[graylog2] [ANNOUNCE] Graylog v2.2.0-beta.3

2016-12-22 Thread Lennart Koopmann 
Hi everyone,

the Graylog v2.2.0-beta.3 release is now available for download.
Announcement blog post:

  * https://www.graylog.org/blog/78-announcing-graylog-v2-2-0-beta-3

For a more complete overview of new features, please refer to the
beta.2 blog post:
https://www.graylog.org/blog/77-announcing-graylog-v2-2-0-beta-2

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1n%3DgZnE6xtRQ7qZVtGozCjF1JanibR2gvtAn%3DQaEur9gRw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.1.0 has been released

2016-09-01 Thread Lennart Koopmann 
Hi everyone,

we just released the final version of Graylog v2.1.0. You can find all
required information, download links, new features and changelog here:

* https://www.graylog.org/blog/68-announcing-graylog-v-2-1-0-ga

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1n%3DTu8zx_uZTA6gaTYWK90Vu_zmYQDyqv61dWMQboXCgdA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.1.0-beta.4 has been released

2016-08-18 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.1.0-beta.4. Full announcement with new
features and changes can be found here:

* https://www.graylog.org/blog/66-announcing-graylog-2-1-0-beta-4

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nnfH%2B7zpjGPcTzrs_2qOkENogTCUWTtbiow3omxnwtsRA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.1-beta.3 has been released

2016-08-11 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.1-beta.3. Changes, packages and new
features all described and available here:

* https://www.graylog.org/blog/65-announcing-graylog-2-1-0-beta-3

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nnYOHMmDVMOHGbTkk1O1XYGb9_ndRPSTA-e9CJz-fCp1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.1-beta.2 has been released

2016-08-04 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.1-beta.2. Important changes and full
release announcement can be found here:

  * https://www.graylog.org/blog/63-announcing-graylog-v2-1-0-beta-2

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nmqoBanmsLn8FUpf1yX62CT%2B0WgQoc7Q1rNMmek0Sr43g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.1-beta.1 has been released

2016-07-26 Thread Lennart Koopmann 
Hi everyone,

we just released the first beta of Graylog v2.1. It comes with many
smaller fixes/improvements and also two new features:

  * https://www.graylog.org/blog/60-announcing-graylog-v2-1-0-beta-1

Please try it out and let us know about any issues you encounter.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nmi0ywLcmi_NfkOX0DRkrR-qQNO%2BXb-E_9ib73q9j8gAQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.1-alpha.2 has been released

2016-07-13 Thread Lennart Koopmann 
Hi everyone,

we just released the first alpha of Graylog v2.1. This release comes
with many improvements and new features. Announcement:

* https://www.graylog.org/blog/59-announcing-graylog-v2-1-0-alpha-2

Please give it a try and report any bugs or issues you encounter.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nk_PnBXseBAovxFg0SU3%2Bv_gLZq60BRG9H30x1s2t_Pog%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0.3 has been released

2016-06-20 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.0.3, containing bugfixes and improvements:

  * https://www.graylog.org/blog/58-graylog-v2-0-3-released

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nm4ZVs5s_%3DLPFxcRBBmbXq1EDy-W%3Deu28HQ55pCF6quBA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0.2 has been released

2016-05-27 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.0.2. You can find the release notes here:

 * https://www.graylog.org/blog/57-graylog-v2-0-2-released

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nmoMOuPYJ29K_OBsoV4ensq37nzQDSRviM_zMa2NbgFxw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0 has been released

2016-04-27 Thread Lennart Koopmann 
Everyone,

I could not be more proud to announce that we just released Graylog v2.0:

* https://www.graylog.org/blog/55-announcing-graylog-v2-0-ga

I'd like to thank everyone on the Graylog team and the whole community
for the great work that has been done in the last months. Looking
forward to a great future of the project!

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nmjWvbSnsu7kP%3DtEo6HVXh%3DE-hoVYKJFttkoQFSj2oasw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0.0-beta.3 has been released

2016-04-14 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.0.0-beta.3. Read more in the announcement:

* https://www.graylog.org/blog/53-graylog-v2-0-beta-3-released

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nmRdZvqhEs4RcydhY03shd-rU%3DMWtWCRgW%3D6pu_ozp5jQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0.0-beta.2 has been released

2016-04-04 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v2.0.0-beta.2. Read more in the announcement:

* https://www.graylog.org/blog/52-announcing-graylog-v2-0-beta-2

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nkcC8m-dqfOjnnfyn%3DQLzQzDGxa4UkFJjHRuZb_A%2B4qCQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0-beta.1 has been released

2016-03-24 Thread Lennart Koopmann 
Hi everyone,

we just released the first beta of Graylog v2.0. This release is
feature complete.

