[graylog2] Re: Graylog Nxlog.conf Not able to merge two Nxlog configs...

2016-08-09 Thread Guillaume Migaszewski 
Solved . Error in config. 


## This is a sample configuration file. See the nxlog reference manual 
about the
## configuration options. It should be installed locally and is also 
available
## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log


Module xm_gelf



Module xm_fileop


 
Module  xm_json


# Create the parse rule for IIS logs. You can copy these from the header of 
the IIS log file.

Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, 
$s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, 
$sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, 
string, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -




Module  im_file
File"C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*"
SavePos TRUE
  Execif $raw_event =~ /^#/ drop();\
else \
{\
w3c->parse_csv();\
$EventTime = parsedate($date + " " + $time); \
$EventTime = strftime($EventTime, 
"%Y-%m-%dT%H:%M:%SZ"); \
$SourceName = "IIS";   
  \
}



Module  im_msvistalog
ReadFromLastTrue
  
Query \
  \
*\
*[System/Level=4]\
*[Application/Level=2]\
*[System/Level=3]\
*\
  \





Module  om_udp
Host10.1.0.215
Port12201
OutputType GELF

#Use the following line for debugging (uncomment the fileop extension 
above as well)
Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", 
$raw_event);



Module  om_udp
Host10.1.0.215
Port5414
OutputType GELF






Path iis => graylog



Path eventlog => Winlogs-gelf




On Tuesday, August 9, 2016 at 10:49:57 AM UTC+2, Guillaume Migaszewski 
wrote:
>
> Dear Graylog community, 
>
> I am new to Graylog/Nxlog . I have managed in the last days to do what I 
> want . Collect logs from IIS and eventlog. It works but not at the same 
> time .  It s either IIS logs or Event logs but not both... quite 
> frustrationg. 
>
> Here is a nxlog.conf I have built from different sources . Maybe my route 
> directive is incorrect ? . Please help .
>
> cut top section removed
> 
> Module xm_gelf
> 
>
> 
> Module xm_fileop
> 
>
>  
> Module  xm_json
> 
>
> # Create the parse rule for IIS logs. You can copy these from the header 
> of the IIS log file.
> 
> Module xm_csv
> Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, 
> $s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, 
> $sc-substatus, $sc-win32-status, $time-taken
> FieldTypes string, string, string, string, string, string, integer, 
> string, string, string, string, integer, integer, integer, integer
> Delimiter ' '
> QuoteChar '"'
> EscapeControl FALSE
> UndefValue -
> 
>
> 
>
> Module  im_file
> File"C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*"
> SavePos TRUE
>   Execif $raw_event =~ /^#/ drop();\
> else \
> {\
> w3c->parse_csv();\
> $EventTime = parsedate($date + " " + $time); \
> $EventTime = strftime($EventTime, 
> "%Y-%m-%dT%H:%M:%SZ"); \
> $SourceName = "IIS";   
>   \
> }
> 
>
> 
> Module  im_msvistalog
>   
> Query \
>   \
> *[System[(Level=1  or Level=2 or 
> Level=3)]]\
> *[System[(Level=1  or Level=2 or 
> Level=3)]]\
> *[System[(Level=1  or Level=2 or 
> Level=3)]]\
>   \
> 
>
> 
>
> 
> Module  om_udp
> Host10.1.0.215
> Port12201
> OutputType GELF
>
> #Use the following line for debugging (uncomment the fileop extension 
> above as well)
> Exec file_writ

[graylog2] Graylog Nxlog.conf Not able to merge two Nxlog configs...

2016-08-09 Thread Guillaume Migaszewski 
Dear Graylog community, 

I am new to Graylog/Nxlog . I have managed in the last days to do what I 
want . Collect logs from IIS and eventlog. It works but not at the same 
time .  It s either IIS logs or Event logs but not both... quite 
frustrationg. 

