[graylog2] Re: Archive data in free version of graylog?

2017-02-15 Thread Jan Doberstein 
Hej Dan,

you write that you like to have it in a file for 3 years. 

Graylog use Elasticsearch to store the events as Richard already said, you 
can look into the Enterprise Archiving which will give you after a 
configured time the Data in a plain text file.

with kind regards
Jan

On Wednesday, February 15, 2017 at 11:58:11 PM UTC+1, Dan Hoffmann wrote:
>
> I'm looking to keep on file 3 years of data.
> Is there a way to archive?
>
> I am just learning with graylog so any help is appreciated.
>
> Thanks,
> Dan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5308450a-770e-417e-90b0-9613a4bcb4ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] [ANN] New Graylog Forum

2017-02-15 Thread Jan Doberstein 
Hej Richard,

we discussed this in the Team and made the decision to start with a clean 
installation. 

To answer your question short, no we will not copy over the content.

regards
Jan

On Thursday, February 16, 2017 at 2:56:04 AM UTC+1, Richard S. Westmoreland 
wrote:
>
> Hello,
>
> Are you going to copy the google group threads into the forum?
>
>
>
> On Feb 16, 2017, at 4:23 AM, Taylor Rhoades > 
> wrote:
>
> We're excited to announce that we will be moving to a new forum! Starting 
> today, you will be able to sign up for the Graylog Forum 
> , which we will begin to use on February 
> 21st. This means you can continue to post your questions here up until 
> February 21st, then our Google Groups mailing list will be set to 
> read-only. The reasoning behind the move was due to the fact that the 
> Google Groups UI is far less than optimal. In particular, searching through 
> and finding information was tedious. With our new forum, we want this 
> community to not only offer fast help in case of any questions but also for 
> content to be easily searchable and consumable. 
>
> Please read our full announcement here 
> ! We 
> hope you enjoy the new forum and we will do our best to make this 
> transition as smooth as possible! 
>
> Thank you!  
> The Graylog Team
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+u...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/0cf96c46-6195-484c-bf1c-385bb9947fc8%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1c9f96e0-d675-4d03-884f-9af34325c53f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Duplicate messages avoid in stream.

2017-02-15 Thread Jan Doberstein 
Hej Rajesh,

Graylog only work with the messages that are delivered to it. If you do not 
want to have some messages in Graylog you would need to drop them with a 
pipeline rule or do not deliver them to Graylog.

with kind regards
Jan

On Thursday, February 16, 2017 at 8:03:35 AM UTC+1, Rajesh kumar Basa wrote:
>
> Hi Team,
>
> I Have created a stream  and enabled the filter based on our requirements. 
> but every time  it is showing  the duplicate multiple messages in stream.
>
> For example 'Exception ManagedBean' is not really an exception. ( issue 
> of showing the update Error Messages multiple times)
>
> Please find attached document.
>
> Note: Duplicate message are generated by Timestamp. can you provide the 
> solution for to avoid the duplicate messages Through  graylog  GUI 
> Interface  or other solution.
>
> Thanking you,
>
> Best Regards
> Rajesh kumar.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e158db84-340f-497f-a08e-e8072fce3e55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: cannot start AMQP input

2017-02-15 Thread Jan Doberstein 
Hej Jiri,

according to your provided logfile something is wrong with your 
configuration. You should check all settings and if Graylog is able to 
connect to the AMQP Server on the configured Port.

regards
Jan

On Wednesday, February 15, 2017 at 10:42:20 PM UTC+1, Jiří Kolb wrote:
>
> Hi,
> Trying to add AMQP input to connect with RabbitMQ, but input does not 
> start. Can you please help? Following is graylog server log:
>
> 2017-02-13_12:36:08.35670 2017-02-13 13:36:08,342 ERROR: 
> org.graylog2.shared.inputs.InputLauncher - The 
> [org.graylog2.inputs.gelf.amqp.GELFAMQPInput] input with ID 
> <58a1a833ea84240352ab0c9e> misfired. Reason: Connection refused.
> 2017-02-13_12:36:08.35733 org.graylog2.plugin.inputs.MisfireException: 
> org.graylog2.plugin.inputs.MisfireException: Could not launch AMQP consumer.
> 2017-02-13_12:36:08.36173 at 
> org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:156) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.36503 at 
> org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) 
> [graylog.jar:?]
> 2017-02-13_12:36:08.36512 at 
> com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
>  
> [graylog.jar:?]
> 2017-02-13_12:36:08.36614 at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
> [?:1.8.0_101]
> 2017-02-13_12:36:08.39847 at 
> java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_101]
> 2017-02-13_12:36:08.40479 at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>  
> [?:1.8.0_101]
> 2017-02-13_12:36:08.40688 at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>  
> [?:1.8.0_101]
> 2017-02-13_12:36:08.40894 at java.lang.Thread.run(Thread.java:745) 
> [?:1.8.0_101]
> 2017-02-13_12:36:08.41575 Caused by: 
> org.graylog2.plugin.inputs.MisfireException: Could not launch AMQP consumer.
> 2017-02-13_12:36:08.43687 at 
> org.graylog2.inputs.transports.AmqpTransport.doLaunch(AmqpTransport.java:179) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.43858 at 
> org.graylog2.plugin.inputs.transports.ThrottleableTransport.launch(ThrottleableTransport.java:75)
>  
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.44099 at 
> org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.45928 ... 7 more
> 2017-02-13_12:36:08.46113 Caused by: java.net.ConnectException: Connection 
> refused
> 2017-02-13_12:36:08.46239 at 
> java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_101]
> 2017-02-13_12:36:08.46372 at 
> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) 
> ~[?:1.8.0_101]
> 2017-02-13_12:36:08.46735 at 
> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
>  
> ~[?:1.8.0_101]
> 2017-02-13_12:36:08.47077 at 
> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) 
> ~[?:1.8.0_101]
> 2017-02-13_12:36:08.47511 at 
> java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_101]
> 2017-02-13_12:36:08.47630 at java.net.Socket.connect(Socket.java:589) 
> ~[?:1.8.0_101]
> 2017-02-13_12:36:08.48921 at 
> com.rabbitmq.client.impl.FrameHandlerFactory.create(FrameHandlerFactory.java:47)
>  
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.52276 at 
> com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:822)
>  
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.52512 at 
> com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:778)
>  
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.53003 at 
> com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:868)
>  
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.53488 at 
> org.graylog2.inputs.transports.AmqpConsumer.connect(AmqpConsumer.java:176) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.54119 at 
> org.graylog2.inputs.transports.AmqpConsumer.run(AmqpConsumer.java:108) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.55159 at 
> org.graylog2.inputs.transports.AmqpTransport.doLaunch(AmqpTransport.java:176) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.57116 at 
> org.graylog2.plugin.inputs.transports.ThrottleableTransport.launch(ThrottleableTransport.java:75)
>  
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.57121 at 
> org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) 
> ~[graylog.jar:?]
> 2017-02-13_12:36:08.57762 ... 7 more
> 2017-02-13_12:36:08.58163 2017-02-13 13:36:08,361 INFO : 
> org.graylog2.inputs.InputStateListener - Input [GELF 
> AMQP/58a1a833ea84240352ab0c9e] is now TERMINATED
> 2017-02-13_12:36:08.58165 2017-02-13 13:36:08,345 ERROR: 
> com.google.common.eventbus.EventBus.graylog-eventbus - Exception thrown by 
> subscriber method 
> inputStateChanged(org.graylog2.plugin.events.inputs.IOStateChangedEvent) on 
> subscriber org.graylog2.inputs.InputStateListener@47629063 when dispatching 
> event: IOStateChangedEvent{oldState=STARTING, newState=FAILED, 
> changedState=InputSta

