problem. But what exactly do you want to achieve? You don't 
> need to start a separate input for each client (using the same protocol).
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/273274dd-af55-4fde-b430-d6c435522a36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: help input failing : graylog input format

[Jochen Schalanda]

Hi,

On Sunday, 22 January 2017 14:06:40 UTC+1, jony wrote:
>
> i think it is text based but can you confirm that to me ,here's a link of 
> the detailed log format :  https://kb.cyberoam.com/default.asp?id=1808
>

This looks relatively easy to parse with extractors or the message 
processing pipeline:

http://docs.graylog.org/en/2.1/pages/extractors.html
http://docs.graylog.org/en/2.1/pages/pipelines.html

Take a look at the Key/Value extractor or the Grok extractor.
 

> For the port number ;let's say i have 30 inputs all using tcp ,if i choose 
> for each one a different port number ,would that be okay ?? 
>

Yes, that's no problem. But what exactly do you want to achieve? You don't 
need to start a separate input for each client (using the same protocol).

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0bce0190-3dda-405b-b399-ee0cbe7fb80a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] my first syslog input is failing

[Jason Fuller]

Hi Jochen,

After swittching the receiver to 1514, and a reboot, the server is
receiving messages now.  However, when I change the user back to "graylog",
and restart, after about 1 minute, it crashes with 1000's of errors.
Swithing back to root fixes it.  I think I should reload the server and app.

Thanks for all your help!
Jason

On Sun, Jan 22, 2017 at 9:51 PM, Jason Fuller 
wrote:

> Hi Jochen,
>
> Understand about the security implications.  Thank you for pointing out ;)
>
> On the receipt issue, yes, I'm sure there is not a network issue, on the
> graylog server I'm receiving the packet.  It's just not showing up in
> Graylog:
>
> [root@server]# tcpdump -nnvvi ens32 port 514
> tcpdump: listening on ens32, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 05:54:04.456723 IP (tos 0x0, ttl 64, id 8493, offset 0, flags [DF], proto
> UDP (17), length 127)
> 10.10.0.5.37136 > 10.10.0.64.514: [udp sum ok] SYSLOG, length: 99
> Facility user (1), Severity info (6)
> Msg: Jan 22 21:46:40 SERVER01 System Test message from Synology
> Syslog Client from (10.10.0.5)\0x0a
> 0x:  3c31 343e 4a61 6e20 3232 2032 313a 3436
> 0x0010:  3a34 3020 504e 4153 4148 3149 4e46 3031
> 0x0020:  2053 7973 7465 6d20 5465 7374 206d 6573
> 0x0030:  7361 6765 2066 726f 6d20 5379 6e6f 6c6f
> 0x0040:  6779 2053 7973 6c6f 6720 436c 6965 6e74
> 0x0050:  2066 726f 6d20 2831 302e 3230 382e 302e
> 0x0060:  3529 0a
> ^C
> 1 packet captured
> 1 packet received by filter
> 0 packets dropped by kernel
>
> Thank you for your help,
> Regards,
> Jason
>
>
> On Sun, Jan 22, 2017 at 8:02 PM, Jochen Schalanda 
> wrote:
>
>> On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote:
>>>
>>> On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote:

 Changed user to root, restarted server, and the input is starting ok
 now.

>>>
>>> From a security perspective, that's a very bad idea and I'd recommend to
>>> use one of the other mechanisms described in the documentation:
>>> http://docs.graylog.org/en/2.1/pages/faq.html
>>> #how-can-i-start-an-input-on-a-port-below-1024
>>>
>>
>> The simplest thing would be to run the input on a port >1024 (e. g. 1514)
>> of course…
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Graylog Users" group.
>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>> pic/graylog2/1MF1mFj6EhQ/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> graylog2+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGUPOFt1Es%2BX1YigioxFFEVhLEwwSZhtosC8EZ0qho1A%3DtOeXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] my first syslog input is failing

[Jason Fuller]

Hi Jochen,

Understand about the security implications.  Thank you for pointing out ;)

On the receipt issue, yes, I'm sure there is not a network issue, on the
graylog server I'm receiving the packet.  It's just not showing up in
Graylog:

[root@server]# tcpdump -nnvvi ens32 port 514
tcpdump: listening on ens32, link-type EN10MB (Ethernet), capture size
65535 bytes
05:54:04.456723 IP (tos 0x0, ttl 64, id 8493, offset 0, flags [DF], proto
UDP (17), length 127)
10.10.0.5.37136 > 10.10.0.64.514: [udp sum ok] SYSLOG, length: 99
Facility user (1), Severity info (6)
Msg: Jan 22 21:46:40 SERVER01 System Test message from Synology
Syslog Client from (10.10.0.5)\0x0a
0x:  3c31 343e 4a61 6e20 3232 2032 313a 3436
0x0010:  3a34 3020 504e 4153 4148 3149 4e46 3031
0x0020:  2053 7973 7465 6d20 5465 7374 206d 6573
0x0030:  7361 6765 2066 726f 6d20 5379 6e6f 6c6f
0x0040:  6779 2053 7973 6c6f 6720 436c 6965 6e74
0x0050:  2066 726f 6d20 2831 302e 3230 382e 302e
0x0060:  3529 0a
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel

Thank you for your help,
Regards,
Jason


On Sun, Jan 22, 2017 at 8:02 PM, Jochen Schalanda 
wrote:

> On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote:
>>
>> On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote:
>>>
>>> Changed user to root, restarted server, and the input is starting ok
>>> now.
>>>
>>
>> From a security perspective, that's a very bad idea and I'd recommend to
>> use one of the other mechanisms described in the documentation:
>> http://docs.graylog.org/en/2.1/pages/faq.html
>> #how-can-i-start-an-input-on-a-port-below-1024
>>
>
> The simplest thing would be to run the input on a port >1024 (e. g. 1514)
> of course…
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/1MF1mFj6EhQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGUPOFt_V%3DNDPo_L8MU97oS_ACe0Rp3ptbotj9KbZ_U2EaDj2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: help input failing : graylog input format

[jony]

thanks a lot Jochen ,the best (y) ,
i think it is text based but can you confirm that to me ,here's a link of 
the detailed log format :  https://kb.cyberoam.com/default.asp?id=1808

For the port number ;let's say i have 30 inputs all using tcp ,if i choose 
for each one a different port number ,would that be okay ?? 
thanks again 

Le dimanche 22 janvier 2017 12:05:08 UTC, Jochen Schalanda a écrit :
>
> Hi,
>
> On Saturday, 21 January 2017 23:00:58 UTC+1, jony wrote:
>>
>> Can someone please help me. I've tried different types of input in the 
>> list but none of them seems to enable the connection ,and my input fails .
>>
>
> If the format is text-based, you can use a Raw/Plaintext UDP or TCP input 
> and use extractors or the message processing pipeline to extract the 
> valuable information:
>
> http://docs.graylog.org/en/2.1/pages/extractors.html
> http://docs.graylog.org/en/2.1/pages/pipelines.html
>
>  
>
>> Also ,if i create one input through one specific port number , does the 
>> second input i create have to use a different port number ?
>>
>
> In general, yes. You have to use different port numbers for different 
> inputs (exception: if they're using different transport protocols, e. g. 
> TCP and UDP).
>  
>
> Cheers,
> Jochen
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f2190057-8e6d-438f-af8f-30cf351eba51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: help input failing : graylog input format

[Jochen Schalanda]

Hi,

On Saturday, 21 January 2017 23:00:58 UTC+1, jony wrote:
>
> Can someone please help me. I've tried different types of input in the 
> list but none of them seems to enable the connection ,and my input fails .
>

If the format is text-based, you can use a Raw/Plaintext UDP or TCP input 
and use extractors or the message processing pipeline to extract the 
valuable information:

http://docs.graylog.org/en/2.1/pages/extractors.html
http://docs.graylog.org/en/2.1/pages/pipelines.html

 

> Also ,if i create one input through one specific port number , does the 
> second input i create have to use a different port number ?
>

In general, yes. You have to use different port numbers for different 
inputs (exception: if they're using different transport protocols, e. g. 
TCP and UDP).
 

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dd85ada6-a5cd-43ab-9f5a-65152b9b8671%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog SaltStack Formula in the marketplace

[Jochen Schalanda]

Hi Brandon,

thanks for sharing!

Cheers,
Jochen

On Sunday, 22 January 2017 09:59:13 UTC+1, BKeep wrote:
>
> I have been working on this for a little while and wanted to share what I 
> have so far. I created a SaltStack formula for deploying Graylog. I also 
> created supporting formulas for Elasticsearch and MongoDB that support a 
> Graylog install, which are linked form the README.
>
> If anyone is using Salt take a look and let me know what you think.
>
> graylog-formula
> https://marketplace.graylog.org/addons/8cf73840-dfa2-4676-bf94-bff1cde01d57
>
> Regards,
> Brandon
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a902d74c-432e-48d7-a465-73cf2e5ea70f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] my first syslog input is failing

[Jochen Schalanda]

On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote:
>
> On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote:
>>
>> Changed user to root, restarted server, and the input is starting ok now. 
>>  
>>
>
> From a security perspective, that's a very bad idea and I'd recommend to 
> use one of the other mechanisms described in the documentation: 
> http://docs.graylog.org/en/2.1/pages/faq.html#how-can-i-start-an-input-on-a-port-below-1024
>

The simplest thing would be to run the input on a port >1024 (e. g. 1514) 
of course…

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/df11f552-c742-4858-838f-ea1c74c02ced%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] my first syslog input is failing

[Jochen Schalanda]

Hi Jason,

On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote:
>
> Changed user to root, restarted server, and the input is starting ok now.  
>

>From a security perspective, that's a very bad idea and I'd recommend to 
use one of the other mechanisms described in the 
documentation: 
http://docs.graylog.org/en/2.1/pages/faq.html#how-can-i-start-an-input-on-a-port-below-1024
 

However, when I send test messages to the input, I don't see anything in 
> input/search window.
>

How exactly are you sending test messages?
 

2017-01-22T21:05:47.002+08:00 WARN  [NettyTransport] receiveBufferSize 
> (SO_RCVBUF) for input SyslogUDPInput{title=diskstation, 
> type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=null} should be 
> 262144 but is 212992.
>

See https://github.com/Graylog2/documentation/issues/26 

I have two choices on my syslog sender:  BSD (RFC3164) and IETF (RFC 5424).
>

Both should work, if the sender adheres to the mentioned RFCs.

If you can rule out networking problems (check with Wireshark whether the 
messages actually reach Graylog), then you can try using a Raw/Plaintext 
input.

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/416fa6b3-d7d9-4b08-81ed-aca77216fdd5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog SaltStack Formula in the marketplace

[BKeep]

I have been working on this for a little while and wanted to share what I 
have so far. I created a SaltStack formula for deploying Graylog. I also 
created supporting formulas for Elasticsearch and MongoDB that support a 
Graylog install, which are linked form the README.

If anyone is using Salt take a look and let me know what you think.

graylog-formula
https://marketplace.graylog.org/addons/8cf73840-dfa2-4676-bf94-bff1cde01d57

Regards,
Brandon

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6f74cacd-daef-4869-a8cd-d82b24a7f8f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.