Announcement here:
https://www.graylog.org/blog/50-announcing-graylog-v2-0-beta-1

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nmZiyjkGPvK23uTCyFsR7G3oUvNG%2Bux_61%3DmzWBRD7VOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.3.4 has been released and contains an important security fix

2016-03-19 Thread Lennart Koopmann 
Hi everyone,

we just released Graylog v1.3.4, which contains an important security
fix. Read more in the release notes and upgrade:

* https://www.graylog.org/blog/49-graylog-1-3-4-is-now-available

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nkcRxVJUo-xes%3DzqBtbqGDndQTv1qoYN1tSAtFr3vDGeA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v2.0-alpha.5 has been released

2016-03-04 Thread Lennart Koopmann 
Hi everyone,

I am happy to announce that we have just released alpha.5 of Graylog
v2.0 and it includes especially exciting new features.

You can find the announcement blog post here:
https://www.graylog.org/blog/48-fifth-alpha-of-graylog-v2-0-released-with-message-processor-pipeline-and-collector-sidecar

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nnWVdjH%3D4ehRC23DjPzf6RMKoGV1hVAOJSrQcfJ2XMhDA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] First alpha of Graylog v2.0 has been released

2016-02-03 Thread Lennart Koopmann 
Hey everyone,

we have just released the first alpha of Graylog v2.0. Please note
that his alpha is by far not feature complete but the big
architectural changes we made need early testing.

Announcement: 
https://www.graylog.org/blog/42-announcing-v2-0-alpha-welcome-to-the-new-graylog

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nkkY3TiPzkJHAGmeszaKOgr0q_K9HXy6VpQ%2Bcmyeb-nRw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.3.1 has been released

2015-12-17 Thread Lennart Koopmann 
Hey everybody,

we have just released Graylog v1.3.1:

  * https://www.graylog.org/graylog-1-3-1-is-now-available/

This is a pure bugfix release.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nkh2_k8Gvr1YCuauYqHhMMUwU3RA9adHO2EUdcUZ0yt%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Syslog Logs from Linksys Accesspoint with DD-WRT not shown

2015-09-25 Thread Lennart Koopmann 
That is not valid syslog. Try sending the messages to a raw/plaintext
input instead and see if they appear.

On Thu, Sep 24, 2015 at 9:31 PM,   wrote:
> I figured out that the DD-WRT syslog sends logs in UTC, despite setting the
> timezone.
>
> However, the logs should still show up.
>
> Here is a sample. (wifi is the hostname)
>
> Sep 24 20:24:18 wifi user.info : snmpd : SNMP daemon successfully started
> Sep 24 20:24:26 wifi user.info : NAS : NAS lan (wl0 interface) successfully
> started
> Sep 24 20:24:26 wifi user.info : NAS : NAS lan (wl1 interface) successfully
> started
> Sep 24 20:24:26 wifi user.info : klogd : kernel log daemon successfully
> stopped
> Sep 24 20:24:26 wifi kern.notice kernel: klogd: exiting
> Sep 24 20:24:26 wifi user.info : resetbutton : resetbutton daemon
> successfully stopped
> Sep 24 20:24:26 wifi user.info : reset button : resetbutton daemon
> successfully started
> Sep 24 20:24:26 wifi user.info : syslogd : syslog daemon successfully
> stopped
> Sep 24 13:24:26 wifi syslog.info syslogd exiting
> Sep 24 13:24:26 wifi syslog.info syslogd started: BusyBox v1.23.2
> Sep 24 20:24:26 wifi kern.notice kernel: klogd started: BusyBox v1.23.2
> (2015-09-11 04:59:36 CEST)
> Sep 24 20:24:30 wifi kern.info kernel: br0: port 4(eth2) entered forwarding
> state
> Sep 24 20:24:30 wifi kern.info kernel: br0: port 3(eth1) entered forwarding
> state
> Sep 24 20:24:30 wifi kern.info kernel: br0: port 2(vlan2) entered forwarding
> state
> Sep 24 20:24:30 wifi kern.info kernel: br0: port 1(vlan1) entered forwarding
> state
> Sep 24 20:25:01 wifi kern.info kernel: nf_conntrack: automatic helper
> assignment is deprecated and it will be removed soon. Use the iptables CT
> target to attach helpers instead.
>
> On Thursday, September 24, 2015 at 2:20:12 PM UTC-7, Jochen Schalanda wrote:
>>
>> Hi,
>>
>> could you please provide some of those messages that DD-WRT is sending?
>>
>> Cheers,
>> Jochen
>>
>> On Thursday, 24 September 2015 22:27:59 UTC+2, js.l...@gmail.com wrote:
>>>
>>> I'm having the exact same problem.
>>>
>>> Timestamps of the log messages in DD-WRT and Graylog are all correct.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/f40692f6-49a3-4a13-a74e-48c40df731d8%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1n%3DOsO8zn66vQnHjj8hQvTAE-%2BFah65bwL2K%3D6%3DH-jhA6Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog inputs stopped yet still receiving syslogs

