[graylog2] Re: graylog forgets User Role relationship
Hallo Jochen, thanks for the quick help. we use Graylog 2.1.2 (virt. Appliance). Now I found the button "LDAP Mapping". With this it is possible to connect the roles with the LDAP groups. (Was this botton somewhere else in the webinterface before?) But there is still the issue with the duplicate user entries. Regards, Dietmar On Friday, November 18, 2016 at 9:34:15 AM UTC+1, Jochen Schalanda wrote: > > Hi Dietmar, > > which version of Graylog are you using exactly? > > This issue (or at least a very similar one) has been fixed in Graylog > 2.1.0, see https://github.com/Graylog2/graylog2-server/pull/2529 for > details. > > Cheers, > Jochen > > On Friday, 18 November 2016 09:04:25 UTC+1, Dietmar Schurr wrote: >> >> Hello, >> >> Graylog works great so far, and we use AD to authenticate the users. >> >> With 'group mapping' in the LDAP settings we have various departments as >> groups. >> >> Once a specific user logs in, we map this user to a specific role with >> the appropriate access rights (for strams and dashboards). >> >> That's fine, but graylog seems randomly to "forget" this mapping, which >> means, that this user looses all rights which are connected with the >> specific role. The user falls back to the default, which means almost no >> rights. What's wrong here? >> >> Another problem ist, that, the user sometimes use small, and somtimes >> capital letters to log in (always with the AD account). Graylog creates two >> user accounts like MUELLER01 and mueller01. >> Is there a way to merge those accounts? Is there a way to force graylog >> to do a LDAP query always with uppercase (or lowercase) letters? >> >> Thanks in advance for your help. >> >> Dietmar >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/46a82a18-4ba9-4aa5-817f-4050eb8a0cec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Graylog 2.1.0 running on Raspberry Pi 3
Hello,
I wonder if somebody else tried this:
Run Graylog on a *Raspberry Pi 3*.
It seems to work, but is really, really slow. The webinterface worked and I
could log in (after a couple of minutes)
Procedure:
Elasticsearch and MongoDB was installed via the default Repository.
For Graylog I used the the tar ball from github. Follow the available
documentation.
Graylog did not start unless I reduced the Xms and Xmx values in the
graylogctl file.
Instead of
DEFAULT_JAVA_OPTS="-Djava.library.path=${GRAYLOGCTL_DIR}/../lib/sigar
-Xms1g -Xmx1g -XX:NewRatio=1
now the line is
DEFAULT_JAVA_OPTS="-Djava.library.path=${GRAYLOGCTL_DIR}/../lib/sigar
-Xms512m -Xmx512m -XX:NewRatio=1 .
Maybe it is quicker on a Odroid C2.
Regards,
Dietmar
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/047724de-8a24-48d8-bfd9-5557931778b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Expand Hard Drive in OVA
Hello Jaime, I just followed this http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#extend-disk-space tutorial and it worked fine (a cluster with two ova images). So now I have 100G separate disk space for /var/opt/graylog/data Regards, Dietmar On Friday, July 1, 2016 at 9:38:43 PM UTC+2, Jamie P wrote: > > Hello, > > I have been researching on how to expand the hard drive in the OVA. I am > needing to extend it to 100G from the 20G minimum, and I keep running into > brick walls trying to do this. Some of the links that I keep clicking on > go to articles that are no longer on the web. Any direction to a document > or website on how to do this would be much appreciated. > > Jamie > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b4c40721-4748-4181-bdb5-0662fda6818f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Could not create extractor (404)