[graylog2] Duplicate messages avoid in stream.

2017-02-15 Thread Rajesh kumar Basa 
Hi Team,

I Have created a stream  and enabled the filter based on our requirements. 
but every time  it is showing  the duplicate multiple messages in stream.

For example 'Exception ManagedBean' is not really an exception. ( issue of 
showing the update Error Messages multiple times)

Please find attached document.

Note: Duplicate message are generated by Timestamp. can you provide the 
solution for to avoid the duplicate messages Through  graylog  GUI 
Interface  or other solution.

Thanking you,

Best Regards
Rajesh kumar.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c3441518-f0d2-4bc5-8666-c73ee5e725aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: permission denied when I change to fix IP

2017-02-15 Thread yoy oo 
I solved.

sudoedit /etc/dhcp/dhcpd.config

On Thursday, February 16, 2017 at 11:34:18 AM UTC+8, yoy oo wrote:

> I try to edit the /etc/network/interfaces
>
> but when I save the file. It show the file is read only, permission denied.
>
> I login as ubuntu:ubuntu
>
> Thank you.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/79bc5b01-0aae-4ab2-8222-6950e6fd9955%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] permission denied when I change to fix IP

2017-02-15 Thread yoy oo 
I try to edit the /etc/network/interfaces

but when I save the file. It show the file is read only, permission denied.

I login as ubuntu:ubuntu

Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/11ae9f60-939d-409f-833f-de952847b0d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] [ANN] New Graylog Forum

2017-02-15 Thread Richard S. Westmoreland 
Hello,

Are you going to copy the google group threads into the forum?



> On Feb 16, 2017, at 4:23 AM, Taylor Rhoades  wrote:
> 
> We're excited to announce that we will be moving to a new forum! Starting 
> today, you will be able to sign up for the Graylog Forum, which we will begin 
> to use on February 21st. This means you can continue to post your questions 
> here up until February 21st, then our Google Groups mailing list will be set 
> to read-only. The reasoning behind the move was due to the fact that the 
> Google Groups UI is far less than optimal. In particular, searching through 
> and finding information was tedious. With our new forum, we want this 
> community to not only offer fast help in case of any questions but also for 
> content to be easily searchable and consumable. 
> 
> Please read our full announcement here! We hope you enjoy the new forum and 
> we will do our best to make this transition as smooth as possible! 
> 
> Thank you!  
> The Graylog Team
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/0cf96c46-6195-484c-bf1c-385bb9947fc8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/4C30B732-F0ED-417B-8A70-E530E2D851E0%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Archive data in free version of graylog?

2017-02-15 Thread Richard S. Westmoreland 
They have an Enterprise version that archives the ES, I suggest looking into 
that.


> On Feb 16, 2017, at 7:58 AM, Dan Hoffmann  wrote:
> 
> I'm looking to keep on file 3 years of data.
> Is there a way to archive?
> 
> I am just learning with graylog so any help is appreciated.
> 
> Thanks,
> Dan
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/b65c35ab-9e46-40f2-a186-79959ae5e4dc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CC1644FD-B83D-43EB-B291-0A775402CEA4%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Archive data in free version of graylog?

2017-02-15 Thread Dan Hoffmann 
I'm looking to keep on file 3 years of data.
Is there a way to archive?

I am just learning with graylog so any help is appreciated.

Thanks,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b65c35ab-9e46-40f2-a186-79959ae5e4dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] json extractor help

2017-02-15 Thread Rayees Namathponnan 
Hi All,

Is there any details doc for Json extractor ? i looked 
“http://docs.graylog.org/en/2.1/pages/extractors.html#using-the-json-extractor 
”
 but not helping


I want to extract from data like below, not sure how to do this, 
 

[{"path": “/test/test3/midm_new/20160912", "tag": "MidmRaw", "stats": {"size": 
"2.27TB"}}, {"path": "/proce/test2/parse//cil/latest", "tag": "cil", "stats": 
{"size": "645.83MB"}}]




Regards,
Rayees 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/C86C487B-8C77-4504-9E1C-0DEC7C94DC59%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Troubleshooting logs

2017-02-15 Thread Tom Powers 
Hello,

If I'm trying to troubleshoot why an output from a stream , being forwarded 
to another graylog server, and the stream populates but the receiving 
server shows nothing,  which logs on the graylog boxes would I check to see 
if I have an output or an input problem?

