[graylog2] Re: When to scale resources for Graylog???

[HockeyFan0000]

On Monday, July 25, 2016 at 1:45:16 PM UTC-4, roberto...@gmail.com wrote:
>
> People, I have a Graylog 1.3 server in just one Linux box (Debian 8), so I 
> mean I have one Elasticsearch node.
>
> Nowadays I'm receiveing about 4000/6000 logs/second. I had to increase the 
> memory heap size of JVM, and used CPU x 10  and RAM x 40GB and after that 
> everything seems OK, because I have near 200/800 unprocessed messages as 
> maximum everytime.
>
> When do you recommend to scale to more Elasticsearch nodes or to have 
> diferent MongoDB's or somethinh like that???
>
> Is there a logs/seg threshold meaning I have to scale to a distributed 
> architecture???
>
> Thanks a lot!!!
>
> Roberto 
>


I can tell you from experience it's unlikely any one server will handle 
that amount of logs per/sec.  I had Graylog installed on a physical server 
with the same specs as my VMware hosts, except with less memory, and it 
couldn't stand the load.  Your best bet is going to be to do an 
Elasticsearch cluster of two servers and have your Graylog server be a 
third node of that cluster.  You'll want your Graylog server to be the 
Elasticsearch master and not store any data or do any indexing.  That will 
push off much of the load and give you some resiliency.  You don't have 
much to worry about with MongoDB.  It mostly stores configuration settings, 
although I think it does store logs that can't be indexed to Elasticsearch 
(don't hold me to that statement, but I'm pretty sure that's what I've 
read).

You could also load-balance several Graylog servers by running them behind 
HAProxy, or maybe even PFSense.  I don't think you'll get the performance 
you want without doing so.  I'm certainly no Graylog expert, but It would 
have to be one monster server to do everything with that much load. 
 Another option is to simply limit what you log.  If you're logging 
Windows, you'll get tons of junk log entries.  You can have more granular 
control with the 'auditpol' command.


-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/781fbb06-cc43-4204-885d-80add6b9f26d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog breaking for unknown reason

[HockeyFan0000]

A couple of weeks ago, I installed Graylog.  It was working fine but there 
were a lot of loose ends to take care of.  While I was tightening down 
iptables so the server could only talk to our LAN, I created a rule and 
broke the Graylog connection.  Even when I disabled the rule, Graylog still 
wouldn't start again because MongoDB was refusing the connection.  I 
thought that I would probably spend less time re-installing everything from 
scratch than to troubleshoot the issue.  So, I nuked and paved.

The new server has been running great for a week and has collected about 
65GB of logs.  Today, once again, I was tightening IPtables and now Graylog 
won't start because MongoDB is refusing the connection, even though it's 
listening for connections.  I reverted my IPtables config and even disabled 
rules that were working before.  So, the server is wide open now.  The 
MongoDB log shows no errors or warnings from the time it starts until it 
says it's up and waiting for connections.  Performing a netstat seems to 
confirm MongoDB is listening.

Neither of the times I've been creating IPtables rules should the rules 
have stopped anything from happening.  One of the times Graylog server 
stopped working, I created a rule to allow the localhost, restarted the 
server I was up and running again.  I have a two server Elasticsearch 
cluster with a third Graylog server acting as the Elasticsearch master. 
 The Elasticsearch cluster is green.

So, my questions are:

   1. Is it necessary to allow the localhost through IPtables or am I 
   missing something else?
   2. Has anyone else ran into this?
   3. Why would it still be broken?
   4. How can I fix it?

Any help you can give is greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1865c8bd-8ff9-4865-8be4-dc8fd8df5961%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog can't connect to MongoDB

[HockeyFan0000]

Thank you very much.  After looking at the configuration for so long, it 
simply took a fresh set of eyes to find the issue.  I did also have to set 
'mongodb_useauth" to 'false'.  Other than that, you have me the answer that 
was right in front of my face.  Thank you again.