Here is a nxlog.conf I have built from different sources . Maybe my route 
directive is incorrect ? . Please help .

cut top section removed

Module xm_gelf



Module xm_fileop


 
Module  xm_json


# Create the parse rule for IIS logs. You can copy these from the header of 
the IIS log file.

Module xm_csv
Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, 
$s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, 
$sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, 
string, string, string, string, integer, integer, integer, integer
Delimiter ' '
QuoteChar '"'
EscapeControl FALSE
UndefValue -




Module  im_file
File"C:\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex*"
SavePos TRUE
  Execif $raw_event =~ /^#/ drop();\
else \
{\
w3c->parse_csv();\
$EventTime = parsedate($date + " " + $time); \
$EventTime = strftime($EventTime, 
"%Y-%m-%dT%H:%M:%SZ"); \
$SourceName = "IIS";   
  \
}



Module  im_msvistalog
  
Query \
  \
*[System[(Level=1  or Level=2 or 
Level=3)]]\
*[System[(Level=1  or Level=2 or 
Level=3)]]\
*[System[(Level=1  or Level=2 or 
Level=3)]]\
  \





Module  om_udp
Host10.1.0.215
Port12201
OutputType GELF

#Use the following line for debugging (uncomment the fileop extension 
above as well)
Exec file_write("C:\\Program Files (x86)\\nxlog\\data\\nxlog_output.log", 
$raw_event);




Path iis => graylog



Path eventlog => graylog


# EOF--



Thanks for reading.

Guillaume.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/41715847-5b78-44aa-ab45-0c851cb266f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] IIS logs working but how to search for response code like 404

2016-08-04 Thread Guillaume Migaszewski 
Dear Graylog group. 

I am new to Graylog, sorry if my questions may look very basic . With your 
help (thanks a lot) , I have managed to setup Graylog and collect IIS logs .

IIS logs are now index inmy Graylog and of course  I would like to collect 
some info. 

As a sysadmin my dream is to have a nice dashboard per web server which 
will output info like  top client ip address  , http response code etc  
.

As advised by Graylog contextual help I try to search with command 
source:my web AND http_responde_code:400 .

I have no real search results. I have many fieds and the best way I have 
found to retrieve data logs is based on cs_referer  . source:mywebserver 
cs-Referer: 200 .


Questions :

 1. Is my way of indexing IIS log with NXlog efficient. ? Maybe there is an 
issue with my filed mapping ? .

 2 .Which field do you use to gather from the log  http response code ? How 
do you proceed within Graylog ?. 


Short sample of my IIS log Fields nxlog.conf

Fields $date, $time, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, 
$s-port, $cs-username, $c-ip, $csUser-Agent, $cs-Referer, $sc-status, 
$sc-substatus, $sc-win32-status, $time-taken
FieldTypes string, string, string, string, string, string, integer, 
string, string, string, string, integer, integer, integer, integer


3. Is there a template/plugin for montoring IIS log ? 

Thanks a lot for your time.

Guillaume.



-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ed076c29-71af-4686-9b89-226b8221d000%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog Issue to login after server.conf change

2016-08-03 Thread Guillaume Migaszewski 
dear Jochen, 

Thank you it is working now ;) . 

Guillaume.