Thanks

TP

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1f6fc1c5-0d1e-4728-9e65-603aab5abf54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] cannot start AMQP input

2017-02-15 Thread Jiří Kolb 
Hi,
Trying to add AMQP input to connect with RabbitMQ, but input does not 
start. Can you please help? Following is graylog server log:

2017-02-13_12:36:08.35670 2017-02-13 13:36:08,342 ERROR: 
org.graylog2.shared.inputs.InputLauncher - The 
[org.graylog2.inputs.gelf.amqp.GELFAMQPInput] input with ID 
<58a1a833ea84240352ab0c9e> misfired. Reason: Connection refused.
2017-02-13_12:36:08.35733 org.graylog2.plugin.inputs.MisfireException: 
org.graylog2.plugin.inputs.MisfireException: Could not launch AMQP consumer.
2017-02-13_12:36:08.36173 at 
org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:156) 
~[graylog.jar:?]
2017-02-13_12:36:08.36503 at 
org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) 
[graylog.jar:?]
2017-02-13_12:36:08.36512 at 
com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
 
[graylog.jar:?]
2017-02-13_12:36:08.36614 at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
[?:1.8.0_101]
2017-02-13_12:36:08.39847 at 
java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_101]
2017-02-13_12:36:08.40479 at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_101]
2017-02-13_12:36:08.40688 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_101]
2017-02-13_12:36:08.40894 at java.lang.Thread.run(Thread.java:745) 
[?:1.8.0_101]
2017-02-13_12:36:08.41575 Caused by: 
org.graylog2.plugin.inputs.MisfireException: Could not launch AMQP consumer.
2017-02-13_12:36:08.43687 at 
org.graylog2.inputs.transports.AmqpTransport.doLaunch(AmqpTransport.java:179) 
~[graylog.jar:?]
2017-02-13_12:36:08.43858 at 
org.graylog2.plugin.inputs.transports.ThrottleableTransport.launch(ThrottleableTransport.java:75)
 
~[graylog.jar:?]
2017-02-13_12:36:08.44099 at 
org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) 
~[graylog.jar:?]
2017-02-13_12:36:08.45928 ... 7 more
2017-02-13_12:36:08.46113 Caused by: java.net.ConnectException: Connection 
refused
2017-02-13_12:36:08.46239 at java.net.PlainSocketImpl.socketConnect(Native 
Method) ~[?:1.8.0_101]
2017-02-13_12:36:08.46372 at 
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) 
~[?:1.8.0_101]
2017-02-13_12:36:08.46735 at 
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
 
~[?:1.8.0_101]
2017-02-13_12:36:08.47077 at 
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) 
~[?:1.8.0_101]
2017-02-13_12:36:08.47511 at 
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_101]
2017-02-13_12:36:08.47630 at java.net.Socket.connect(Socket.java:589) 
~[?:1.8.0_101]
2017-02-13_12:36:08.48921 at 
com.rabbitmq.client.impl.FrameHandlerFactory.create(FrameHandlerFactory.java:47)
 
~[graylog.jar:?]
2017-02-13_12:36:08.52276 at 
com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:822) 
~[graylog.jar:?]
2017-02-13_12:36:08.52512 at 
com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:778) 
~[graylog.jar:?]
2017-02-13_12:36:08.53003 at 
com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:868) 
~[graylog.jar:?]
2017-02-13_12:36:08.53488 at 
org.graylog2.inputs.transports.AmqpConsumer.connect(AmqpConsumer.java:176) 
~[graylog.jar:?]
2017-02-13_12:36:08.54119 at 
org.graylog2.inputs.transports.AmqpConsumer.run(AmqpConsumer.java:108) 
~[graylog.jar:?]
2017-02-13_12:36:08.55159 at 
org.graylog2.inputs.transports.AmqpTransport.doLaunch(AmqpTransport.java:176) 
~[graylog.jar:?]
2017-02-13_12:36:08.57116 at 
org.graylog2.plugin.inputs.transports.ThrottleableTransport.launch(ThrottleableTransport.java:75)
 
~[graylog.jar:?]
2017-02-13_12:36:08.57121 at 
org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) 
~[graylog.jar:?]
2017-02-13_12:36:08.57762 ... 7 more
2017-02-13_12:36:08.58163 2017-02-13 13:36:08,361 INFO : 
org.graylog2.inputs.InputStateListener - Input [GELF 
AMQP/58a1a833ea84240352ab0c9e] is now TERMINATED
2017-02-13_12:36:08.58165 2017-02-13 13:36:08,345 ERROR: 
com.google.common.eventbus.EventBus.graylog-eventbus - Exception thrown by 
subscriber method 
inputStateChanged(org.graylog2.plugin.events.inputs.IOStateChangedEvent) on 
subscriber org.graylog2.inputs.InputStateListener@47629063 when dispatching 
event: IOStateChangedEvent{oldState=STARTING, newState=FAILED, 
changedState=InputState{stoppable=GELFAMQPInput{title=rabbitmq, 
type=org.graylog2.inputs.gelf.amqp.GELFAMQPInput, nodeId=null}, 
state=FAILED, startedAt=2017-02-13T12:36:08.321Z, detailedMessage='null'}}
2017-02-13_12:36:08.59262 java.lang.NullPointerException
2017-02-13_12:36:08.59516 at 
java.util.Objects.requireNonNull(Objects.java:203) ~[?:1.8.0_101]
2017-02-13_12:36:08.59523 at 
org.graylog2.shared.system.activities.Activity.(Activity.java:34) 
~[graylog.jar:?]
2017-02-13_12:36:08.62209 at 
org.graylog2.inputs.InputSt

[graylog2] [ANN] New Graylog Forum

2017-02-15 Thread Taylor Rhoades 
We're excited to announce that we will be moving to a new forum! Starting 
today, you will be able to sign up for the Graylog Forum 
, which we will begin to use on February 
21st. This means you can continue to post your questions here up until 
February 21st, then our Google Groups mailing list will be set to 
read-only. The reasoning behind the move was due to the fact that the 
Google Groups UI is far less than optimal. In particular, searching through 
and finding information was tedious. With our new forum, we want this 
community to not only offer fast help in case of any questions but also for 
content to be easily searchable and consumable. 