2015-09-25 Thread Lennart Koopmann 
Could it be that you have a message journal that is full of messages
that Graylog keeps processing? You can see the journal size in the
nodes overview and node details pages. It should be at 0.

On Thu, Sep 24, 2015 at 7:41 PM, Mark Estridge  wrote:
> Graylog 1.2.1 setup and all inputs are stopped, yet I am continuing to see
> current syslogs with a global search.  It is as if the STOP feature doesn't
> work.  System Overview indicates that there are no running inputs...yet I'm
> receiving on the order of ~12K messages per minute.
>
> Anyone else noting this behavior.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/ba8dffc3-99b0-4957-9f1f-f5454394dea6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nnPa_t__xd-m5evMsMAfWx4sWNwKD3y%3DSUa_bLODx29uA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.2 has been released

2015-09-15 Thread Lennart Koopmann 
Hey everybody,

we have just released the final version of Graylog v1.2. Find all
information and release notes in the announcement blog post:

 * 
https://www.graylog.org/announcing-graylog-1-2-ga-release-includes-30-new-features/

Thanks,
The Graylog team

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1n%3DAdEuWBcuRvOP2N1E6v_VxyH6EG3JSSxQCPGrO5E3KFQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.2-rc.4 has been released

2015-09-08 Thread Lennart Koopmann 
Hey everybody,

we just released Graylog v1.2-rc.4:
https://www.graylog.org/announcing-graylog-1-2-rc-4/

Please try it out and post all feedback to this mailing list.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CADRA1nm63BdbbDABhC8ss2GRyfZuMY4WqEPKvvccLuvsi9QHhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.1.5 has been released

2015-07-27 Thread Lennart Koopmann 
Hey everybody,

we released a new bugfix release today: Graylog v1.1.5. You can find
the release notes here:

  * https://www.graylog.org/graylog-1-1-5-released/

Cheers,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [SECURITY] Severe Elasticsearch security issues. Upgrade now!

2015-07-16 Thread Lennart Koopmann 
Elasticsearch recently released v1.7.0 and v1.6.1, which addresses
several severe security issues. We have tested Graylog v1.1.X with
Elasticsearch v1.6.1 and strongly recommend upgrading to Elasticsearch
v1.6.1.:

https://www.graylog.org/elasticsearch-security-fixes-upgrade-now/

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.1.3 has been released

2015-06-19 Thread Lennart Koopmann 
Hey everybody,

I am happy to announce that we just released Graylog v.1.1.3. This
release is addressing several bugs and brings numerous improvements:

  * https://www.graylog.org/graylog-v1-1-3-is-now-available/

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.1.2 has been released

2015-06-10 Thread Lennart Koopmann 
Hey everybody,

I am happy to announce that we just released Graylog v.1.1.2. This
release is addressing several bugs and brings numerous improvements:

  * https://www.graylog.org/graylog-v1-1-2-is-now-available/

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.1 GA has been released

2015-06-04 Thread Lennart Koopmann 
Hey everybody,

a quick heads up that we just released Graylog v1.1 GA:
https://www.graylog.org/graylog-1-1-is-now-generally-available/

Hope you like it!

Cheers,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.1-rc.3 has been released

2015-06-02 Thread Lennart Koopmann 
Happy to announce that we released the release candidate 3 of Graylog
v1.1: https://www.graylog.org/graylog-v1-1-rc3-is-now-available/

The final version of Graylog v1.1 is scheduled for Thursday at this
point in time. Give rc.3 a spin!

