[graylog2] Re: Update AWS instances
Great, thanks Jochen On Friday, August 14, 2015 at 4:28:39 AM UTC-4, Jochen Schalanda wrote: Hi Brandon, upgrading the Graylog Omnibus package inside your existing AMI is still possible and should work exactly as you've described. Cheers, Jochen On Thursday, 13 August 2015 23:27:14 UTC+2, Brandon Shiner wrote: In July, when the AMI documentation was moved to ReadTheDocs, the notes on performing an upgrade were removed. Is it still possible to perform an upgrade on an existing 1.1.X AMI using them? ie -wget https://packages.graylog2.org/releases/graylog2-omnibus/ubuntu/graylog_latest.deb -sudo graylog-ctl stop -sudo dpkg -G -i graylog_latest.deb -sudo graylog-ctl reconfigure Thanks, Brandon On Thursday, April 30, 2015 at 3:59:21 PM UTC-4, den...@tamtam.nl wrote: Hi, We've have a Graylog cluster running in EC2 (Amazon) with the default AMI's, working great :) But now we want to upgrade to the new version... how do we achieve that? Do i need to spin up new instances, if so : How do i migrate all the data to the new machines? -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/dc478a2a-4c18-47c2-a8b5-2a54681cb89b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Update AWS instances
In July, when the AMI documentation was moved to ReadTheDocs, the notes on performing an upgrade were removed. Is it still possible to perform an upgrade on an existing 1.1.X AMI using them? ie -wget https://packages.graylog2.org/releases/graylog2-omnibus/ubuntu/graylog_latest.deb -sudo graylog-ctl stop -sudo dpkg -G -i graylog_latest.deb -sudo graylog-ctl reconfigure Thanks, Brandon On Thursday, April 30, 2015 at 3:59:21 PM UTC-4, den...@tamtam.nl wrote: Hi, We've have a Graylog cluster running in EC2 (Amazon) with the default AMI's, working great :) But now we want to upgrade to the new version... how do we achieve that? Do i need to spin up new instances, if so : How do i migrate all the data to the new machines? -- You received this message because you are subscribed to the Google Groups Graylog Users group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4f558140-408e-4930-8462-c91ac487863a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: Multiple source IP addresses to one Stream group - HOW? POSSIBLE? A BETTER WAY?
As far as I know the source is not mandatory. You can create a proper regex to pull in messages meeting the criteria from one of many sources. Maybe setting up extractors and then using the exists clause from a stream would give you want you want. Using an extractor you can set a specific field as true or whatever you want then use the stream to pull in logs having only that field set. On 05/29/2015 04:06 PM, Henrik Johansen wrote: Hi Aidan, I am curious - why do you need a stream per source / keyword combination? Could you outline what you want to achieve with that solution - perhaps you're just approaching the problem the wrong way? The only reason I can think of for doing what you have outlined is permissions (ie strict delegation of access based on source / keyword combinations) ... ? --- HenrikJ On 29. maj 2015 kl. 21.55.11 CEST, Aidan Venn aidanv...@gmail.com wrote: Hi Jochemb, They could be a thousand sources but I only want to Create and EDIT one set of related streams that are applied to the sources when edited. A one to many approach. ONE set of streams MANY source ip addresses. Stream set: stream 1-keyword:disconnect steram 2-keyword:loss stream 3-keyword:fail stream 4-keyword:error steram 5-keyword:connect stream 6-keyword:deauthenticate stream 7-keyword:reconnect steram 8-keyword:failure stream 9-keyword:crash These would then be applied to 1000+ sources. If I then need to make a change I only have to do it once. Thanks for taking an interest. Kind Regards Aidan Venn On Friday, May 29, 2015 at 1:27:01 PM UTC+1, Jochemb wrote: Make three streams: stream 1-keyword:disconnect steram 2-keyword:loss stream 3-keyword:fail Without a source? Op donderdag 28 mei 2015 10:40:20 UTC+2 schreef Aidan Venn: https://lh3.googleusercontent.com/-VXS0tYSBx3Y/VWYbA0x3z0I/Dg8/7ZikVzm-U_U/s1600/Untitled.png Hi, Garylog Newbie Please see picture attached. I have three streams matching a single source IP and warning keywords from logs: source IP: 192.168.0.1 stream 1-keyword:disconnect steram 2-keyword:loss stream 3-keyword:fail I want to group these streams and apply to multiple (1000 +) source IP addresses to benefit future scalability and large scale administration. Basically for each source IP they will be three or more streams but I only have to configure/edit the group once. I don`t want to have 1000 devices then have to copy each stream and then change the source IP address match. 10 keyword stream x 1000 devices would then equal 1 streams in total to configure and edit. This would be very time consuming. Especially if I had to make a change. One change to the group would apply to all. A one to many relationship. How can I do this? Perhaps my approach/idaea is incorrect so any recommendations would be great. Kind Regards Aidan Venn -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com mailto:graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com mailto:graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