On Tuesday, August 2, 2016 at 4:41:18 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> that's the wrong port. The POST request must be directed to the Graylog 
> REST API.
>
> Make sure to remove or comment out the web_endpoint_uri setting in your 
> Graylog configuration file.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 16:28:43 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Jochen , 
>>
>> Attached my server.conf. 
>>
>>
>> Also some additional  curl output 
>>
>>  curl -v -XPOST 10.1.0.215:9000/system/sessions
>> * About to connect() to 10.1.0.215 port 9000 (#0)
>> *   Trying 10.1.0.215... connected
>> * Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0)
>> > POST /system/sessions HTTP/1.1
>> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
>> 3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
>> > Host: 10.1.0.215:9000
>> > Accept: */*
>> >
>> < HTTP/1.1 405 Method Not Allowed
>> < Allow: GET,OPTIONS
>> < X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838
>> < Vary: Accept-Encoding
>> < Content-Type: application/json
>> < Date: Tue, 02 Aug 2016 14:27:43 GMT
>> < Content-Length: 59
>> <
>> * Connection #0 to host 10.1.0.215 left intact
>> * Closing connection #0
>> {"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[
>>
>>
>>
>> Guillaume.
>>
>>
>> On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> please post your complete Graylog configuration file or be more explicit 
>>> about how the relevant settings (rest_* and web_*) are configured right 
>>> now.
>>>
>>> Also check the Developer Console of your web browser for error messages 
>>> and post them here.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote:
>>>>
>>>> Dear Graylog users, 
>>>>
>>>> I have done an rpm install of Graylog . At first I was not able to 
>>>> login from any other machine than localhost .As a result , with your 
>>>> assistance , I have changed following settings  server.conf 
>>>>
>>>> rest_listen_uri = http://127.0.0.1:12900/
>>>> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)
>>>>
>>>> web_listen_uri = http://127.0.0.1:9000/
>>>> web_listen_uri = http://10.1.0.215:9000/
>>>>
>>>>
>>>> As a result  I can reach login screen from any workstation. But after 
>>>> sending my credentials I have following error message : 
>>>>
>>>> Error - the server returned: 405 - cannot POST /system/sessions (405)
>>>>
>>>>
>>>> All resources I have found are speaking about reverse proxy or ssl use 
>>>> but I have none of it . 
>>>>
>>>> It has been a while I did not have such a hard time to install an 
>>>> application on Linux. ;) .But I will not give up.
>>>>
>>>> Thanks for your help.
>>>>
>>>> Guillaume.
>>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6d8cb89d-077a-4276-8a33-c23860f612bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog Issue to login after server.conf change

2016-08-02 Thread Guillaume Migaszewski 
Dear Jochen , 

Attached my server.conf. 


Also some additional  curl output 

 curl -v -XPOST 10.1.0.215:9000/system/sessions
* About to connect() to 10.1.0.215 port 9000 (#0)
*   Trying 10.1.0.215... connected
* Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0)
> POST /system/sessions HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 
NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 10.1.0.215:9000
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Allow: GET,OPTIONS
< X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838
< Vary: Accept-Encoding
< Content-Type: application/json
< Date: Tue, 02 Aug 2016 14:27:43 GMT
< Content-Length: 59
<
* Connection #0 to host 10.1.0.215 left intact
* Closing connection #0
{"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[



Guillaume.


On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> please post your complete Graylog configuration file or be more explicit 
> about how the relevant settings (rest_* and web_*) are configured right 
> now.
>
> Also check the Developer Console of your web browser for error messages 
> and post them here.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Graylog users, 
>>
>> I have done an rpm install of Graylog . At first I was not able to login 
>> from any other machine than localhost .As a result , with your assistance , 
>> I have changed following settings  server.conf 
>>
>> rest_listen_uri = http://127.0.0.1:12900/
>> rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)
>>
>> web_listen_uri = http://127.0.0.1:9000/
>> web_listen_uri = http://10.1.0.215:9000/
>>
>>
>> As a result  I can reach login screen from any workstation. But after 
>> sending my credentials I have following error message : 
>>
>> Error - the server returned: 405 - cannot POST /system/sessions (405)
>>
>>
>> All resources I have found are speaking about reverse proxy or ssl use 
>> but I have none of it . 
>>
>> It has been a while I did not have such a hard time to install an 
>> application on Linux. ;) .But I will not give up.
>>
>> Thanks for your help.
>>
>> Guillaume.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8b277a0b-e32a-466c-916e-56e02430f0d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
# If you are running more than one instances of Graylog server you have to 
select one of these
# instances as master. The master will perform some periodical tasks that 
non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after 
restarts. It is a good idea
# to use an absolute file path here if you are starting Graylog server from 
init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at 
least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret = removed

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to 
initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If 
you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = removed

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user. See 
http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

# REST API listen URI. Must be reachable by other Graylog server nodes if you 
run a cluster.
# When using Graylog Collectors, this URI will be used to receive heartbeat 
messages and must be accessible for all collectors.
rest_listen_uri = http://10.1.0.215:12900/