Cheers,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog v1.1.0-beta.2 is out

2015-05-20 Thread Lennart Koopmann 
We just released Graylog v1.1.0-beta.2:
https://www.graylog.org/graylog-1-1-beta-is-now-available/

It comes with huge UI/UX improvements and our own log shipper. Please
try it out!

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANN] Graylog v1.0 has been released

2015-02-19 Thread Lennart Koopmann 
We are very happy to announce that we released Graylog v1.0 today:

  https://www.graylog.org/announcing-graylog-v1-0-ga/

We'd like you all for the immense support we got over the last 5 1/2
years and look forward to build on top of this foundation now.

Cheers,
Lennart (In behalf of the whole Graylog, Inc team)

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Documentation Contribution for Graylog2 setup

2015-02-04 Thread Lennart Koopmann 
Thank you very much Brandon!

On Wed, Feb 4, 2015 at 2:34 PM, BKeep bk...@alias454studios.com wrote:
 Hi,

 I am not sure if this is the right place for this  I recently built a couple
 POC environments as a project for work trying to decide on a centralized
 logging stack and one of the things I ran into a lot of the time, was sparse
 documentation. One thing I noticed on the Installing Graylog2 on Linux
 page was mention of adding content for the prerequisite apps (Elasticsearch
 and MongoDB). I documented my elasticsearch/graylog2/rsyslog setup and would
 like to share. The setup is a complete start to finish walk-through of
 setting up a logging stack on NIX. I am putting this out there in hopes that
 it might be helpful to someone else. So far, it is ten parts and growing
 (overkill ...maybe). http://alias454.com/category/logging/. Please feel free
 to critique it and reuse anything you like on the Graylog site.

 Mostly the information is compiled from several different web sources and I
 plan on providing the links to some of the more valuable ones as I move
 forward.

 Regards,
 Brandon

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Input source override

2015-01-31 Thread Lennart Koopmann 
What type of input? Syslog? Raw? UDP/TCP?
Which Graylog version?

Thanks!

On Sat, Jan 31, 2015 at 3:30 PM, Rob Erix rob3...@gmail.com wrote:
 Hi.

 I would like to log syslog messages from my firewall. Messages are received
 just fine.
 Apparently because the first field in the message is date=x, Graylog
 defines the source as date=x.
 I set the option to override_source: Firewallname for my input in order to
 get a consistant name but it does not do anything.

 Did I got the idea wrong here?

 Thank you in advance for help.

 BR. Rob.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] AMQP support without gralog2-radio

2015-01-27 Thread Lennart Koopmann 
Graylog v1.0 (beta releases available already) will support GELF via
AMQP. The current stable releases require a custom msgpack format used
by graylog-radio.

I'm afraid that syslog via AMQP will not yet be supported though.

On Tue, Jan 27, 2015 at 5:39 PM, Avdhoot Dendge avdho...@gmail.com wrote:
 I am tying to is send log messages from syslog-ng --- AMQP --
 graylog2-server.  But i am geeting below error.

 2015-01-27T23:07:04.863Z WARN  [MessageInput] Codec
 org.graylog2.inputs.codecs.RadioMessageCodec@3995525d threw exception
 org.msgpack.MessageTypeException: Expected array, but got integer value
 at org.msgpack.unpacker.Accept.acceptInteger(Accept.java:45)
 at
 org.msgpack.unpacker.MessagePackUnpacker.readOneWithoutStack(MessagePackUnpacker.java:91)
 at
 org.msgpack.unpacker.MessagePackUnpacker.readOne(MessagePackUnpacker.java:73)
 at
 org.msgpack.unpacker.MessagePackUnpacker.readArrayBegin(MessagePackUnpacker.java:508)
 at
 org.graylog2.plugin.RadioMessage_$$_Template_617312372_0.read(RadioMessage_$$_Template_617312372_0.java)
 at
 org.msgpack.template.AbstractTemplate.read(AbstractTemplate.java:31)
 at org.msgpack.MessagePack.read(MessagePack.java:388)
 at org.msgpack.MessagePack.read(MessagePack.java:371)
 at
 org.graylog2.inputs.codecs.RadioMessageCodec.decode(RadioMessageCodec.java:54)
 at
 org.graylog2.plugin.inputs.MessageInput.processRawMessageFailFast(MessageInput.java:360)
 at
 org.graylog2.inputs.transports.AmqpConsumer$2.handleDelivery(AmqpConsumer.java:103)
 at
 com.rabbitmq.client.impl.ConsumerDispatcher$5.run(ConsumerDispatcher.java:140)
 at
 com.rabbitmq.client.impl.ConsumerWorkService$WorkPoolRunnable.run(ConsumerWorkService.java:85)
 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)


 I come across this issue. As per comment AMQP without graylog2 radio not
 supported yet.  is it still stand?