Hello Edmundo, now I configured NTP to work with our local time server and the cluster works better (I can see the inputs on the both cluster nodes again). May be you can add a hint in the documentation to (re)configure NTP if your graylog servers don't have access to public time servers. Once I configured the email alerts I had problems with the field from email. I didn't realize first, that the parameter *from-email*, which is configured with the graylog-ctl script is the same as the field *sender* in the email alert callback. So I searched for a wrong graylog-ctl configuration, but the problem was just the field sender (with the default gray...@exampel.org) in the email alert callback. This sender was refused (correctly) by the Exchange server. And small hint in the documentation of the graylog-ctl script would be helpful. Regards, Dietmar On Friday, June 17, 2016 at 12:53:06 PM UTC+2, Dietmar Schurr wrote: > > Hello Edmundo, > > I just tried to regenerate the error, but it just worked, that is the > error did not came up. So may be the problem was somewhere else. > > In the graylog cluster I discovered diverging system times (about 20 sec), > so may be this is part of the problem. > I will try to fix this on monday, when my vmware colleagues are back, > because I would like to tackle the system time problem on the ESX VMware > level. > > Thanks a lot for your help, I will come back if I experience similar > problems. > > Regards, > > Dietmar > > On Thursday, June 16, 2016 at 6:56:22 PM UTC+2, Edmundo Alvarez wrote: >> >> Hi Dietmar, >> >> I just tried creating an extractor just like that in IE 11 and Chrome and >> seems to work. Could you please capture the network request that was made >> to the server, so we can further investigate the issue? Here is how using >> Chrome/Chromium: >> >> 1. Fill out the create extractor form as you usually do, but do not press >> the save button >> 2. Open the developer tools in your browser as explained here: >> https://developers.google.com/web/tools/chrome-devtools/ >> 3. Once you are in the network tab and you are capturing traffic, press >> the save button, and see the error message >> 4. Go back to the network tab in the developer tools, and see the request >> that was made to "extractors", as they explain here: >> https://developers.google.com/web/tools/chrome-devtools/profile/network-performance/resource-loading#view-details-for-a-single-resource >> 5. Share the details in the "Headers" tab with us, specially the request >> payload >> >> This is an example of what it looks like, just in case it helps: >> >> Thank you, >> Edmundo >> >> On 16 Jun 2016, at 12:44, Dietmar Schurr <dietmar...@gmail.com> wrote: >> >> Hello Edmundo, >> >> this is Graylog 2.0.2 in a cluster of two VM appliances running under >> VMware. >> The behaviour was the same on IE11 (Windows) and Chromium (from a Linux >> system). >> If I edit the same Extractor definition I don't get this error >> >> Regards, >> >> Dietmar Schurr >> >> On Wednesday, June 15, 2016 at 5:39:38 PM UTC+2, Edmundo Alvarez wrote: >> Hi Dietmar, >> >> Would you be so kind as to tell us which Graylog version and browser you >> use? Additionally, do you see any errors in your browser's developer >> console when the error occurs? This is how you can open the developer >> console in Chrome, it's similar in other browsers: >> https://developers.google.com/web/tools/chrome-devtools/ >> >> Regards, >> Edmundo >> >> > On 15 Jun 2016, at 16:07, Dietmar Schurr <dietmar...@gmail.com> wrote: >> > >> > Hello, >> > >> > if I choose the Condition Only attempt extraction if field contains >> string it works. >> > Hmm, I wonder why. The Grok pattern is the same. >> > >> > Regards, >> > >> > Dietmar Schurr >> > >> > On Tuesday, June 14, 2016 at 3:08:49 PM UTC+2, Dietmar Schurr wrote: >> > Hello, >> > >> > now I have another problem: >> > I try to apply an extractor to an input. >> > >> > I go to Systems/Input and choose "Manage extractors" next to the Input >> I want to have it. >> > >> > In the wizard I click on "Get started" and load a message. >> > >> > I select "Grok Pattern" next to the field "message". Here I enter my >> grok pattern in the field "Grok pattern". >> > If I click on "Try"
Re: [graylog2] Could not create extractor (404)