# REST API transport address. Defaults to the value of rest_listen_uri. 
Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system 
address is used.
# If

[graylog2] New to graylog Issue to login after server.conf change

2016-08-02 Thread Guillaume Migaszewski 
Dear Graylog users, 

I have done an rpm install of Graylog . At first I was not able to login 
from any other machine than localhost .As a result , with your assistance , 
I have changed following settings  server.conf 

rest_listen_uri = http://127.0.0.1:12900/
rest_listen_uri = http://10.1.0.215:12900/(10.1.0.215 my server ip)

web_listen_uri = http://127.0.0.1:9000/
web_listen_uri = http://10.1.0.215:9000/


As a result  I can reach login screen from any workstation. But after 
sending my credentials I have following error message : 

Error - the server returned: 405 - cannot POST /system/sessions (405)


All resources I have found are speaking about reverse proxy or ssl use but 
I have none of it . 

It has been a while I did not have such a hard time to install an 
application on Linux. ;) .But I will not give up.

Thanks for your help.

Guillaume.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/6fc975d9-a04d-4da6-8bcc-f7985d3ed99d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Indeed. I have tried this but did not have the idea to change both settings 
at the same time. 

So now I can have the login screen . I have another issue now ... will 
start a new thread If I cannot solve it by myslef. 

Jochen , A big thank you for your help. 

Cheers

Guillaume.



On Tuesday, August 2, 2016 at 1:44:34 PM UTC+2, Jochen Schalanda wrote:
>
> Hi 
>
> please read 
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#configuration-options
>  
> (and this time really do it).
>
> 127.0.0.1 is the so called loopback address that is only available on the 
> very machine itself. If you want to access Graylog from outside the 
> machine, you need to use the public IP address (or host name) of the system 
> in both of those settings, for example:
>
> web_listen_uri = http://10.1.0.215:9000
> rest_listen_uri = http://10.1.0.215:12900
>
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 13:16:14 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Jochen, 
>>
>> I have followed the step by setup install guide .
>> so my settings are default
>> rest_listen_uri = http://127.0.0.1:12900/
>>
>> I did one change here but no success 
>>
>> web_listen_uri = http://127.0.0.1:9000/
>>
>> Regards
>>
>> Guillaume.
>>
>> On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> did you configure the relevant settings (rest_listen_uri, web_listen_uri) 
>>> correctly?
>>>
>>> Please also check the logs of your Graylog server to find out on which 
>>> interfaces the Graylog web interface and the Graylog REST API are available.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote:
>>>>
>>>> Using Fiddler to troubleshoot connectivity from web browser . I have 
>>>> following error message . Maybe it will speak to some experts .  I have 
>>>> the 
>>>> impression the server is refusing to create a connection , sending a reset 
>>>> instead of an ack .
>>>>
>>>>
>>>> [Fiddler] The connection to '10.1.0.215' failed. 
>>>> Error: ConnectionRefused (0x274d). 
>>>> System.Net.Sockets.SocketException No connection could be made because 
>>>> the target machine actively refused it 10.1.0.215:9000
>>>>
>>>>
>>>>
>>>> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
>>>> wrote:
>>>>>
>>>>> Thanks a lot for this outstanding help . 
>>>>>
>>>>> I ll check those links .  I am impressed by your knowledge regarding 
>>>>> REST API and graylog.
>>>>>
>>>>> I ll let you know. 
>>>>>
>>>>> Thanks for your time.
>>>>>
>>>>> Guillaume.
>>>>>
>>>>> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda 
>>>>> wrote:
>>>>>>
>>>>>> Hi Guillaume,
>>>>>>
>>>>>> usually it's working out-of-the-box. Check the Developer (JavaScript) 
>>>>>> Console of your web browsers for error messages:
>>>>>>
>>>>>>- 
>>>>>>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>>>>>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>>>>>>
>>>>>> Typically the problem is either the mixed content policy of your web 
>>>>>> browser (e. g. using HTTPS only for the web interface but not for the 
>>>>>> Graylog REST API) or having the Graylog REST API not publicly accessible 
>>>>>> for your web browser.
>>>>>>
>>>>>> Cheers,
>>>>>> Jochen
>>>>>>
>>>>>>
>>>>>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>>>>>>
>>>>>>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>>>>>>
>>>>>>> Is it working out of the box or do I have to do something on web 
>>>>>>> browser side ? 
>>>>>>>
>>>>>>> Until now I was looking on server side , configuration file. But I 
>>>>>>> see no parameters for restriction ... .
>>>&g