On Monday, May 9, 2016 at 11:07:16 AM UTC-4, Jochen Schalanda wrote:
>
> Hi,
>
> make sure that there is only one mongodb_uri configuration setting in 
> your configuration file (currently there are 2) and that the configured 
> MongoDB server can be reached through the given MongoDB URI.
>
> In your case, there doesn't seem to be a MongoDB server running on 
> localhost on port 27017 (maybe use the IP address).
>
> Cheers,
> Jochen
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/16c43447-bc73-40f0-bf63-f9406a93ea33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog can't connect to MongoDB

[HockeyFan0000]

This is a new installation of Graylog2, MongoDB and Elasticsearch.  The 
Graylog login page says there are no Graylog servers.  When looking in the 
logs for Graylog, I see the following errors:

*2016-05-09T09:12:22.090-04:00 ERROR [CmdLineTool] Guice error (more detail on 
log level debug): Error injecting constructor, 
com.mongodb.MongoTimeoutException: Timed out after 1 ms while waiting for a 
server that matches AnyServerSelector{}. Client view of cluster state is 
{type=Unknown, servers=[{address=localhost:27017, type=Unknown, 
state=Connecting, exception={com.mongodb.MongoException$Network: Exception 
opening the socket}, caused by {java.net.ConnectException: Connection 
refused}}]*

and


*2016-05-09T09:12:35.136-04:00 ERROR [MongoConnectionProvider] Error connecting 
to MongoDB: Timed out after 1 ms while waiting to connect. Client view of 
cluster state is {type=Unknown, servers=[{address=localhost:27017, 
type=Unknown, state=Connecting, exception={com.mongodb.MongoException$Network: 
Exception opening the socket}, caused by {java.net.ConnectException: Connection 
refused}}]*



My configuration is below.  I've edited the password secret and root 
password lines.  I've also tried commenting out the line (which, it 
originally was when I first noticed this issue) to authenticate against 
MongoDB, but it still doesn't work.  
Any help you can give is greatly appreciated.

---

# If you are running more than one instances of graylog2-server you have to 
select one of these
# instances as master. The master will perform some periodical tasks that 
non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after 
restarts. It is a good idea
# to use an absolute file path here if you are starting graylog2-server 
from init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. 
Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret = 
n9GrMSZcZgRU0YZ8qQWPds2TCdlfmf88sfd8krewwer88fsdakwer8531NZ0QiDmdDYfUxm0XaVn1g8HgfDR9m

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need 
to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. 
If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = 
8ee22e8fdaskj8fdsa8uksadfuk8fsda8kukrw3were0d34e3bd081c48953d078665

# The email address of the root user.
# Default is empty
root_email = "test...@test.com"

# The time zone setting of the root user.
# The configured time zone must be parseable by 
http://www.joda.org/joda-time/apidocs/org/joda/time/DateTimeZone.html#forID-java.lang.String-
# Default is UTC
root_timezone = UTC

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

# REST API listen URI. Must be reachable by other graylog2-server nodes if 
you run a cluster.
rest_listen_uri = http://172.20.10.250:12900/

# REST API transport address. Defaults to the value of rest_listen_uri. 
Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 
system address is used.
# If set, his will be promoted in the cluster discovery APIs, so other 
nodes may try to connect on
# this address and it is used to generate URLs addressing entities in the 
REST API. (see rest_listen_uri)
# You will need to define this, if your Graylog server is running behind a 
HTTP proxy that is rewriting
# the scheme, host name or URI.
#rest_transport_uri = http://192.168.1.1:12900/

# Enable CORS headers for REST API. This is necessary for JS-clients 
accessing the server directly.
# If these are disabled, modern browsers will not be able to retrieve 
resources from the server.
# This is disabled by default. Uncomment the next line to enable it.
#rest_enable_cors = true

# Enable GZIP support for REST API. This compresses API responses and 
therefore helps to reduce
# overall round trip times. This is disabled by default. Uncomment the next 
line to enable it.
#rest_enable_gzip = true

# Enable HTTPS support for the REST API. This secures the communication 
with the REST API with
# TLS to prevent request forgery and eavesdropping. This is disabled by 
default. Uncomment the
# next line to enable it.
#rest_enable_tls = true

# The X.509 certificate file to use for securing the REST API.
#rest_tls_cert_file = /path/to/graylog2.crt

# The private key to use 

[graylog2] Re: Syslog events going into a black hole.

[HockeyFan0000]

One correction.  In my last post, I stated syslog was collecting 55k 
messages per minute.  That is incorrect.  I had collected 55k in the 
previous 8hrs.  Now, the problem seems even worse.  I've only collected 
3300 messages in the past 8hrs with no changes being made and still no sign 
of any problems that I can find.  Any help is greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/16d868b4-1087-485b-a8ee-c76994a1cc29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Syslog events going into a black hole.

[HockeyFan0000]

Yes.  There is some traffic on that input.  It's collecting about 55k 
messages per minute.  But, it should be much higher than that. It may well 
be missing 50-75% of what should be collected.  Most of my equipment 
doesn't have an option to specify the syslog port, so I'm stuck with port 
514.  I have pointed a few devices to the forwarded port and those messages 
are being collected.  So, some are collected on my DNAT'd port (10514) and 
some are being collected on the normal syslog port.  There is also some 
traffic that is not being collected on both of those ports as well.