Hello Edmundo, this is Graylog 2.0.2 in a cluster of two VM appliances running under VMware. The behaviour was the same on IE11 (Windows) and Chromium (from a Linux system). If I edit the same Extractor definition I don't get this error Regards, Dietmar Schurr On Wednesday, June 15, 2016 at 5:39:38 PM UTC+2, Edmundo Alvarez wrote: > > Hi Dietmar, > > Would you be so kind as to tell us which Graylog version and browser you > use? Additionally, do you see any errors in your browser's developer > console when the error occurs? This is how you can open the developer > console in Chrome, it's similar in other browsers: > https://developers.google.com/web/tools/chrome-devtools/ > > Regards, > Edmundo > > > On 15 Jun 2016, at 16:07, Dietmar Schurr <dietmar...@gmail.com > > wrote: > > > > Hello, > > > > if I choose the Condition Only attempt extraction if field contains > string it works. > > Hmm, I wonder why. The Grok pattern is the same. > > > > Regards, > > > > Dietmar Schurr > > > > On Tuesday, June 14, 2016 at 3:08:49 PM UTC+2, Dietmar Schurr wrote: > > Hello, > > > > now I have another problem: > > I try to apply an extractor to an input. > > > > I go to Systems/Input and choose "Manage extractors" next to the Input I > want to have it. > > > > In the wizard I click on "Get started" and load a message. > > > > I select "Grok Pattern" next to the field "message". Here I enter my > grok pattern in the field "Grok pattern". > > If I click on "Try" it works nice and all fields are extracted. > > > > Now I enter a name like test_extracotr in the field "Extractor title". > > > > If I click on "Create extractor" I get this error message: > > > > > > > > What am I doing wrong here? > > > > Thanks in advance for your help. > > > > Regards, > > > > Dietmar Schurr > > > > -- > > You received this message because you are subscribed to the Google > Groups "Graylog Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to graylog2+u...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/a778c117-043c-41dc-b0d9-c748a86963b6%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/eed2ce38-462d-4402-aea6-a762e88230df%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Do i need to install sendmail in ubunntu to send alert mail from gray log
Hello, you will find the documentation here: http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#configuration-commands This is the syntax: sudo graylog-ctl set-email-config [--port= --user= --password= --from-email= --web-url= --no-tls --no-ssl] Regards, Dietmar On Wednesday, June 15, 2016 at 2:25:53 PM UTC+2, rvb n wrote: > > Hi friends > > do i need to install sendmail or other MTA to get stream alert. pls guide > > > Thanks > Vman > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/53f7cea6-e29d-47e0-809d-84dfcdaffa82%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Could not create extractor (404)
Hello, if I choose the *Condition Only attempt extraction if field contains string* it works. Hmm, I wonder why. The Grok pattern is the same. Regards, Dietmar Schurr On Tuesday, June 14, 2016 at 3:08:49 PM UTC+2, Dietmar Schurr wrote: > > Hello, > > now I have another problem: > I try to apply an extractor to an input. > > I go to Systems/Input and choose "Manage extractors" next to the Input I > want to have it. > > In the wizard I click on "Get started" and load a message. > > I select "Grok Pattern" next to the field "message". Here I enter my grok > pattern in the field "Grok pattern". > If I click on "Try" it works nice and all fields are extracted. > > Now I enter a name like test_extracotr in the field "Extractor title". > > If I click on "Create extractor" I get this error message: > > > <https://lh3.googleusercontent.com/-2T4ZGBbpH04/V2ABtFLAPQI/BZE/9Nq-SDHX0H8G8k6VXtJgr5pBj-sru8FQACLcB/s1600/graylog_error.jpg> > What am I doing wrong here? > > Thanks in advance for your help. > > Regards, > > Dietmar Schurr > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a778c117-043c-41dc-b0d9-c748a86963b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Could not create extractor (404)