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Dear Jochen, 

I have followed the step by setup install guide .
so my settings are default
rest_listen_uri = http://127.0.0.1:12900/

I did one change here but no success 

web_listen_uri = http://127.0.0.1:9000/

Regards

Guillaume.

On Tuesday, August 2, 2016 at 1:09:34 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> did you configure the relevant settings (rest_listen_uri, web_listen_uri) 
> correctly?
>
> Please also check the logs of your Graylog server to find out on which 
> interfaces the Graylog web interface and the Graylog REST API are available.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 13:00:40 UTC+2, Guillaume Migaszewski wrote:
>>
>> Using Fiddler to troubleshoot connectivity from web browser . I have 
>> following error message . Maybe it will speak to some experts .  I have the 
>> impression the server is refusing to create a connection , sending a reset 
>> instead of an ack .
>>
>>
>> [Fiddler] The connection to '10.1.0.215' failed. 
>> Error: ConnectionRefused (0x274d). 
>> System.Net.Sockets.SocketException No connection could be made because 
>> the target machine actively refused it 10.1.0.215:9000
>>
>>
>>
>> On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
>> wrote:
>>>
>>> Thanks a lot for this outstanding help . 
>>>
>>> I ll check those links .  I am impressed by your knowledge regarding 
>>> REST API and graylog.
>>>
>>> I ll let you know. 
>>>
>>> Thanks for your time.
>>>
>>> Guillaume.
>>>
>>> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>>>>
>>>> Hi Guillaume,
>>>>
>>>> usually it's working out-of-the-box. Check the Developer (JavaScript) 
>>>> Console of your web browsers for error messages:
>>>>
>>>>- 
>>>>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>>>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>>>>
>>>> Typically the problem is either the mixed content policy of your web 
>>>> browser (e. g. using HTTPS only for the web interface but not for the 
>>>> Graylog REST API) or having the Graylog REST API not publicly accessible 
>>>> for your web browser.
>>>>
>>>> Cheers,
>>>> Jochen
>>>>
>>>>
>>>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>>>>
>>>>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>>>>
>>>>> Is it working out of the box or do I have to do something on web 
>>>>> browser side ? 
>>>>>
>>>>> Until now I was looking on server side , configuration file. But I see 
>>>>> no parameters for restriction ... .
>>>>>
>>>>> I am lost .
>>>>>
>>>>> Thanks for your assistance. 
>>>>>
>>>>> Guillaume.
>>>>>
>>>>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda 
>>>>> wrote:
>>>>>>
>>>>>> Hi Guillaume,
>>>>>>
>>>>>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>>>>>> directly. You browser must be able to communicate with the Graylog REST 
>>>>>> API.
>>>>>>
>>>>>> Cheers,
>>>>>> Jochen
>>>>>>
>>>>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>>>>>>
>>>>>>> Hello Jochen, 
>>>>>>>
>>>>>>> Thanks for your reply and for taking some time to read my post. 
>>>>>>>
>>>>>>> Classic install , rpm based. Yes I have seen this page... but it is 
>>>>>>> not entirely clear for me. I have no firewall in place for testing.
>>>>>>>
>>>>>>> Do I need to setup a proxy to access my graylog server web interface 
>>>>>>> from another computer than my server ?.
>>>>>>>
>>>>>>> from the Doc  
>>>>>>>
>>>>>>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>>>>>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>>>>>>> default

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Using Fiddler to troubleshoot connectivity from web browser . I have 
following error message . Maybe it will speak to some experts .  I have the 
impression the server is refusing to create a connection , sending a reset 
instead of an ack .