 Note:- not using graylog2-radio bcz wanted to reduce moving component stack.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] https with web interface

2015-01-14 Thread Lennart Koopmann 
Did you follow the section explanining how to set up HTTPs here?
https://www.graylog2.org/resources/documentation/setup/webinterface

On Mon, Jan 12, 2015 at 7:50 PM, Francois Desfosses
supercris...@gmail.com wrote:
 Hi, i have several questions, but ill start with this one first!

 i'm new to graylog2, installed and configured all that thing to get logs
 from AWS cloudtrail.

 all that part is working fine now, but now im trying to get to graylog2 in
 HTTPS protocol, doesnt not work at all... with that startup config, there is
 one process listening on port 9001, but it doesnt not work in HTTPS, it only
 works in HTTP...

 so, i need help, there is what i changed.

 /etc/init.d/graylog2-web

 # Some default settings.
 GRAYLOG2_WEB_HTTP_ADDRESS=0.0.0.0
 GRAYLOG2_WEB_HTTP_PORT=9000
 GRAYLOG2_WEB_HTTPS_PORT=9001
 GRAYLOG2_WEB_USER=graylog2-web

 start() {
 echo -n $Starting ${NAME}: 
 daemon --user=$GRAYLOG2_WEB_USER --pidfile=${PID_FILE} \
 nohup $GRAYLOG2_COMMAND_WRAPPER $CMD -Dconfig.file=${CONF_FILE} \
 -Dlogger.file=/etc/graylog2/web/logback.xml \
 -Dpidfile.path=$PID_FILE \
 -Dhttp.address=$GRAYLOG2_WEB_HTTP_ADDRESS \
 -Dhttp.port=$GRAYLOG2_WEB_HTTP_PORT \
 -Dhttps.port=$GRAYLOG2_WEB_HTTPS_PORT \
 -Dhttp.port=disabled \
 $GRAYLOG2_WEB_JAVA_OPTS $GRAYLOG2_WEB_ARGS 
 /var/log/graylog2-web/console.log 21 
 RETVAL=$?
 sleep 2
 [ $RETVAL = 0 ]  touch ${LOCKFILE}
 echo
 return $RETVAL
 }



 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Buffer Timeouts, GC taking longer than 1 second, how to diagnose?

2014-12-14 Thread Lennart Koopmann 
Hey,

this message makes me suspect that the issue here is a too slow ES setup:

2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout
reached. Not waiting any longer for writer threads to complete.

This will lead to messages queuing up in the graylog2-server heap,
leading to long GC times.

Can you check the IO load of your ES machine(s)? Also check your ES logs.

Thanks,
Lennart

On Sun, Dec 14, 2014 at 7:12 PM, Pete GS starpoin...@gmail.com wrote:
 Hi all, we're implementing Graylog2 here at work for general log
 monitoring/analysis as our Splunk license is limited and a bit expensive for
 what we need.

 I've got Graylog2 working very well in our test lab but once I put all our
 Production workload onto it it just doesn't seem to cope at all. I've just
 upgraded this morning to 0.92.1 but am still seeing the same issues with
 output buffer processor timeouts and garbage collection taking longer than 1
 second and is up to 30 - 40 seconds.

 The biggest issue I'm encountering is how to identify the cause of the
 issues. For example, how do I determine if Elasticsearch is the bottleneck?
 Or if it's simply not enough memory in the Graylog2 nodes?

 I've read a lot through the doco and I'm pretty sure I've done most if not
 all the right things, but this is all very new to me and noone else here
 knows anything about Elasticsearch etc. either.

 At the moment the two Graylog2 nodes are virtual machines on vSphere 5.5 but
 I'm running up a physical server to try replacing one of them just in case.

 Everything is running on CentOS 6.6 and is up to date and I'm using the
 provided openjdk 1.7. I did try Oracle Java 1.8 the other day on one node
 but it made no difference.

 Any tips I can get for troubleshooting and narrowing down the cause of the
 issue would be great.

