[graylog2] Re: Graylog Nxlog.conf Not able to merge two Nxlog configs...
Solved . Error in config. ## This is a sample configuration file. See the nxlog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/docs/ ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log Module xm_gelf Module xm_fileop Module xm_json # Create the parse rule for IIS logs. You can copy these from the header of the IIS log file. Module xm_csv Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, $sc-substatus, $sc-win32-status, $time-taken FieldTypes string, string, string, string, string, string, integer, string, string, string, string, integer, integer, integer, integer Delimiter ' ' QuoteChar '"' EscapeControl FALSE UndefValue - Module im_file File"C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*" SavePos TRUE Execif $raw_event =~ /^#/ drop();\ else \ {\ w3c->parse_csv();\ $EventTime = parsedate($date + " " + $time); \ $EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \ $SourceName = "IIS"; \ } Module im_msvistalog ReadFromLastTrue Query \ \ *\ *[System/Level=4]\ *[Application/Level=2]\ *[System/Level=3]\ *\ \ Module om_udp Host10.1.0.215 Port12201 OutputType GELF #Use the following line for debugging (uncomment the fileop extension above as well) Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event); Module om_udp Host10.1.0.215 Port5414 OutputType GELF Path iis => graylog Path eventlog => Winlogs-gelf On Tuesday, August 9, 2016 at 10:49:57 AM UTC+2, Guillaume Migaszewski wrote: > > Dear Graylog community, > > I am new to Graylog/Nxlog . I have managed in the last days to do what I > want . Collect logs from IIS and eventlog. It works but not at the same > time . It s either IIS logs or Event logs but not both... quite > frustrationg. > > Here is a nxlog.conf I have built from different sources . Maybe my route > directive is incorrect ? . Please help . > > cut top section removed > > Module xm_gelf > > > > Module xm_fileop > > > > Module xm_json > > > # Create the parse rule for IIS logs. You can copy these from the header > of the IIS log file. > > Module xm_csv > Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, > $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, > $sc-substatus, $sc-win32-status, $time-taken > FieldTypes string, string, string, string, string, string, integer, > string, string, string, string, integer, integer, integer, integer > Delimiter ' ' > QuoteChar '"' > EscapeControl FALSE > UndefValue - > > > > > Module im_file > File"C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*" > SavePos TRUE > Execif $raw_event =~ /^#/ drop();\ > else \ > {\ > w3c->parse_csv();\ > $EventTime = parsedate($date + " " + $time); \ > $EventTime = strftime($EventTime, > "%Y-%m-%dT%H:%M:%SZ"); \ > $SourceName = "IIS"; > \ > } > > > > Module im_msvistalog > > Query \ > \ > *[System[(Level=1 or Level=2 or > Level=3)]]\ > *[System[(Level=1 or Level=2 or > Level=3)]]\ > *[System[(Level=1 or Level=2 or > Level=3)]]\ > \ > > > > > > Module om_udp > Host10.1.0.215 > Port12201 > OutputType GELF > > #Use the following line for debugging (uncomment the fileop extension > above as well) > Exec file_writ
[graylog2] Graylog Nxlog.conf Not able to merge two Nxlog configs...
