from:"'Peter Griggs' via Graylog Users"

[graylog2] Re: Graylog Processing

2017-01-25 Thread 'Peter Griggs' via Graylog Users

Hi Jochen,

Both are on the same version, don't suppose you have any other ideas this 
is driving me potty!

Thanks
Pete.

On Friday, 20 January 2017 12:23:00 UTC, Jochen Schalanda wrote:
>
> Hi Peter,
>
> are the versions of Graylog identical?
> Are you using any extractors?
> Are you using any processing pipeline rules?
>
> Cheers,
> Jochen
>
> On Friday, 20 January 2017 11:01:36 UTC+1, Peter Griggs wrote:
>>
>> Hi
>>
>> Both are identical. :-/
>>
>> 1 GeoIP Resolver active
>> 2 Pipeline Processor active
>> 3 Message Filter Chain active
>> Cheers
>> Pete.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5169e8e9-b9d1-4116-be50-d48191cb1dfb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog Processing

2017-01-23 Thread 'Peter Griggs' via Graylog Users

Hi Jochen,

Yep both running same version, the only processing rules being used is as 
follows from your tutorial: https://github.com/Graylog2/graylog-guide-snort 
This works on one instance but not on the other.

Thanks
Pete.

On Friday, 20 January 2017 12:23:00 UTC, Jochen Schalanda wrote:
>
> Hi Peter,
>
> are the versions of Graylog identical?
> Are you using any extractors?
> Are you using any processing pipeline rules?
>
> Cheers,
> Jochen
>
> On Friday, 20 January 2017 11:01:36 UTC+1, Peter Griggs wrote:
>>
>> Hi
>>
>> Both are identical. :-/
>>
>> 1 GeoIP Resolver active
>> 2 Pipeline Processor active
>> 3 Message Filter Chain active
>> Cheers
>> Pete.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dfc6f6f1-8619-43e0-87a4-eb4d5e9aa1dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog Processing

2017-01-20 Thread 'Peter Griggs' via Graylog Users

Hi

Both are identical. :-/

1 GeoIP Resolver active
2 Pipeline Processor active
3 Message Filter Chain active
Cheers
Pete.

On Friday, 20 January 2017 09:58:44 UTC, Jochen Schalanda wrote:
>
> Hi Peter,
>
> what's the order of message processors in both Graylog instances? You can 
> find it on the System / Configurations page in the Message Processors 
> Configuration section.
>
> Cheers,
> Jochen
>
> On Friday, 20 January 2017 10:46:39 UTC+1, Peter Griggs wrote:
>>
>> Hi Jochen,
>>
>> On the working box the pipeline is processing and extracting the fields 
>> however on the new setup it isn't. I have the rules, piplelines and streams 
>> setup identically. I am probably missing something stupid but have spent a 
>> couple of days working on it and its starting to bug me.
>>
>> Here is an image of a log message which is identical to the one on the 
>> working box however this one isn't processing the rules despite it saying 
>> it is being routed through.
>>
>> Cheers
>>
>>
>> 
>> Pete.
>>
>> On Thursday, 19 January 2017 09:34:34 UTC, Jochen Schalanda wrote:
>>>
>>> Hi Peter,
>>>
>>> On Thursday, 19 January 2017 10:26:15 UTC+1, Peter Griggs wrote:

 I have two graylog instances setup (these are separate on separate 
 sites) one works fine the other is a mirror setup however the processing 
 is 
 not working.

>>>
>>> What does "is not working" mean exactly?
>>>
>>> Are there any error messages? What did you do, what did you expect to 
>>> happen, and what actually happened?
>>>
>>> Cheers,
>>> Jochen
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/875d87c3-aa17-4be9-ad7b-9e7b9ea871ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog Processing

2017-01-20 Thread 'Peter Griggs' via Graylog Users

Hi Jochen,

On the working box the pipeline is processing and extracting the fields 
however on the new setup it isn't. I have the rules, piplelines and streams 
setup identically. I am probably missing something stupid but have spent a 
couple of days working on it and its starting to bug me.

Here is an image of a log message which is identical to the one on the 
working box however this one isn't processing the rules despite it saying 
it is being routed through.

Cheers

Pete.

On Thursday, 19 January 2017 09:34:34 UTC, Jochen Schalanda wrote:
>
> Hi Peter,
>
> On Thursday, 19 January 2017 10:26:15 UTC+1, Peter Griggs wrote:
>>
>> I have two graylog instances setup (these are separate on separate sites) 
>> one works fine the other is a mirror setup however the processing is not 
>> working.
>>
>
> What does "is not working" mean exactly?
>
> Are there any error messages? What did you do, what did you expect to 
> happen, and what actually happened?
>
> Cheers,
> Jochen
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f3582dca-12a9-4841-ae60-737dc514%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Processing

2017-01-19 Thread 'Peter Griggs' via Graylog Users



Hello,


I have two graylog instances setup (these are separate on separate sites) 
one works fine the other is a mirror setup however the processing is not 
working.


This is to extract snort alerts from the syslog message and put into the 
fields however it just isn't doing this.


Has anyone else experienced issues with the processing pipeline? Or if any 
one has any ideas?


Centos 7
Graylog v2.1.2+50e449a



Thanks
Pete

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/686958b3-3eac-4a6f-9093-9ef9adb96935%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog Processing

[graylog2] Re: Graylog Processing

[graylog2] Re: Graylog Processing

[graylog2] Re: Graylog Processing

[graylog2] Graylog Processing

5 matches

Site Navigation

Mail list logo

Footer information