On Wednesday, November 25, 2015 at 5:20:20 AM UTC-5, Jochen Schalanda wrote:
>
> Hi,
>
> is there any traffic showing for your Syslog inputs in Graylog? You can 
> check this in the web interface on the System -> Inputs page. Or maybe 
> there simply was an error message that Graylog couldn't start the input on 
> the privileged port (514/udp).
>
> Regarding the privileged port for syslog (514/udp), you can simply use 
> something like authbind (http://packages.ubuntu.com/trusty/authbind) to 
> allow the Java process to bind to a port <1024. The DEB packages already 
> come with support for this (which I'd recommend to install instead of using 
> the manual installation method on Debian or Ubuntu Linux).
>
>
> Cheers,
> Jochen
>
> On Tuesday, 24 November 2015 19:45:54 UTC+1, HockeyFan wrote:
>>
>> I've completed a manual installation using these instructions: 
>> http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html.
>>  
>> The installation went quickly and was fairly uneventful (no pun intended), 
>> other than a few typos on my part.
>>
>> Everything seems to be running great, there are no Elasticsearch cluster 
>> errors, no failed indexing attempts, CPU is consistently less than 20%, RAM 
>> usage is 4GB (out of 16GB), disk usage is only 4%.  I don't see any signs 
>> that anything is wrong.  I've collected almost 350 million logs in 11 
>> days.  All of the GELF events seem to be collected.  But, many, maybe even 
>> the vast majority, of the plain syslog (UDP port 514) logs seem to be 
>> missing.  I can run a live tcpdump to screen and see the missing logs 
>> arriving to the server.  But they either aren't being collected or aren't 
>> being indexed because I can't find them with a search.  I'm aware that, 
>> with the manual installation, UDP port 514 needs to be forwarded to a 
>> higher port, so I've forwarded that port to UDP port 10514 and that's the 
>> port in my syslog input.
>>
>> I've got 30 wireless APs, an ESX host and a few network switches pointed 
>> to this server, yet the graphs show I'm only collecting about 100 events 
>> per minute.  I've looked in the Graylog and Elasticsearch logs and I don't 
>> see anything that seems remotely related.  Does anyone have any ideas where 
>> these things are going?  Also, is there a way around having to forward port 
>> 514 to another port?  Any help is greatly appreciated.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/270bd18d-ec9f-43fb-ad12-b15d340178a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: not able to start graylog2 server service

[HockeyFan0000]

Many people use the following link to install: 
https://www.digitalocean.com/community/tutorials/how-to-install-graylog2-and-centralize-logs-on-ubuntu-14-04

If you are using that link, you will likely get the error you are getting, 
because the version is old (as someone stated earlier).

Use these instructions instead: 
http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html

I never could get Graylog working with the first set of instructions but 
I've used the second set on two separate servers and got it working about 
30 minutes.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c46f90a4-f65b-4742-a149-508fb96a733f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Syslog events going into a black hole.

[HockeyFan0000]

I've completed a manual installation using these instructions: 
http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html.
 
The installation went quickly and was fairly uneventful (no pun intended), 
other than a few typos on my part.

Everything seems to be running great, there are no Elasticsearch cluster 
errors, no failed indexing attempts, CPU is consistently less than 20%, RAM 
usage is 4GB (out of 16GB), disk usage is only 4%.  I don't see any signs 
that anything is wrong.  I've collected almost 350 million logs in 11 
days.  All of the GELF events seem to be collected.  But, many, maybe even 
the vast majority, of the plain syslog (UDP port 514) logs seem to be 
missing.  I can run a live tcpdump to screen and see the missing logs 
arriving to the server.  But they either aren't being collected or aren't 
being indexed because I can't find them with a search.  I'm aware that, 
with the manual installation, UDP port 514 needs to be forwarded to a 
higher port, so I've forwarded that port to UDP port 10514 and that's the 
port in my syslog input.