Please read our full announcement here 
! We hope 
you enjoy the new forum and we will do our best to make this transition as 
smooth as possible! 

Thank you!  
The Graylog Team

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0cf96c46-6195-484c-bf1c-385bb9947fc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: SSL JVM

2017-02-15 Thread Jochen Schalanda 
Hi,

as long as you don't add your self-signed certificate to the trusted 
certificates of your web browsers as well, that "insecure" notification 
will remain.

Please consult the documentation of your web browser for this.

Cheers,
Jochen


On Wednesday, 15 February 2017 17:04:02 UTC+1, CTuser wrote:
>
> Hi Jochen,
>
> I've written it as follows:
>
> GRAYLOG_SERVER_JAVA_OPTS=" -Xms1g -Xmx1g -XX:NewRatio=1 -server 
> -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled 
> -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC 
> -XX:-OmitStackTraceInFastThrow 
> -Djavax.net.ssl.trustStore=/etc/graylog/cacerts.jks"
>
> I restarted the machine and it doesn't work.
> I still see the "connection is not secure" message.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1b79b825-a539-4d6b-9b1c-9e87df8abdff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: SSL JVM

2017-02-15 Thread CTuser 
Hi Jochen,

I've written it as follows:

GRAYLOG_SERVER_JAVA_OPTS=" -Xms1g -Xmx1g -XX:NewRatio=1 -server 
-XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled 
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC 
-XX:-OmitStackTraceInFastThrow 
-Djavax.net.ssl.trustStore=/etc/graylog/cacerts.jks"

I restarted the machine and it doesn't work.
I still see the "connection is not secure" message.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/e344e6c4-1771-4c1f-b605-339fd1ec6423%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to upgrade Graylog 2.1 > 2.2 ?

2017-02-15 Thread dheffem 


On Wednesday, February 15, 2017 at 3:09:36 AM UTC-6, Jochen Schalanda wrote:
>
> Hi,
>
> you can find upgrade instructions in the documentation, depending on how 
> you've installed Graylog in the first place.
>
>
Thanks. Very painless upgrade on Ubuntu.  
# wget 
https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.deb
# apt-get update
# apt-get install graylog-server (install overwrites 
/etc/graylog/server/server.conf so save a copy)
# reboot

Before rebooting, I applied my changes from a saved copy of  
/etc/graylog/server/server.conf. After the reboot everything worked great 
including LDAP user roles and access to streams. Well done!


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2689b385-5522-431c-b4af-7129fc1d271e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: SSL JVM

2017-02-15 Thread Jochen Schalanda 
Hi,

you can add JVM settings to the GRAYLOG_SERVER_JAVA_OPTS variable.

Cheers,
Jochen

On Wednesday, 15 February 2017 13:03:45 UTC+1, CTuser wrote:
>
> Hi Jochen,
>
> here is the output of the JVM settings (/etc/sysconfig/graylog-server):
> 
> # Path to the java executable.
> JAVA=/usr/bin/java
>
> # Default Java options for heap and garbage collection.
> GRAYLOG_SERVER_JAVA_OPTS=" -Xms1g -Xmx1g -XX:NewRatio=1 -server 
> -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled 
> -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC 
> -XX:-OmitStackTraceInFastThrow"
>
>
> # Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
> GRAYLOG_SERVER_ARGS=""
>
> # Program that will be used to wrap the graylog-server command. Useful to
> # support programs like authbind.
> GRAYLOG_COMMAND_WRAPPER=""
>
> 
>
> Where should I locate the following line?
> -Djavax.net.ssl.trustStore=/etc/graylog/cacerts.jks
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/574daddc-48d4-4516-8467-e46ca825c539%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: SSL JVM

2017-02-15 Thread CTuser 
Hi Jochen,

here is the output of the JVM settings (/etc/sysconfig/graylog-server):

# Path to the java executable.
JAVA=/usr/bin/java

# Default Java options for heap and garbage collection.
GRAYLOG_SERVER_JAVA_OPTS=" -Xms1g -Xmx1g -XX:NewRatio=1 -server 
-XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled 
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC 
-XX:-OmitStackTraceInFastThrow"


# Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
GRAYLOG_SERVER_ARGS=""

# Program that will be used to wrap the graylog-server command. Useful to
# support programs like authbind.
GRAYLOG_COMMAND_WRAPPER=""



Where should I locate the following line?
-Djavax.net.ssl.trustStore=/etc/graylog/cacerts.jks


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1f31592e-a372-471c-a2bc-865ded67b534%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Assistance with Pipeline Processor Function Plugin

2017-02-15 Thread Jochen Schalanda 
Hi Bill,

just for the fun of it, try using a unique ID and a plugin file name that 
lexicographically comes *after* the Graylog Pipeline Processor Plugin.