[Fiddler] The connection to '10.1.0.215' failed. 
Error: ConnectionRefused (0x274d). 
System.Net.Sockets.SocketException No connection could be made because the 
target machine actively refused it 10.1.0.215:9000



On Tuesday, August 2, 2016 at 12:46:48 PM UTC+2, Guillaume Migaszewski 
wrote:
>
> Thanks a lot for this outstanding help . 
>
> I ll check those links .  I am impressed by your knowledge regarding REST 
> API and graylog.
>
> I ll let you know. 
>
> Thanks for your time.
>
> Guillaume.
>
> On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Guillaume,
>>
>> usually it's working out-of-the-box. Check the Developer (JavaScript) 
>> Console of your web browsers for error messages:
>>
>>- 
>>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>>
>> Typically the problem is either the mixed content policy of your web 
>> browser (e. g. using HTTPS only for the web interface but not for the 
>> Graylog REST API) or having the Graylog REST API not publicly accessible 
>> for your web browser.
>>
>> Cheers,
>> Jochen
>>
>>
>> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>>
>>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>>
>>> Is it working out of the box or do I have to do something on web browser 
>>> side ? 
>>>
>>> Until now I was looking on server side , configuration file. But I see 
>>> no parameters for restriction ... .
>>>
>>> I am lost .
>>>
>>> Thanks for your assistance. 
>>>
>>> Guillaume.
>>>
>>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>>>>
>>>> Hi Guillaume,
>>>>
>>>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>>>> directly. You browser must be able to communicate with the Graylog REST 
>>>> API.
>>>>
>>>> Cheers,
>>>> Jochen
>>>>
>>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>>>>
>>>>> Hello Jochen, 
>>>>>
>>>>> Thanks for your reply and for taking some time to read my post. 
>>>>>
>>>>> Classic install , rpm based. Yes I have seen this page... but it is 
>>>>> not entirely clear for me. I have no firewall in place for testing.
>>>>>
>>>>> Do I need to setup a proxy to access my graylog server web interface 
>>>>> from another computer than my server ?.
>>>>>
>>>>> from the Doc  
>>>>>
>>>>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>>>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>>>>> default, see rest_listen_uri and rest_transport_uri) must be accessible 
>>>>> by 
>>>>> everyone using the web interface. This means that both components must 
>>>>> listen on a public network interface or be exposed to one using a proxy 
>>>>> or 
>>>>> NAT!
>>>>>
>>>>>
>>>>> I am not use to this REST API ... so I am confused. ... ah the good 
>>>>> old LAMP setup ... ;) .
>>>>>
>>>>> Regards
>>>>>
>>>>> Guillaume
>>>>>
>>>>>
>>>>>
>>>>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda 
>>>>> wrote:
>>>>>>
>>>>>> Hi Guillaume,
>>>>>>
>>>>>> how exactly did you install Graylog (OVA, OS packages, or manual 
>>>>>> install/environment specifics)? Did you read 
>>>>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html
>>>>>> ?
>>>>>>
>>>>>> Cheers,
>>>>>> Jochen
>>>>>>
>>>>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>>>>>>
>>>>>>> Dear Graylog group,
>>>>>>>
>>>>>>> I am new to graylog. I have successfully installed latest version of 
>>>>>>> graylog 2.0.3 according to official documentation. Graylog is working 
>>>>>>> but 
>>>>>>>  I can only login via local host http://127.0.0.1:9000 ... not 
>>>>>>> ideal when your servers are setup to init3 ... . 
>>>>>>>
>>>>>>> As a result I would like to know if this is the normal behavior . I 
>>>>>>> was thinking about using Apache with mod proxy ... a bit overkill but 
>>>>>>> ... .
>>>>>>>
>>>>>>> Thanks for you help.
>>>>>>>
>>>>>>> Guillaume.
>>>>>>>
>>>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2b3187ab-8d1a-4a16-94a1-d8d8549c4443%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Thanks a lot for this outstanding help . 