I've got 30 wireless APs, an ESX host and a few network switches pointed to 
this server, yet the graphs show I'm only collecting about 100 events per 
minute.  I've looked in the Graylog and Elasticsearch logs and I don't see 
anything that seems remotely related.  Does anyone have any ideas where 
these things are going?  Also, is there a way around having to forward port 
514 to another port?  Any help is greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/64aec5d1-2424-43f5-891d-6ab690a9997a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog cant handle large amounts of incoming logs

[HockeyFan0000]

 Initially, I used the OVA as well and I got horrendous performance.  I 
pointed only two file servers and two domain controllers to that 
installation and the VM was so busy the web interface would hang 
constantly.  I created another VM and installed Graylog using these 
instructions 

 
and got great performance, even with the same memory and CPU core count.  
Once I got Graylog working on the VM, I used the same instructions to 
install it on a physical server.  So far, I've collected almost 400 million 
log events in 11 days and the highest I've seen the CPU usage has been 14% 
with only 16GB of RAM.  My suggestion is to ditch the OVA altogether.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/aab67b34-d5a6-4b4c-9957-24d7ad1aa566%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog cant handle large amounts of incoming logs

[HockeyFan0000]

Initially, I used the OVA as well and I got horrendous performance.  I 
pointed only two file servers and two domain controllers to that 
installation and the VM was so busy the web interface would hang 
constantly.  I created another VM and installed Graylog using these 
instructions 

 
and got great performance, even with the same memory and CPU core count.  
Once I got Graylog working on the VM, I used the same instructions to 
install it on a physical server.  So far, I've collected almost 400 million 
log events in 11 days and the highest I've seen the CPU usage has been 14% 
with only 16GB of RAM.  My suggestion is to ditch the OVA altogether.





On Monday, November 23, 2015 at 6:38:50 AM UTC-5, Matthew Simon wrote:
>
> Hi Jochen 
>
> I installed Graylog2 via the OVA I downloaded off the Site.
>
> It can fluctuate you see there are specials that run on the website which 
> can cause massive amounts of traffic so it can be fine one week then within 
> the span of 2 days I can get anything from 1million messages to 4 million 
> messages. Common story is that it cant keep up with that influx of messages.
>
> Grok patterns that I use. Please see attachment Grokpatternsfile.txt
>
> Extractors please see attachment Extractors.txt
>
> I have not setup dashboards or streams as of yet.
>
> Purpose of Graylog is im trying to extract WAF logs (so if there is a 
> better way of doing this please help.)
>
> If there is more info you want please let me know and I do appreciate your 
> help in advance.
>
> Thanks 
>
>
> On Monday, November 23, 2015 at 12:58:45 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Matthew,
>>
>> to not duplicate the information you already gave on Twitter (
>> https://twitter.com/Malfufi/status/668724729629556736):
>>
>>> heap 1.4G (changeability?) no local configuration has been made to 
>>> optimize,85mill and CPU 100% RAM 100%
>>
>>
>> The heap size of Graylog can be changed quite easily. How did you install 
>> Graylog in the first place (OVA, DEB packages, RPM packages, tarball…)?
>>
>> "85 mill" what exactly? Messages per second/minute/hour/day/week/month? 
>> Are you running any extractors (e. g. RegEx or Grok extractors) or defined 
>> streams with relatively complicated regular expression rules?
>>
>>
>> Cheers,
>> Jochen
>>
>> On Monday, 23 November 2015 10:55:48 UTC+1, Matthew Simon wrote:
>>>
>>> Hi Guys 
>>>
>>>
>>> I have a problem!
>>>
>>>
>>> I receive large amounts of logs to my Graylog2 server and i feel that 
>>> the server cant keep up with the incoming logs, Is there a way that I can 
>>> optimize my configuration to handle large amounts of LOGS. 
>>>
>>>
>>> Please see the image bellow.
>>>
>>>
>>> Thanks in advance.
>>>
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a2179e59-3d64-48f3-9a62-a395f7d14751%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: No Graylog servers available.

[HockeyFan0000]

Thank you for your reply.  I gave Graylog write permissions on the folders 
in that path and restarted the 'graylog-server' service, but nothing has 
changed.  I'm still getting the same error in the log.  Do you have any 
other suggestions?