Dear Graylog community, I am new to Graylog/Nxlog . I have managed in the last days to do what I want . Collect logs from IIS and eventlog. It works but not at the same time . It s either IIS logs or Event logs but not both... quite frustrationg. Here is a nxlog.conf I have built from different sources . Maybe my route directive is incorrect ? . Please help . cut top section removed Module xm_gelf Module xm_fileop Module xm_json # Create the parse rule for IIS logs. You can copy these from the header of the IIS log file. Module xm_csv Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, $sc-substatus, $sc-win32-status, $time-taken FieldTypes string, string, string, string, string, string, integer, string, string, string, string, integer, integer, integer, integer Delimiter ' ' QuoteChar '"' EscapeControl FALSE UndefValue - Module im_file File"C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*" SavePos TRUE Execif $raw_event =~ /^#/ drop();\ else \ {\ w3c->parse_csv();\ $EventTime = parsedate($date + " " + $time); \ $EventTime = strftime($EventTime, "%Y-%m-%dT%H:%M:%SZ"); \ $SourceName = "IIS"; \ } Module im_msvistalog Query \ \ *[System[(Level=1 or Level=2 or Level=3)]]\ *[System[(Level=1 or Level=2 or Level=3)]]\ *[System[(Level=1 or Level=2 or Level=3)]]\ \ Module om_udp Host10.1.0.215 Port12201 OutputType GELF #Use the following line for debugging (uncomment the fileop extension above as well) Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", $raw_event); Path iis => graylog Path eventlog => graylog # EOF-- Thanks for reading. Guillaume. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/41715847-5b78-44aa-ab45-0c851cb266f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] IIS logs working but how to search for response code like 404
Dear Graylog group. I am new to Graylog, sorry if my questions may look very basic . With your help (thanks a lot) , I have managed to setup Graylog and collect IIS logs . IIS logs are now index inmy Graylog and of course I would like to collect some info. As a sysadmin my dream is to have a nice dashboard per web server which will output info like top client ip address , http response code etc . As advised by Graylog contextual help I try to search with command source:my web AND http_responde_code:400 . I have no real search results. I have many fieds and the best way I have found to retrieve data logs is based on cs_referer . source:mywebserver cs-Referer: 200 . Questions : 1. Is my way of indexing IIS log with NXlog efficient. ? Maybe there is an issue with my filed mapping ? . 2 .Which field do you use to gather from the log http response code ? How do you proceed within Graylog ?. Short sample of my IIS log Fields nxlog.conf Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, $sc-substatus, $sc-win32-status, $time-taken FieldTypes string, string, string, string, string, string, integer, string, string, string, string, integer, integer, integer, integer 3. Is there a template/plugin for montoring IIS log ? Thanks a lot for your time. Guillaume. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ed076c29-71af-4686-9b89-226b8221d000%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New to graylog Issue to login after server.conf change
dear Jochen, Thank you it is working now ;) . Guillaume. On Tuesday, August 2, 2016 at 4:41:18 PM UTC+2, Jochen Schalanda wrote: > > Hi Guillaume, > > that's the wrong port. The POST request must be directed to the Graylog > REST API. > > Make sure to remove or comment out the web_endpoint_uri setting in your > Graylog configuration file. > > Cheers, > Jochen > > On Tuesday, 2 August 2016 16:28:43 UTC+2, Guillaume Migaszewski wrote: >> >> Dear Jochen , >> >> Attached my server.conf. >> >> >> Also some additional curl output >> >> curl -v -XPOST 10.1.0.215:9000/system/sessions >> * About to connect() to 10.1.0.215 port 9000 (#0) >> * Trying 10.1.0.215... connected >> * Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0) >> > POST /system/sessions HTTP/1.1 >> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ >> 3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 >> > Host: 10.1.0.215:9000 >> > Accept: */* >> > >> < HTTP/1.1 405 Method Not Allowed >> < Allow: GET,OPTIONS >> < X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838 >> < Vary: Accept-Encoding >> < Content-Type: application/json >> < Date: Tue, 02 Aug 2016 14:27:43 GMT >> < Content-Length: 59 >> < >> * Connection #0 to host 10.1.0.215 left intact >> * Closing connection #0 >> {"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[ >> >> >> >> Guillaume. >> >> >> On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote: >>> >>> Hi Guillaume, >>> >>> please post your complete Graylog configuration file or be more explicit >>> about how the relevant settings (rest_* and web_*) are configured right >>> now. >>> >>> Also check the Developer Console of your web browser for error messages >>> and post them here. >>> >>> Cheers, >>> Jochen >>> >>> On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote: >>>> >>>> Dear Graylog users, >>>> >>>> I have done an rpm install of Graylog . At first I was not able to >>>> login from any other machine than localhost .As a result , with your >>>> assistance , I have changed following settings server.conf >>>> >>>> rest_listen_uri = http://127.0.0.1:12900/ >>>> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip) >>>> >>>> web_listen_uri = http://127.0.0.1:9000/ >>>> web_listen_uri = http://10.1.0.215:9000/ >>>> >>>> >>>> As a result I can reach login screen from any workstation. But after >>>> sending my credentials I have following error message : >>>> >>>> Error - the server returned: 405 - cannot POST /system/sessions (405) >>>> >>>> >>>> All resources I have found are speaking about reverse proxy or ssl use >>>> but I have none of it . >>>> >>>> It has been a while I did not have such a hard time to install an >>>> application on Linux. ;) .But I will not give up. >>>> >>>> Thanks for your help. >>>> >>>> Guillaume. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6d8cb89d-077a-4276-8a33-c23860f612bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New to graylog Issue to login after server.conf change
Dear Jochen , Attached my server.conf. Also some additional curl output curl -v -XPOST 10.1.0.215:9000/system/sessions * About to connect() to 10.1.0.215 port 9000 (#0) * Trying 10.1.0.215... connected * Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0) > POST /system/sessions HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 10.1.0.215:9000 > Accept: */* > < HTTP/1.1 405 Method Not Allowed < Allow: GET,OPTIONS < X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838 < Vary: Accept-Encoding < Content-Type: application/json < Date: Tue, 02 Aug 2016 14:27:43 GMT < Content-Length: 59 < * Connection #0 to host 10.1.0.215 left intact * Closing connection #0 {"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[ Guillaume. On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote: > > Hi Guillaume, > > please post your complete Graylog configuration file or be more explicit > about how the relevant settings (rest_* and web_*) are configured right > now. > > Also check the Developer Console of your web browser for error messages > and post them here. > > Cheers, > Jochen > > On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote: >> >> Dear Graylog users, >> >> I have done an rpm install of Graylog . At first I was not able to login >> from any other machine than localhost .As a result , with your assistance , >> I have changed following settings server.conf >> >> rest_listen_uri = http://127.0.0.1:12900/ >> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip) >> >> web_listen_uri = http://127.0.0.1:9000/ >> web_listen_uri = http://10.1.0.215:9000/ >> >> >> As a result I can reach login screen from any workstation. But after >> sending my credentials I have following error message : >> >> Error - the server returned: 405 - cannot POST /system/sessions (405) >> >> >> All resources I have found are speaking about reverse proxy or ssl use >> but I have none of it . >> >> It has been a while I did not have such a hard time to install an >> application on Linux. ;) .But I will not give up. >> >> Thanks for your help. >> >> Guillaume. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8b277a0b-e32a-466c-916e-56e02430f0d3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. # If you are running more than one instances of Graylog server you have to select one of these # instances as master. The master will perform some periodical tasks that non-masters won't perform. is_master = true # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea # to use an absolute file path here if you are starting Graylog server from init scripts or similar. node_id_file = /etc/graylog/server/node-id # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. # Generate one by using for example: pwgen -N 1 -s 96 password_secret = removed # The default root user is named 'admin' #root_username = admin # You MUST specify a hash password for the root user (which you only need to initially set up the # system and in case you lose connectivity to your authentication backend) # This password cannot be changed using the API or via the web interface. If you need to change it, # modify it in this file. # Create one by using for example: echo -n yourpassword | shasum -a 256 # and put the resulting hash value into the following line root_password_sha2 = removed # The email address of the root user. # Default is empty #root_email = "" # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones. # Default is UTC #root_timezone = UTC # Set plugin directory here (relative or absolute) plugin_dir = /usr/share/graylog-server/plugin # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster. # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors. rest_listen_uri = http://10.1.0.215:12900/ # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. # If
[graylog2] New to graylog Issue to login after server.conf change