Cheers,
Jochen

On Wednesday, 15 February 2017 12:04:41 UTC+1, Bill Murrin wrote:
>
> I am looking for assistance with a plugin I am trying to create for a 
> pipeline processor function.
>
> I followed along with the tutorial (
> https://www.graylog.org/blog/71-writing-your-own-graylog-processing-pipeline-functions
> ) and also looked at source code for other pipeline processor functions. 
> I cannot for the life of me figure out what is causing it to error out. I'm 
> trying to get to a point where I can output debug code when I test the 
> function out.
>
> Everything appears to compile fine when I *mvn package* the code. 
>
> My graylog-plugin.properties file lists *isolated**=false*. I'm testing 
> the plugin using the* 2.1.3* ova file.
>
> Path to the project on my GitHub page:
> https://github.com/billmurrin/graylog-plugin-slookup-function
>
> When I add it as a plugin and restart graylog I get the following error:
>
> *2017-02-15_10:58:04.98543 2017-02-15 10:58:04,984 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Stream Lookup (SLookup) 
> pipeline function 1.0.0 [StreamLookupFunction]*
> 2017-02-15_10:58:04.98566 2017-02-15 10:58:04,985 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elastic Beats Input 
> 1.1.5 [org.graylog.plugins.beats.BeatsInputPlugin]
> 2017-02-15_10:58:04.98619 2017-02-15 10:58:04,985 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 1.1.3 
> [org.graylog.plugins.collector.CollectorPlugin]
> 2017-02-15_10:58:04.98712 2017-02-15 10:58:04,986 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Enterprise Integration 
> Plugin 1.1.3 
> [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
> 2017-02-15_10:58:04.98821 2017-02-15 10:58:04,986 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: MapWidgetPlugin 1.1.3 
> [org.graylog.plugins.map.MapWidgetPlugin]
> 2017-02-15_10:58:04.98892 2017-02-15 10:58:04,986 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Pipeline Processor 
> Plugin 1.1.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
> 2017-02-15_10:58:04.98939 2017-02-15 10:58:04,987 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: QuickValuesPlusWidget 
> 1.0.0 [org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin]
> 2017-02-15_10:58:04.99000 2017-02-15 10:58:04,987 INFO : 
> org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Anonymous Usage 
> Statistics 2.1.3 [org.graylog.plugins.usagestatistics.UsageStatsPlugin]
>
>
> 2017-02-15_10:58:05.23546 2017-02-15 10:58:05,234 INFO : 
> org.hibernate.validator.internal.util.Version - HV01: Hibernate 
> Validator 5.2.4.Final
> 2017-02-15_10:58:05.77808* Exception in thread "main" 
> java.lang.NoClassDefFoundError: 
> org/graylog/plugins/pipelineprocessor/ast/functions/AbstractFunction*
> 2017-02-15_10:58:05.77839   at 
> java.lang.ClassLoader.defineClass1(Native Method)
> 2017-02-15_10:58:05.77926   at 
> java.lang.ClassLoader.defineClass(ClassLoader.java:763)
> 2017-02-15_10:58:05.77946   at 
> java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
> 2017-02-15_10:58:05.78004   at 
> java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
> 2017-02-15_10:58:05.78028   at 
> java.net.URLClassLoader.access$100(URLClassLoader.java:73)
> 2017-02-15_10:58:05.78089   at 
> java.net.URLClassLoader$1.run(URLClassLoader.java:368)
> 2017-02-15_10:58:05.78137   at 
> java.net.URLClassLoader$1.run(URLClassLoader.java:362)
> 2017-02-15_10:58:05.78227   at 
> java.security.AccessController.doPrivileged(Native Method)
> 2017-02-15_10:58:05.78292   at 
> java.net.URLClassLoader.findClass(URLClassLoader.java:361)
> 2017-02-15_10:58:05.78330   at 
> java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> 2017-02-15_10:58:05.78413   at 
> java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:814)
> 2017-02-15_10:58:05.78430   at 
> java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> 2017-02-15_10:58:05.78594   at 
> org.graylog.plugins.slookup.StreamLookupFunctionModule.configure(StreamLookupFunctionModule.java:22)
> 2017-02-15_10:58:05.78612   at 
> com.google.inject.AbstractModule.configure(AbstractModule.java:62)
> 2017-02-15_10:58:05.78668   at 
> com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
> 2017-02-15_10:58:05.78701   at 
> org.graylog2.shared.bindings.PluginBindings.configure(PluginBindings.java:51)
> 2017-02-15_10:58:05.78802   at 
> com.google.inject.AbstractModule.configure(AbstractModule.java:62)
> 2017-02-15_10:58:05.78833   at 
> com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
> 2017-02-15_10:58:05.78885   at 
> com.google.inject.spi.Elements.getElements(Elements.java:110)
> 2017-0

[graylog2] Assistance with Pipeline Processor Function Plugin

2017-02-15 Thread Bill Murrin 
I am looking for assistance with a plugin I am trying to create for a 
pipeline processor function.

I followed along with the tutorial 
(https://www.graylog.org/blog/71-writing-your-own-graylog-processing-pipeline-functions)
 and 
also looked at source code for other pipeline processor functions. I cannot 
for the life of me figure out what is causing it to error out. I'm trying 
to get to a point where I can output debug code when I test the function 
out.

Everything appears to compile fine when I *mvn package* the code. 

My graylog-plugin.properties file lists *isolated**=false*. I'm testing the 
plugin using the* 2.1.3* ova file.

Path to the project on my GitHub page:
https://github.com/billmurrin/graylog-plugin-slookup-function

When I add it as a plugin and restart graylog I get the following error:

*2017-02-15_10:58:04.98543 2017-02-15 10:58:04,984 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Stream Lookup (SLookup) 
pipeline function 1.0.0 [StreamLookupFunction]*
2017-02-15_10:58:04.98566 2017-02-15 10:58:04,985 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elastic Beats Input 
1.1.5 [org.graylog.plugins.beats.BeatsInputPlugin]
2017-02-15_10:58:04.98619 2017-02-15 10:58:04,985 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 1.1.3 
[org.graylog.plugins.collector.CollectorPlugin]
2017-02-15_10:58:04.98712 2017-02-15 10:58:04,986 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Enterprise Integration 
Plugin 1.1.3 
[org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2017-02-15_10:58:04.98821 2017-02-15 10:58:04,986 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: MapWidgetPlugin 1.1.3 
[org.graylog.plugins.map.MapWidgetPlugin]
2017-02-15_10:58:04.98892 2017-02-15 10:58:04,986 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Pipeline Processor 
Plugin 1.1.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2017-02-15_10:58:04.98939 2017-02-15 10:58:04,987 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: QuickValuesPlusWidget 
1.0.0 [org.graylog.plugins.quickvaluesplus.QuickValuesPlusWidgetPlugin]
2017-02-15_10:58:04.99000 2017-02-15 10:58:04,987 INFO : 
org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Anonymous Usage 
Statistics 2.1.3 [org.graylog.plugins.usagestatistics.UsageStatsPlugin]