On Saturday, September 5, 2015 at 4:25:39 AM UTC-4, Jochen Schalanda wrote:
>
> Hi,
>
> ERROR: Unable to access file /data
>>
>>
> Graylog needs write-access to the /data directory (also see 
> message_journal_dir, 
> https://github.com/Graylog2/graylog2-server/blob/1.1.6/misc/graylog2.conf#L254-L256).
>  
> You have to ensure that the Graylog system user is allowed to enter, read, 
> and write into that directory or use another directory for the message 
> journal.
>
>
> Cheers,
> Jochen
>
> On Saturday, 5 September 2015 10:19:39 UTC+2, HockeyFan wrote:
>>
>> I keep getting that message on the web interface.  The information in the 
>> error log really doesn't mean much to me.  Can any of you tell me what this 
>> means?
>>
>>
>>
>> 2015-09-04T15:17:16.342-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.343-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.343-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.344-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.345-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.345-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.345-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.347-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.347-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.347-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.352-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.352-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.353-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.354-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.354-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.354-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.356-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.356-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.356-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.358-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.358-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.358-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.359-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.359-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.360-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.361-04:00 INFO  [node] [syslog01] version[1.6.2], 
>> pid[5922], build[6220391/2015-07-29T09:24:47Z]
>> 2015-09-04T15:17:16.361-04:00 INFO  [node] [syslog01] initializing ...
>> 2015-09-04T15:17:16.362-04:00 INFO  [plugins] [syslog01] loaded 
>> [graylog2-monitor], sites []
>> 2015-09-04T15:17:16.388-04:00 ERROR [CmdLineTool] 
>>
>> 
>>
>> ERROR: Unable to access file /data
>>
>> Need help?
>>
>> * Official documentation: http://docs.graylog.org/
>> * Community support: https://www.graylog.org/community-support/
>> * Commercial support: https://www.graylog.com/support/
>>
>> Terminating. :(
>>
>> 
>>
>> 2015-09-04T15:17:16.996-04:00 INFO  [CmdLineTool] Loaded plugins: [Anonymous 
>> Usage Statistics 1.1.1 
>> [org.graylog.plugins.usagestatistics.UsageStatsPlugin]]
>> 2015-09-04T15:17:17.063-04:00 INFO  [CmdLineTool] 

[graylog2] No Graylog servers available.

[HockeyFan0000]

I keep getting that message on the web interface.  The information in the 
error log really doesn't mean much to me.  Can any of you tell me what this 
means?



2015-09-04T15:17:16.342-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.343-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.343-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.344-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.345-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.345-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.345-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.347-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.347-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.347-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.352-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.352-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.353-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.354-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.354-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.354-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.356-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.356-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.356-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.358-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.358-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.358-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.359-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.359-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.360-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.361-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5922], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:16.361-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:16.362-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:16.388-04:00 ERROR [CmdLineTool] 



ERROR: Unable to access file /data

Need help?

* Official documentation: http://docs.graylog.org/
* Community support: https://www.graylog.org/community-support/
* Commercial support: https://www.graylog.com/support/

Terminating. :(



2015-09-04T15:17:16.996-04:00 INFO  [CmdLineTool] Loaded plugins: [Anonymous 
Usage Statistics 1.1.1 [org.graylog.plugins.usagestatistics.UsageStatsPlugin]]
2015-09-04T15:17:17.063-04:00 INFO  [CmdLineTool] Running with JVM arguments: 
-Xms1g -Xmx1g -XX:NewRatio=1 -XX:PermSize=128m -XX:MaxPermSize=256m 
-XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled 
-XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow 
-Dlog4j.configuration=file:///etc/graylog/server/log4j.xml 
-Djava.library.path=/usr/share/graylog-server/lib/sigar
2015-09-04T15:17:19.764-04:00 INFO  [InputBufferImpl] Message journal is 
enabled.
2015-09-04T15:17:20.017-04:00 INFO  [LogManager] Loading log 'messagejournal-0'
2015-09-04T15:17:20.073-04:00 INFO  [KafkaJournal] Initialized Kafka based 
journal at /var/lib/graylog-server/journal
2015-09-04T15:17:20.086-04:00 INFO  [InputBufferImpl] Initialized 
InputBufferImpl with ring size <65536> and wait strategy 
, running 2 parallel message handlers.
2015-09-04T15:17:20.260-04:00 INFO  [NodeId] Node ID: 
3edd9029-4e3f-4b3d-b168-7229d1a02006
2015-09-04T15:17:20.419-04:00 INFO  [node] [syslog01] version[1.6.2], 
pid[5992], build[6220391/2015-07-29T09:24:47Z]
2015-09-04T15:17:20.419-04:00 INFO  [node] [syslog01] initializing ...
2015-09-04T15:17:20.502-04:00 INFO  [plugins] [syslog01] loaded 
[graylog2-monitor], sites []
2015-09-04T15:17:20.537-04:00 INFO  [ProcessBuffer] Initialized ProcessBuffer 
with ring size <65536> and wait strategy .
2015-09-04T15:17:22.080-04:00 INFO  [RulesEngineProvider] No static rules file 
loaded.
2015-09-04T15:17:22.130-04:00 INFO  [OutputBuffer] Initialized OutputBuffer 
with ring size <65536> and wait strategy .