Dear Graylog users, I have done an rpm install of Graylog . At first I was not able to login from any other machine than localhost .As a result , with your assistance , I have changed following settings server.conf rest_listen_uri = http://127.0.0.1:12900/ rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip) web_listen_uri = http://127.0.0.1:9000/ web_listen_uri = http://10.1.0.215:9000/ As a result I can reach login screen from any workstation. But after sending my credentials I have following error message : Error - the server returned: 405 - cannot POST /system/sessions (405) All resources I have found are speaking about reverse proxy or ssl use but I have none of it . It has been a while I did not have such a hard time to install an application on Linux. ;) .But I will not give up. Thanks for your help. Guillaume. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6fc975d9-a04d-4da6-8bcc-f7985d3ed99d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New to graylog fresh install can only login to graylog via localhost
Indeed. I have tried this but did not have the idea to change both settings at the same time. So now I can have the login screen . I have another issue now ... will start a new thread If I cannot solve it by myslef. Jochen , A big thank you for your help. Cheers Guillaume. On Tuesday, August 2, 2016 at 1:44:34 PM UTC+2, Jochen Schalanda wrote: > > Hi > > please read > http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#configuration-options > > (and this time really do it). > > 127.0.0.1 is the so called loopback address that is only available on the > very machine itself. If you want to access Graylog from outside the > machine, you need to use the public IP address (or host name) of the system > in both of those settings, for example: > > web_listen_uri = http://10.1.0.215:9000 > rest_listen_uri = http://10.1.0.215:12900 > > > Cheers, > Jochen > > On Tuesday, 2 August 2016 13:16:14 UTC+2, Guillaume Migaszewski wrote: >> >> Dear Jochen, >> >> I have followed the step by setup install guide . >> so my settings are default >> rest_listen_uri = http://127.0.0.1:12900/ >> >> I did one change here but no success >> >> web_listen_uri = http://127.0.0.1:9000/ >> >> Regards >> >> Guillaume. >> >> On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote: >>> >>> Hi Guillaume, >>> >>> did you configure the relevant settings (rest_listen_uri, web_listen_uri) >>> correctly? >>> >>> Please also check the logs of your Graylog server to find out on which >>> interfaces the Graylog web interface and the Graylog REST API are available. >>> >>> Cheers, >>> Jochen >>> >>> On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote: >>>> >>>> Using Fiddler to troubleshoot connectivity from web browser . I have >>>> following error message . Maybe it will speak to some experts . I have >>>> the >>>> impression the server is refusing to create a connection , sending a reset >>>> instead of an ack . >>>> >>>> >>>> [Fiddler] The connection to '10.1.0.215' failed. >>>> Error: ConnectionRefused (0x274d). >>>> System.Net.Sockets.SocketException No connection could be made because >>>> the target machine actively refused it 10.1.0.215:9000 >>>> >>>> >>>> >>>> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski >>>> wrote: >>>>> >>>>> Thanks a lot for this outstanding help . >>>>> >>>>> I ll check those links . I am impressed by your knowledge regarding >>>>> REST API and graylog. >>>>> >>>>> I ll let you know. >>>>> >>>>> Thanks for your time. >>>>> >>>>> Guillaume. >>>>> >>>>> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda >>>>> wrote: >>>>>> >>>>>> Hi Guillaume, >>>>>> >>>>>> usually it's working out-of-the-box. Check the Developer (JavaScript) >>>>>> Console of your web browsers for error messages: >>>>>> >>>>>>- >>>>>>https://developers.google.com/web/tools/chrome-devtools/debug/console/ >>>>>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx >>>>>> >>>>>> Typically the problem is either the mixed content policy of your web >>>>>> browser (e. g. using HTTPS only for the web interface but not for the >>>>>> Graylog REST API) or having the Graylog REST API not publicly accessible >>>>>> for your web browser. >>>>>> >>>>>> Cheers, >>>>>> Jochen >>>>>> >>>>>> >>>>>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote: >>>>>>> >>>>>>> Well I have a connection refused message from IE 10 and Chrome 52 . >>>>>>> >>>>>>> Is it working out of the box or do I have to do something on web >>>>>>> browser side ? >>>>>>> >>>>>>> Until now I was looking on server side , configuration file. But I >>>>>>> see no parameters for restriction ... . >>>&g
[graylog2] Re: New to graylog fresh install can only login to graylog via localhost
Dear Jochen, I have followed the step by setup install guide . so my settings are default rest_listen_uri = http://127.0.0.1:12900/ I did one change here but no success web_listen_uri = http://127.0.0.1:9000/ Regards Guillaume. On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote: > > Hi Guillaume, > > did you configure the relevant settings (rest_listen_uri, web_listen_uri) > correctly? > > Please also check the logs of your Graylog server to find out on which > interfaces the Graylog web interface and the Graylog REST API are available. > > Cheers, > Jochen > > On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote: >> >> Using Fiddler to troubleshoot connectivity from web browser . I have >> following error message . Maybe it will speak to some experts . I have the >> impression the server is refusing to create a connection , sending a reset >> instead of an ack . >> >> >> [Fiddler] The connection to '10.1.0.215' failed. >> Error: ConnectionRefused (0x274d). >> System.Net.Sockets.SocketException No connection could be made because >> the target machine actively refused it 10.1.0.215:9000 >> >> >> >> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski >> wrote: >>> >>> Thanks a lot for this outstanding help . >>> >>> I ll check those links . I am impressed by your knowledge regarding >>> REST API and graylog. >>> >>> I ll let you know. >>> >>> Thanks for your time. >>> >>> Guillaume. >>> >>> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote: >>>> >>>> Hi Guillaume, >>>> >>>> usually it's working out-of-the-box. Check the Developer (JavaScript) >>>> Console of your web browsers for error messages: >>>> >>>>- >>>>https://developers.google.com/web/tools/chrome-devtools/debug/console/ >>>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx >>>> >>>> Typically the problem is either the mixed content policy of your web >>>> browser (e. g. using HTTPS only for the web interface but not for the >>>> Graylog REST API) or having the Graylog REST API not publicly accessible >>>> for your web browser. >>>> >>>> Cheers, >>>> Jochen >>>> >>>> >>>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote: >>>>> >>>>> Well I have a connection refused message from IE 10 and Chrome 52 . >>>>> >>>>> Is it working out of the box or do I have to do something on web >>>>> browser side ? >>>>> >>>>> Until now I was looking on server side , configuration file. But I see >>>>> no parameters for restriction ... . >>>>> >>>>> I am lost . >>>>> >>>>> Thanks for your assistance. >>>>> >>>>> Guillaume. >>>>> >>>>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda >>>>> wrote: >>>>>> >>>>>> Hi Guillaume, >>>>>> >>>>>> the web interface of Graylog 2.x is accessing the Graylog REST API >>>>>> directly. You browser must be able to communicate with the Graylog REST >>>>>> API. >>>>>> >>>>>> Cheers, >>>>>> Jochen >>>>>> >>>>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote: >>>>>>> >>>>>>> Hello Jochen, >>>>>>> >>>>>>> Thanks for your reply and for taking some time to read my post. >>>>>>> >>>>>>> Classic install , rpm based. Yes I have seen this page... but it is >>>>>>> not entirely clear for me. I have no firewall in place for testing. >>>>>>> >>>>>>> Do I need to setup a proxy to access my graylog server web interface >>>>>>> from another computer than my server ?. >>>>>>> >>>>>>> from the Doc >>>>>>> >>>>>>> Both the web interface port (http://127.0.0.1:9000/ by default, see >>>>>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by >>>>>>> default
[graylog2] Re: New to graylog fresh install can only login to graylog via localhost
Using Fiddler to troubleshoot connectivity from web browser . I have following error message . Maybe it will speak to some experts . I have the impression the server is refusing to create a connection , sending a reset instead of an ack . [Fiddler] The connection to '10.1.0.215' failed. Error: ConnectionRefused (0x274d). System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 10.1.0.215:9000 On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski wrote: > > Thanks a lot for this outstanding help . > > I ll check those links . I am impressed by your knowledge regarding REST > API and graylog. > > I ll let you know. > > Thanks for your time. > > Guillaume. > > On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote: >> >> Hi Guillaume, >> >> usually it's working out-of-the-box. Check the Developer (JavaScript) >> Console of your web browsers for error messages: >> >>- >>https://developers.google.com/web/tools/chrome-devtools/debug/console/ >>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx >> >> Typically the problem is either the mixed content policy of your web >> browser (e. g. using HTTPS only for the web interface but not for the >> Graylog REST API) or having the Graylog REST API not publicly accessible >> for your web browser. >> >> Cheers, >> Jochen >> >> >> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote: >>> >>> Well I have a connection refused message from IE 10 and Chrome 52 . >>> >>> Is it working out of the box or do I have to do something on web browser >>> side ? >>> >>> Until now I was looking on server side , configuration file. But I see >>> no parameters for restriction ... . >>> >>> I am lost . >>> >>> Thanks for your assistance. >>> >>> Guillaume. >>> >>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote: >>>> >>>> Hi Guillaume, >>>> >>>> the web interface of Graylog 2.x is accessing the Graylog REST API >>>> directly. You browser must be able to communicate with the Graylog REST >>>> API. >>>> >>>> Cheers, >>>> Jochen >>>> >>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote: >>>>> >>>>> Hello Jochen, >>>>> >>>>> Thanks for your reply and for taking some time to read my post. >>>>> >>>>> Classic install , rpm based. Yes I have seen this page... but it is >>>>> not entirely clear for me. I have no firewall in place for testing. >>>>> >>>>> Do I need to setup a proxy to access my graylog server web interface >>>>> from another computer than my server ?. >>>>> >>>>> from the Doc >>>>> >>>>> Both the web interface port (http://127.0.0.1:9000/ by default, see >>>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by >>>>> default, see rest_listen_uri and rest_transport_uri) must be accessible >>>>> by >>>>> everyone using the web interface. This means that both components must >>>>> listen on a public network interface or be exposed to one using a proxy >>>>> or >>>>> NAT! >>>>> >>>>> >>>>> I am not use to this REST API ... so I am confused. ... ah the good >>>>> old LAMP setup ... ;) . >>>>> >>>>> Regards >>>>> >>>>> Guillaume >>>>> >>>>> >>>>> >>>>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda >>>>> wrote: >>>>>> >>>>>> Hi Guillaume, >>>>>> >>>>>> how exactly did you install Graylog (OVA, OS packages, or manual >>>>>> install/environment specifics)? Did you read >>>>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html >>>>>> ? >>>>>> >>>>>> Cheers, >>>>>> Jochen >>>>>> >>>>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote: >>>>>>> >>>>>>> Dear Graylog group, >>>>>>> >>>>>>> I am new to graylog. I have successfully installed latest version of >>>>>>> graylog 2.0.3 according to official documentation. Graylog is working >>>>>>> but >>>>>>> I can only login via local host http://127.0.0.1:9000 ... not >>>>>>> ideal when your servers are setup to init3 ... . >>>>>>> >>>>>>> As a result I would like to know if this is the normal behavior . I >>>>>>> was thinking about using Apache with mod proxy ... a bit overkill but >>>>>>> ... . >>>>>>> >>>>>>> Thanks for you help. >>>>>>> >>>>>>> Guillaume. >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2b3187ab-8d1a-4a16-94a1-d8d8549c4443%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New to graylog fresh install can only login to graylog via localhost
Thanks a lot for this outstanding help . I ll check those links . I am impressed by your knowledge regarding REST API and graylog. I ll let you know. Thanks for your time. Guillaume. On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote: > > Hi Guillaume, > > usually it's working out-of-the-box. Check the Developer (JavaScript) > Console of your web browsers for error messages: > >- >https://developers.google.com/web/tools/chrome-devtools/debug/console/ >- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx > > Typically the problem is either the mixed content policy of your web > browser (e. g. using HTTPS only for the web interface but not for the > Graylog REST API) or having the Graylog REST API not publicly accessible > for your web browser. > > Cheers, > Jochen > > > On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote: >> >> Well I have a connection refused message from IE 10 and Chrome 52 . >> >> Is it working out of the box or do I have to do something on web browser >> side ? >> >> Until now I was looking on server side , configuration file. But I see no >> parameters for restriction ... . >> >> I am lost . >> >> Thanks for your assistance. >> >> Guillaume. >> >> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote: >>> >>> Hi Guillaume, >>> >>> the web interface of Graylog 2.x is accessing the Graylog REST API >>> directly. You browser must be able to communicate with the Graylog REST API. >>> >>> Cheers, >>> Jochen >>> >>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote: >>>> >>>> Hello Jochen, >>>> >>>> Thanks for your reply and for taking some time to read my post. >>>> >>>> Classic install , rpm based. Yes I have seen this page... but it is not >>>> entirely clear for me. I have no firewall in place for testing. >>>> >>>> Do I need to setup a proxy to access my graylog server web interface >>>> from another computer than my server ?. >>>> >>>> from the Doc >>>> >>>> Both the web interface port (http://127.0.0.1:9000/ by default, see >>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by >>>> default, see rest_listen_uri and rest_transport_uri) must be accessible by >>>> everyone using the web interface. This means that both components must >>>> listen on a public network interface or be exposed to one using a proxy or >>>> NAT! >>>> >>>> >>>> I am not use to this REST API ... so I am confused. ... ah the good old >>>> LAMP setup ... ;) . >>>> >>>> Regards >>>> >>>> Guillaume >>>> >>>> >>>> >>>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote: >>>>> >>>>> Hi Guillaume, >>>>> >>>>> how exactly did you install Graylog (OVA, OS packages, or manual >>>>> install/environment specifics)? Did you read >>>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html? >>>>> >>>>> Cheers, >>>>> Jochen >>>>> >>>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote: >>>>>> >>>>>> Dear Graylog group, >>>>>> >>>>>> I am new to graylog. I have successfully installed latest version of >>>>>> graylog 2.0.3 according to official documentation. Graylog is working >>>>>> but >>>>>> I can only login via local host http://127.0.0.1:9000 ... not >>>>>> ideal when your servers are setup to init3 ... . >>>>>> >>>>>> As a result I would like to know if this is the normal behavior . I >>>>>> was thinking about using Apache with mod proxy ... a bit overkill but >>>>>> ... . >>>>>> >>>>>> Thanks for you help. >>>>>> >>>>>> Guillaume. >>>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3301b380-5fcb-4f2d-aabb-4a2dec6bd39a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New to graylog fresh install can only login to graylog via localhost