2017-02-15_10:58:05.23546 2017-02-15 10:58:05,234 INFO : 
org.hibernate.validator.internal.util.Version - HV01: Hibernate 
Validator 5.2.4.Final
2017-02-15_10:58:05.77808* Exception in thread "main" 
java.lang.NoClassDefFoundError: 
org/graylog/plugins/pipelineprocessor/ast/functions/AbstractFunction*
2017-02-15_10:58:05.77839   at 
java.lang.ClassLoader.defineClass1(Native Method)
2017-02-15_10:58:05.77926   at 
java.lang.ClassLoader.defineClass(ClassLoader.java:763)
2017-02-15_10:58:05.77946   at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
2017-02-15_10:58:05.78004   at 
java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
2017-02-15_10:58:05.78028   at 
java.net.URLClassLoader.access$100(URLClassLoader.java:73)
2017-02-15_10:58:05.78089   at 
java.net.URLClassLoader$1.run(URLClassLoader.java:368)
2017-02-15_10:58:05.78137   at 
java.net.URLClassLoader$1.run(URLClassLoader.java:362)
2017-02-15_10:58:05.78227   at 
java.security.AccessController.doPrivileged(Native Method)
2017-02-15_10:58:05.78292   at 
java.net.URLClassLoader.findClass(URLClassLoader.java:361)
2017-02-15_10:58:05.78330   at 
java.lang.ClassLoader.loadClass(ClassLoader.java:424)
2017-02-15_10:58:05.78413   at 
java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:814)
2017-02-15_10:58:05.78430   at 
java.lang.ClassLoader.loadClass(ClassLoader.java:357)
2017-02-15_10:58:05.78594   at 
org.graylog.plugins.slookup.StreamLookupFunctionModule.configure(StreamLookupFunctionModule.java:22)
2017-02-15_10:58:05.78612   at 
com.google.inject.AbstractModule.configure(AbstractModule.java:62)
2017-02-15_10:58:05.78668   at 
com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
2017-02-15_10:58:05.78701   at 
org.graylog2.shared.bindings.PluginBindings.configure(PluginBindings.java:51)
2017-02-15_10:58:05.78802   at 
com.google.inject.AbstractModule.configure(AbstractModule.java:62)
2017-02-15_10:58:05.78833   at 
com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
2017-02-15_10:58:05.78885   at 
com.google.inject.spi.Elements.getElements(Elements.java:110)
2017-02-15_10:58:05.78925   at 
com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138)
2017-02-15_10:58:05.79088   at 
com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104)
2017-02-15_10:58:05.79124   at 
com.google.inject.Guice.createInjector(Guice.java:99)
2017-02-15_10:58:05.79306   at 
org.graylog2.shared.bindings.Hk2GuiceBridgeJitInjector

[graylog2] Re: SSL JVM

2017-02-15 Thread Jochen Schalanda 
Hi,

please refer 
to http://docs.graylog.org/en/2.2/pages/configuration/file_location.html 
for the specific location of the file for the JVM settings.

Cheers,
Jochen

On Wednesday, 15 February 2017 11:15:01 UTC+1, CTuser wrote:
>
> Hi Jochen,
>
> I already followed the "Adding a self-signed certificate to the JVM trust 
> store" section.
> I also verified that the self-signed certificate has been added 
> successfully to the key store.
> I don't know how to cause the JVM to pick up the new trust store.
> According to the guide it has to be started with the JVM parameter 
> -Djavax.net.ssl.trustStore=/path/to/cacerts.jks  
> //it tells me nothing
>
> Please assist. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/bb2aacc6-0642-4594-beaa-86d6b06d8251%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Send logs from FreeBSD to Graylog

2017-02-15 Thread Danie de Jager 
I was able to get past the errors. I used the filebeat yaml file from 
another server running linux. I used a new UUID and changed the tag from 
linux to freebsd. The agent now starts without any errors. the filebeat 
yaml file generated by graylog seems a bit different than the default. As 
example:

from Graylog:
output:
  logstash:
hosts:
- x:5044

vs default:
output.logstash:
  hosts: ["x:5044"]

I'm sure in YML they are the same thing. 

On Wednesday, 15 February 2017 12:13:26 UTC+2, Danie de Jager wrote:
>
> Hi,
>
> I have some FreeBSD servers which logs I want to send to Graylog2.1 and 
> now 2.2. I'm not finding an elegant solution as SyslogD does not seem to be 
> able to ship my application's log files to Graylog. The OS logs receive 
> fine as I set a "syslog UDP" input.
>
> What I want would prefer to do is to use the filebeat application that 
> does have a Freebsd build to ship my logs to Graylog's Beats Input. I don't 
> see that the Graylog sidecar works on FreeBSD.
>
> I installed filebeat 5.1.1 and edit the provided filebeat.yml to use 
> logstash instead of elasticsearch. When I started the filebeat service I 
> got a nasty error scrolling over my screen:
>
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> ^C
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
> Exiting: Could not start registrar: Error loading state: Error decoding 
> states: EOF
>
> This does not happen when I use the Sidecar collector on Linux to send to 
> Graylog or use the filebeat agent to connect to a ELK system. Is there 
> something
> in Graylog that is causing this to happen when using filebeat direct? I'm 
> not sure what would be the best way to get various log files on a FreeBSD 
> server into Graylog.
>
> Regards,
> Danie
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/30d63fef-96f5-48d0-949a-a8ac1a9712a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: SSL JVM

2017-02-15 Thread CTuser 
Hi Jochen,

I already followed the "Adding a self-signed certificate to the JVM trust 
store" section.
I also verified that the self-signed certificate has been added 
successfully to the key store.
I don't know how to cause the JVM to pick up the new trust store.
According to the guide it has to be started with the JVM parameter 
-Djavax.net.ssl.trustStore=/path/to/cacerts.jks  
//it tells me nothing

Please assist. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/134f44ba-f9b2-465d-b9b3-d3b85b28a114%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to upgrade Graylog 2.1 > 2.2 ?