I ll check those links .  I am impressed by your knowledge regarding REST 
API and graylog.

I ll let you know. 

Thanks for your time.

Guillaume.

On Tuesday, August 2, 2016 at 12:41:33 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> usually it's working out-of-the-box. Check the Developer (JavaScript) 
> Console of your web browsers for error messages:
>
>- 
>https://developers.google.com/web/tools/chrome-devtools/debug/console/
>- https://msdn.microsoft.com/en-us/library/gg589530(v=vs.85).aspx
>
> Typically the problem is either the mixed content policy of your web 
> browser (e. g. using HTTPS only for the web interface but not for the 
> Graylog REST API) or having the Graylog REST API not publicly accessible 
> for your web browser.
>
> Cheers,
> Jochen
>
>
> On Tuesday, 2 August 2016 12:35:38 UTC+2, Guillaume Migaszewski wrote:
>>
>> Well I have a connection refused message from IE 10 and Chrome 52 . 
>>
>> Is it working out of the box or do I have to do something on web browser 
>> side ? 
>>
>> Until now I was looking on server side , configuration file. But I see no 
>> parameters for restriction ... .
>>
>> I am lost .
>>
>> Thanks for your assistance. 
>>
>> Guillaume.
>>
>> On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> the web interface of Graylog 2.x is accessing the Graylog REST API 
>>> directly. You browser must be able to communicate with the Graylog REST API.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>>>
>>>> Hello Jochen, 
>>>>
>>>> Thanks for your reply and for taking some time to read my post. 
>>>>
>>>> Classic install , rpm based. Yes I have seen this page... but it is not 
>>>> entirely clear for me. I have no firewall in place for testing.
>>>>
>>>> Do I need to setup a proxy to access my graylog server web interface 
>>>> from another computer than my server ?.
>>>>
>>>> from the Doc  
>>>>
>>>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>>>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>>>> default, see rest_listen_uri and rest_transport_uri) must be accessible by 
>>>> everyone using the web interface. This means that both components must 
>>>> listen on a public network interface or be exposed to one using a proxy or 
>>>> NAT!
>>>>
>>>>
>>>> I am not use to this REST API ... so I am confused. ... ah the good old 
>>>> LAMP setup ... ;) .
>>>>
>>>> Regards
>>>>
>>>> Guillaume
>>>>
>>>>
>>>>
>>>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>>>>>
>>>>> Hi Guillaume,
>>>>>
>>>>> how exactly did you install Graylog (OVA, OS packages, or manual 
>>>>> install/environment specifics)? Did you read 
>>>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>>>>>
>>>>> Cheers,
>>>>> Jochen
>>>>>
>>>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>>>>>
>>>>>> Dear Graylog group,
>>>>>>
>>>>>> I am new to graylog. I have successfully installed latest version of 
>>>>>> graylog 2.0.3 according to official documentation. Graylog is working 
>>>>>> but 
>>>>>>  I can only login via local host http://127.0.0.1:9000 ... not 
>>>>>> ideal when your servers are setup to init3 ... . 
>>>>>>
>>>>>> As a result I would like to know if this is the normal behavior . I 
>>>>>> was thinking about using Apache with mod proxy ... a bit overkill but 
>>>>>> ... .
>>>>>>
>>>>>> Thanks for you help.
>>>>>>
>>>>>> Guillaume.
>>>>>>
>>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3301b380-5fcb-4f2d-aabb-4a2dec6bd39a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Well I have a connection refused message from IE 10 and Chrome 52 . 

Is it working out of the box or do I have to do something on web browser 
side ? 

Until now I was looking on server side , configuration file. But I see no 
parameters for restriction ... .

I am lost .

Thanks for your assistance. 

Guillaume.