Well I have a connection refused message from IE 10 and Chrome 52 . Is it working out of the box or do I have to do something on web browser side ? Until now I was looking on server side , configuration file. But I see no parameters for restriction ... . I am lost . Thanks for your assistance. Guillaume. On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote: > > Hi Guillaume, > > the web interface of Graylog 2.x is accessing the Graylog REST API > directly. You browser must be able to communicate with the Graylog REST API. > > Cheers, > Jochen > > On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote: >> >> Hello Jochen, >> >> Thanks for your reply and for taking some time to read my post. >> >> Classic install , rpm based. Yes I have seen this page... but it is not >> entirely clear for me. I have no firewall in place for testing. >> >> Do I need to setup a proxy to access my graylog server web interface from >> another computer than my server ?. >> >> from the Doc >> >> Both the web interface port (http://127.0.0.1:9000/ by default, see >> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by >> default, see rest_listen_uri and rest_transport_uri) must be accessible by >> everyone using the web interface. This means that both components must >> listen on a public network interface or be exposed to one using a proxy or >> NAT! >> >> >> I am not use to this REST API ... so I am confused. ... ah the good old >> LAMP setup ... ;) . >> >> Regards >> >> Guillaume >> >> >> >> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote: >>> >>> Hi Guillaume, >>> >>> how exactly did you install Graylog (OVA, OS packages, or manual >>> install/environment specifics)? Did you read >>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html? >>> >>> Cheers, >>> Jochen >>> >>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote: >>>> >>>> Dear Graylog group, >>>> >>>> I am new to graylog. I have successfully installed latest version of >>>> graylog 2.0.3 according to official documentation. Graylog is working but >>>> I can only login via local host http://127.0.0.1:9000 ... not >>>> ideal when your servers are setup to init3 ... . >>>> >>>> As a result I would like to know if this is the normal behavior . I was >>>> thinking about using Apache with mod proxy ... a bit overkill but ... . >>>> >>>> Thanks for you help. >>>> >>>> Guillaume. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/dfc464e0-2c58-4947-ae83-7935d07a667a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: New to graylog fresh install can only login to graylog via localhost
Hello Jochen, Thanks for your reply and for taking some time to read my post. Classic install , rpm based. Yes I have seen this page... but it is not entirely clear for me. I have no firewall in place for testing. Do I need to setup a proxy to access my graylog server web interface from another computer than my server ?. from the Doc Both the web interface port (http://127.0.0.1:9000/ by default, see web_listen_uri) and the REST API port (http://127.0.0.1:12900 by default, see rest_listen_uri and rest_transport_uri) must be accessible by everyone using the web interface. This means that both components must listen on a public network interface or be exposed to one using a proxy or NAT! I am not use to this REST API ... so I am confused. ... ah the good old LAMP setup ... ;) . Regards Guillaume On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote: > > Hi Guillaume, > > how exactly did you install Graylog (OVA, OS packages, or manual > install/environment specifics)? Did you read > http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html? > > Cheers, > Jochen > > On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote: >> >> Dear Graylog group, >> >> I am new to graylog. I have successfully installed latest version of >> graylog 2.0.3 according to official documentation. Graylog is working but >> I can only login via local host http://127.0.0.1:9000 ... not ideal >> when your servers are setup to init3 ... . >> >> As a result I would like to know if this is the normal behavior . I was >> thinking about using Apache with mod proxy ... a bit overkill but ... . >> >> Thanks for you help. >> >> Guillaume. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/80ba063a-3bcd-44ba-bd88-228706977687%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] New to graylog fresh install can only login to graylog via localhost
Dear Graylog group, I am new to graylog. I have successfully installed latest version of graylog 2.0.3 according to official documentation. Graylog is working but I can only login via local host http://127.0.0.1:9000 ... not ideal when your servers are setup to init3 ... . As a result I would like to know if this is the normal behavior . I was thinking about using Apache with mod proxy ... a bit overkill but ... . Thanks for you help. Guillaume. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/accaf9e0-07c9-4890-923e-2cf3cd7cd0be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.