Hello, now I have another problem: I try to apply an extractor to an input. I go to Systems/Input and choose "Manage extractors" next to the Input I want to have it. In the wizard I click on "Get started" and load a message. I select "Grok Pattern" next to the field "message". Here I enter my grok pattern in the field "Grok pattern". If I click on "Try" it works nice and all fields are extracted. Now I enter a name like test_extracotr in the field "Extractor title". If I click on "Create extractor" I get this error message: <https://lh3.googleusercontent.com/-2T4ZGBbpH04/V2ABtFLAPQI/BZE/9Nq-SDHX0H8G8k6VXtJgr5pBj-sru8FQACLcB/s1600/graylog_error.jpg> What am I doing wrong here? Thanks in advance for your help. Regards, Dietmar Schurr -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/09643c62-d92a-427f-96a9-f8e4b2b3870a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Sidecar-collector configured - but no messages send
Hello Marius, thanks for the reply. Now it works. I created another configuration with gelf_udp, and with this I get messages. Probably there was a misconfiguration somewhere. It was not a firewall problem. Regards; Dietmar Schurr On Friday, June 10, 2016 at 2:08:40 PM UTC+2, Dietmar Schurr wrote: > > Hello, > > NXlog with graylog-sidecar was installed and configured on an windows > server. > > The configuration worked because the collector.id is available in Graylog. > > Problem: No messages arrived at graylog. > > We use GELF TCP via port 12201. > > For debug purpose the collector was started like this: > *graylog-collector-sidecar.exe -c /path/to/collector-sidecar.yml* > > There were no errors, nxlog was started. > > But in the nxlog.log we see this: > > 2016-06-10 13:28:01 INFO reconnecting in 1 seconds > 2016-06-10 13:28:02 INFO connecting to 10.150.159.23:12201 > 2016-06-10 13:29:01 INFO reconnecting in 1 seconds > 2016-06-10 13:29:02 INFO connecting to 10.150.159.23:12201 > 2016-06-10 13:30:01 INFO reconnecting in 1 seconds > 2016-06-10 13:30:02 INFO connecting to 10.150.159.23:12201 > 2016-06-10 13:31:01 INFO reconnecting in 1 seconds > 2016-06-10 13:31:02 INFO connecting to 10.150.159.23:12201 > 2016-06-10 13:32:01 INFO reconnecting in 1 seconds > 2016-06-10 13:32:02 INFO connecting to 10.150.159.23:12201 > 2016-06-10 13:33:01 INFO reconnecting in 1 seconds > 2016-06-10 13:33:02 INFO connecting to 10.150.159.23:12201 > 2016-06-10 13:34:01 INFO reconnecting in 1 seconds > 2016-06-10 13:34:02 INFO connecting to 10.150.159.23:12201 > > But no messages receive in graylog. > > A TCP connection could be established with telnet. > > > What might be the problem here? > > Thanks in advance for any hints! > > Best regards, > > Dietmar Schurr > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/03823c1a-3a32-42e5-b372-b3deb96bd84e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Sidecar-collector configured - but no messages send
Hello, NXlog with graylog-sidecar was installed and configured on an windows server. The configuration worked because the collector.id is available in Graylog. Problem: No messages arrived at graylog. We use GELF TCP via port 12201. For debug purpose the collector was started like this: *graylog-collector-sidecar.exe -c /path/to/collector-sidecar.yml* There were no errors, nxlog was started. But in the nxlog.log we see this: 2016-06-10 13:28:01 INFO reconnecting in 1 seconds 2016-06-10 13:28:02 INFO connecting to 10.150.159.23:12201 2016-06-10 13:29:01 INFO reconnecting in 1 seconds 2016-06-10 13:29:02 INFO connecting to 10.150.159.23:12201 2016-06-10 13:30:01 INFO reconnecting in 1 seconds 2016-06-10 13:30:02 INFO connecting to 10.150.159.23:12201 2016-06-10 13:31:01 INFO reconnecting in 1 seconds 2016-06-10 13:31:02 INFO connecting to 10.150.159.23:12201 2016-06-10 13:32:01 INFO reconnecting in 1 seconds 2016-06-10 13:32:02 INFO connecting to 10.150.159.23:12201 2016-06-10 13:33:01 INFO reconnecting in 1 seconds 2016-06-10 13:33:02 INFO connecting to 10.150.159.23:12201 2016-06-10 13:34:01 INFO reconnecting in 1 seconds 2016-06-10 13:34:02 INFO connecting to 10.150.159.23:12201 But no messages receive in graylog. A TCP connection could be established with telnet. What might be the problem here? Thanks in advance for any hints! Best regards, Dietmar Schurr -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/efef422e-1255-4e08-9e79-2cba84b365b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