On Tuesday, August 2, 2016 at 12:29:40 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> the web interface of Graylog 2.x is accessing the Graylog REST API 
> directly. You browser must be able to communicate with the Graylog REST API.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 12:25:39 UTC+2, Guillaume Migaszewski wrote:
>>
>> Hello Jochen, 
>>
>> Thanks for your reply and for taking some time to read my post. 
>>
>> Classic install , rpm based. Yes I have seen this page... but it is not 
>> entirely clear for me. I have no firewall in place for testing.
>>
>> Do I need to setup a proxy to access my graylog server web interface from 
>> another computer than my server ?.
>>
>> from the Doc  
>>
>> Both the web interface port (http://127.0.0.1:9000/ by default, see 
>> web_listen_uri) and the REST API port (http://127.0.0.1:12900 by 
>> default, see rest_listen_uri and rest_transport_uri) must be accessible by 
>> everyone using the web interface. This means that both components must 
>> listen on a public network interface or be exposed to one using a proxy or 
>> NAT!
>>
>>
>> I am not use to this REST API ... so I am confused. ... ah the good old 
>> LAMP setup ... ;) .
>>
>> Regards
>>
>> Guillaume
>>
>>
>>
>> On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>>>
>>> Hi Guillaume,
>>>
>>> how exactly did you install Graylog (OVA, OS packages, or manual 
>>> install/environment specifics)? Did you read 
>>> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>>>
>>>> Dear Graylog group,
>>>>
>>>> I am new to graylog. I have successfully installed latest version of 
>>>> graylog 2.0.3 according to official documentation. Graylog is working but 
>>>>  I can only login via local host http://127.0.0.1:9000 ... not 
>>>> ideal when your servers are setup to init3 ... . 
>>>>
>>>> As a result I would like to know if this is the normal behavior . I was 
>>>> thinking about using Apache with mod proxy ... a bit overkill but ... .
>>>>
>>>> Thanks for you help.
>>>>
>>>> Guillaume.
>>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dfc464e0-2c58-4947-ae83-7935d07a667a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Hello Jochen, 

Thanks for your reply and for taking some time to read my post. 

Classic install , rpm based. Yes I have seen this page... but it is not 
entirely clear for me. I have no firewall in place for testing.

Do I need to setup a proxy to access my graylog server web interface from 
another computer than my server ?.

from the Doc  

Both the web interface port (http://127.0.0.1:9000/ by default, see 
web_listen_uri) and the REST API port (http://127.0.0.1:12900 by default, 
see rest_listen_uri and rest_transport_uri) must be accessible by everyone 
using the web interface. This means that both components must listen on a 
public network interface or be exposed to one using a proxy or NAT!


I am not use to this REST API ... so I am confused. ... ah the good old 
LAMP setup ... ;) .

Regards

Guillaume



On Tuesday, August 2, 2016 at 12:12:58 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> how exactly did you install Graylog (OVA, OS packages, or manual 
> install/environment specifics)? Did you read 
> http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html?
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 11:59:14 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Graylog group,
>>
>> I am new to graylog. I have successfully installed latest version of 
>> graylog 2.0.3 according to official documentation. Graylog is working but 
>>  I can only login via local host http://127.0.0.1:9000 ... not ideal 
>> when your servers are setup to init3 ... . 
>>
>> As a result I would like to know if this is the normal behavior . I was 
>> thinking about using Apache with mod proxy ... a bit overkill but ... .
>>
>> Thanks for you help.
>>
>> Guillaume.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/80ba063a-3bcd-44ba-bd88-228706977687%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] New to graylog fresh install can only login to graylog via localhost

2016-08-02 Thread Guillaume Migaszewski 
Dear Graylog group,

I am new to graylog. I have successfully installed latest version of 
graylog 2.0.3 according to official documentation. Graylog is working but 
 I can only login via local host http://127.0.0.1:9000 ... not ideal 
when your servers are setup to init3 ... . 

As a result I would like to know if this is the normal behavior . I was 
thinking about using Apache with mod proxy ... a bit overkill but ... .

Thanks for you help.

Guillaume.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/accaf9e0-07c9-4890-923e-2cf3cd7cd0be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.