2017-02-15 Thread Danie de Jager 
I used the Centos Repo to do my original install. I added the repo for 2.2 
which replaced 2.1 after I ran "yum update"

On Wednesday, 15 February 2017 00:26:13 UTC+2, dhe...@gmail.com wrote:
>
> I looked here  http://docs.graylog.org/en/2.2/pages/upgrade.html  and 
> don't see any directions for upgrading Graylog 2.1  to 2.2. A Stackoverflow 
> post[1] mentions backing up /etc/gralog2.conf and simply untarring the new 
> graylog. Is this the correct upgrade path?  I've already posted this 
> question by accident to the SELKS group so I have ruled out that I've 
> likely missed something completely obvious. 
>
> Thanks
>
>  [1] 
> http://stackoverflow.com/questions/25438095/how-can-i-upgrade-graylog2-to-a-newer-version
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/59a480fd-ae6c-44c9-88ad-9becc137cd4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Send logs from FreeBSD to Graylog

2017-02-15 Thread Danie de Jager 
Hi,

I have some FreeBSD servers which logs I want to send to Graylog2.1 and now 
2.2. I'm not finding an elegant solution as SyslogD does not seem to be 
able to ship my application's log files to Graylog. The OS logs receive 
fine as I set a "syslog UDP" input.

What I want would prefer to do is to use the filebeat application that does 
have a Freebsd build to ship my logs to Graylog's Beats Input. I don't see 
that the Graylog sidecar works on FreeBSD.

I installed filebeat 5.1.1 and edit the provided filebeat.yml to use 
logstash instead of elasticsearch. When I started the filebeat service I 
got a nasty error scrolling over my screen:

Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
^C
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF
Exiting: Could not start registrar: Error loading state: Error decoding 
states: EOF

This does not happen when I use the Sidecar collector on Linux to send to 
Graylog or use the filebeat agent to connect to a ELK system. Is there 
something
in Graylog that is causing this to happen when using filebeat direct? I'm 
not sure what would be the best way to get various log files on a FreeBSD 
server into Graylog.

Regards,
Danie

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cd9b2da9-1749-49ac-b993-0e97c6d319e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Incorrect Graylog Cluster details

2017-02-15 Thread Jochen Schalanda 
Hi Paweł,

please describe exactly what you did and which error messages you've seen. 
Additionally describe the current situation, the configuration of all 
Graylog nodes, and what problem you're trying to solve right now.

Cheers,
Jochen

On Wednesday, 15 February 2017 00:34:59 UTC+1, Paweł Karoluk wrote:
>
> Hi Jochen, You're right but there is another problem
> I have tried to enable rest_transport_uri with "public IP" but it couldn't 
> bind to Interface with port 9000 or 12900. I have SeLinux na IPtables 
> disabled so it's not a problem, maybe something else
>
> # netstat -tlpn | grep java
> tcp0  0 :::127.0.0.1:9000  :::*   
>   LISTEN  62396/java  
> tcp0  0 :::10.0.0.1:9200:::* 
> LISTEN  62396/java  
> tcp0  0 :::10.0.0.1:9300:::* 
> LISTEN  62396/java 
>
>
> My current config:
>
> rest_listen_uri = http://127.0.0.1:9000/api/
> rest_transport_uri = http://10.0.0.1:9000/api/
>
> web_listen_uri = http://127.0.0.1:9000/
> web_endpoint_uri = https://graylog1.local/api/
>
> HAproxy config:
> https://graylog1.local/ -> 127.0.0.1:9000
>
> I will appreciate any help
>
> Cheers!
>
>
> Hi, I have two node Graylog Cluster and as you can see there is some wrong 
>> with cluster config:
>>
>>
>> *GET /api/system/cluster/nodes*
>>
>> {
>> nodes: [
>> {
>> cluster_id: "6701202c-a9fe-42d2-8d5a-015acf66fbfa",
>> node_id: "5f596ebf-a988-4c08-858e-67d38a3e483b",
>> type: "server",
>> transport_address: "http://127.0.0.1:9000/api/";,
>> last_seen: "2017-02-10T00:45:30.000Z",
>> short_node_id: "5f596ebf",
>> hostname: "analog1.local",
>> is_master: true
>> },
>> {
>> cluster_id: "6701202c-a9fe-42d2-8d5a-015acf66fbfa",
>> node_id: "8be9e293-f60b-40c6-a0e6-8af6d617eb1a",
>> type: "server",
>> transport_address: "http://127.0.0.1:9000/api/";,
>> last_seen: "2017-02-10T00:45:30.000Z",
>> short_node_id: "8be9e293",
>> hostname: "analog2.local",
>> is_master: false
>> }
>> ],
>> total: 2
>> }
>>
>>
>> *GET /api/cluster*
>>
>> {
>> 5f596ebf-a988-4c08-858e-67d38a3e483b: {
>> facility: "graylog-server",
>> codename: "Smuttynose",
>> node_id: "5f596ebf-a988-4c08-858e-67d38a3e483b",
>> cluster_id: "6701202c-a9fe-42d2-8d5a-015acf66fbfa",
>> version: "2.1.3+040d371",
>> started_at: "2017-02-10T00:27:13.101Z",
>> hostname: "analog1.local",
>> lifecycle: "running",
>> lb_status: "alive",
>> timezone: "Europe/Warsaw",
>> operating_system: "Linux 2.6.32-642.13.1.el6.x86_64",
>> is_processing: true
>> },
>> 8be9e293-f60b-40c6-a0e6-8af6d617eb1a: {
>> facility: "graylog-server",
>> codename: "Smuttynose",
>> node_id: "5f596ebf-a988-4c08-858e-67d38a3e483b",
>> cluster_id: "6701202c-a9fe-42d2-8d5a-015acf66fbfa",
>> version: "2.1.3+040d371",
>> started_at: "2017-02-10T00:27:13.101Z",
>> hostname: "analog1.local",
>> lifecycle: "running",
>> lb_status: "alive",
>> timezone: "Europe/Warsaw",
>> operating_system: "Linux 2.6.32-642.13.1.el6.x86_64",
>> is_processing: true
>> }
>> }
>>
>>
>> In /api/cluster I supposed to get two different node_id and hostname, but 
>> hostnames are the same. As the result when I want to check the 
>> /system/nodes I got dubbed stats only of one host. The real HeapSize of 
>> analog2 is only 2GB (img: analog2-system-nodes 
>> ) not 4GB as analog1 - master node 
>> (img: analog1-system-nodes ).
>>
>>
>> MongoDB and ES Cluster are external and shared for both hosts.
>>
>>
>> Thanks Guys
>>
>>
>> Pawel
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/889031aa-aa6a-479d-a8a0-b73f62219bd8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: SSL JVM

2017-02-15 Thread Jochen Schalanda 
Hi,

the necessary steps are described in the documentation at 
http://docs.graylog.org/en/2.2/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store
.

Cheers,
Jochen

On Wednesday, 15 February 2017 09:14:03 UTC+1, CTuser wrote:
>
> Hi,
>
> I created self-signed certificate and currently the connection via https 
> is not secure because I didn't do the JVM step.
>
> Please explain what should I do in the following step:
>
> " In order for the JVM to pick up the new trust store, it has to be 
> started with the JVM parameter 
> -Djavax.net.ssl.trustStore=/path/to/cacerts.jks. If you’ve been using 
> another password to encrypt the JVM trust store than the default changeit, 
> you additionally have to set the JVM parameter 
> -Djavax.net.ssl.trustStorePassword=secret.
>
> Most start and init scripts for Graylog provide a JAVA_OPTS variable 
> which can be used to pass the javax.net.ssl.trustStore and (optionally) 
> javax.net.ssl.trustStorePassword system properties.  "
>
>
> Graylog version: 2.1.2
>
> OS: CentOS 7
>
>
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/12caa576-733e-4e7e-9931-daa2f4355505%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: How to upgrade Graylog 2.1 > 2.2 ?

2017-02-15 Thread Jochen Schalanda 
Hi,

you can find upgrade instructions in the documentation, depending on how 
you've installed Graylog in the first place.

http://docs.graylog.org/en/2.2/pages/configuration/graylog_ctl.html#upgrade-graylog
http://docs.graylog.org/en/2.2/pages/installation/operating_system_packages.html#deb-apt
http://docs.graylog.org/en/2.2/pages/installation/operating_system_packages.html#rpm-yum-dnf

Cheers,
Jochen


On Tuesday, 14 February 2017 23:26:13 UTC+1, dhe...@gmail.com wrote:
>
> I looked here  http://docs.graylog.org/en/2.2/pages/upgrade.html  and 
> don't see any directions for upgrading Graylog 2.1  to 2.2. A Stackoverflow 
> post[1] mentions backing up /etc/gralog2.conf and simply untarring the new 
> graylog. Is this the correct upgrade path?  I've already posted this 
> question by accident to the SELKS group so I have ruled out that I've 
> likely missed something completely obvious. 
>
> Thanks
>
>  [1] 
> http://stackoverflow.com/questions/25438095/how-can-i-upgrade-graylog2-to-a-newer-version
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/67a4f0c8-c3a2-42ca-9ca1-628f9afe2c18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [ANN] Graylog 2.2.0 has been released

2017-02-15 Thread Jochen Schalanda 
Hi Anas,

On Wednesday, 15 February 2017 09:33:50 UTC+1, Benbrahim Anass wrote:
>
> Congratulations on the new release, is there anything new about custom 
> dashboards ?
>

Please refer to the release notes for detailed information: 
https://www.graylog.org/blog/88-announcing-graylog-v2-2-0

Cheers,
Jochen

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/eb2838dd-c028-45c1-a6e7-f5eea8760317%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: [ANN] Graylog 2.2.0 has been released

2017-02-15 Thread Benbrahim Anass 
Hi Jochen & Graylog team

Congratulations on the new release, is there anything new about custom 
dashboards ?

Thanks in advance
Anas

Le mardi 14 février 2017 16:07:13 UTC+1, Jochen Schalanda a écrit :
>
> Hi everyone,
>
> I'm proud to announce the GA release of Graylog 2.2.0!
>
> We've put a lot of work into this release to bring you interesting 
> features like improved retention and rotation (index sets) and enhanced 
> alerting.
>
> You can find the release notes for Graylog 2.2.0 at:
>
> https://www.graylog.org/blog/88-announcing-graylog-v2-2-0
>
>
> If you have any questions about the new release of Graylog, don't hesitate 
> to get into one of our community support channels: 
> https://www.graylog.org/community-support
>
> And of course we're also offering professional support services for the 
> latest and greatest version of Graylog: 
> https://www.graylog.org/professional-support
>
>
> Previous release notes:
>
>- https://www.graylog.org/blog/77-announcing-graylog-2-2-0-beta-2
>- https://www.graylog.org/blog/78-announcing-graylog-v2-2-0-beta-3
>- https://www.graylog.org/blog/79-announcing-graylog-v2-2-0-beta-4
>- https://www.graylog.org/blog/80-announcing-graylog-v2-2-0-beta-5
>- https://www.graylog.org/blog/81-announcing-graylog-v2-2-0-beta-6
>- https://www.graylog.org/blog/85-announcing-graylog-v2-2-0-rc-1
>
>
> Cheers,
> Jochen (in the name of the Graylog team)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c8e5b862-2512-4d09-a42d-166cb5b26687%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] SSL JVM

2017-02-15 Thread CTuser 
Hi,

I created self-signed certificate and currently the connection via https is 
not secure because I didn't do the JVM step.

Please explain what should I do in the following step:

" In order for the JVM to pick up the new trust store, it has to be started 
with the JVM parameter -Djavax.net.ssl.trustStore=/path/to/cacerts.jks. If 
you’ve been using another password to encrypt the JVM trust store than the 
default changeit, you additionally have to set the JVM parameter 
-Djavax.net.ssl.trustStorePassword=secret.

Most start and init scripts for Graylog provide a JAVA_OPTS variable which 
can be used to pass the javax.net.ssl.trustStore and (optionally) 
javax.net.ssl.trustStorePassword system properties.  "


Graylog version: 2.1.2

OS: CentOS 7


Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/652a3449-08c1-4508-8024-3a7897df84d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.