 Here's a sample of what I constantly see in the Graylog2 logs:

 2014-12-15T11:01:29.413+10:00 WARN  [jvm] [bne3-0002las]
 [gc][old][1280][102] duration [25.2s], collections [1]/[25.3s], total
 [25.2s]/[1h], memory [14.8gb]-[14.7gb]/[15.3gb], all_pools {[young]
 [4.2gb]-[4.1gb]/[4.3gb]}{[survivor] [0b]-[0b]/[449mb]}{[old]
 [10.6gb]-[10.6gb]/[10.6gb]}
 2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout reached.
 Not waiting any longer for writer threads to complete.
 2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout reached.
 Not waiting any longer for writer threads to complete.
 2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout reached.
 Not waiting any longer for writer threads to complete.
 2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout reached.
 Not waiting any longer for writer threads to complete.
 2014-12-15T11:01:29.415+10:00 WARN  [NodePingThread] Did not find meta info
 of this node. Re-registering.
 2014-12-15T11:01:53.696+10:00 WARN  [jvm] [bne3-0002las]
 [gc][old][1281][103] duration [24s], collections [1]/[24.2s], total
 [24s]/[1h], memory [14.7gb]-[14.8gb]/[15.3gb], all_pools {[young]
 [4.1gb]-[4.1gb]/[4.3gb]}{[survivor] [0b]-[0b]/[449mb]}{[old]
 [10.6gb]-[10.6gb]/[10.6gb]}
 2014-12-15T11:01:53.697+10:00 WARN  [GarbageCollectionWarningThread] Last GC
 run with PS MarkSweep took longer than 1 second (last duration=24049
 milliseconds)
 2014-12-15T11:01:53.704+10:00 WARN  [NodePingThread] Did not find meta info
 of this node. Re-registering.
 2014-12-15T11:02:17.135+10:00 WARN  [jvm] [bne3-0002las]
 [gc][old][1282][104] duration [23.2s], collections [1]/[23.4s], total
 [23.2s]/[1.1h], memory [14.8gb]-[14.8gb]/[15.3gb], all_pools {[young]
 [4.1gb]-[4.2gb]/[4.3gb]}{[survivor] [0b]-[0b]/[449mb]}{[old]
 [10.6gb]-[10.6gb]/[10.6gb]}
 2014-12-15T11:02:17.135+10:00 WARN  [GarbageCollectionWarningThread] Last GC
 run with PS MarkSweep took longer than 1 second (last duration=23256
 milliseconds)
 2014-12-15T11:02:41.383+10:00 WARN  [GarbageCollectionWarningThread] Last GC
 run with PS MarkSweep took longer than 1 second (last duration=24136
 milliseconds)

 Here's the setup:

 2 x Graylog2 nodes - 12 CPU, 32GB RAM each, heap size set to 16GB
 3 x MongoDB nodes - 1 CPU, 2GB RAM, two are a replica set, one an arbiter
 3 x Elasticsearch nodes - 2 x dual hex core Intels with 72GB RAM, 2TB of SAN
 attached disk for indices, and these are what we class as active nodes.
 Indices are moved after 7 days to our archive node which has 8 CPU, 32GB
 and SAN attached disk for indices. We don't keep a replica of archive
 indices as speed of searching isn't an issue. Heap size of active nodes is
 32GB, archive node is 16GB
 2 x Graylog2 web server nodes

 We have an F5 load balancer in front of the web servers and Graylog2 nodes
 and we have 5 inputs. Two are Syslog UDP inputs, the other three are GELF
 UDP inputs.

 We're seeing something like up to 8000 messages per second but sustained is
 probably 4000 - 6000.

 Here's our graylog2.conf for the master node (censored where necessary):

 is_master = true
 node_id_file = /etc/graylog2/server/node-id

Re: [graylog2] Buffer Timeouts, GC taking longer than 1 second, how to diagnose?

2014-12-14 Thread Lennart Koopmann 
Check the CPU and memory usage first. If that looks okay, you can
check IO usage on most Linux distributions using this command:

iostat -x 1

Especially the iowait parameters are interesting.

On Sun, Dec 14, 2014 at 9:07 PM, Pete GS starpoin...@gmail.com wrote:
 Thanks Lennart, and yes that's what I initially thought also as it doesn't
 seem to matter what I do but we constantly see the output buffer processor
 timeouts.

 I've played with the settings for the buffers and it doesn't seem to resolve
 it.

 I'm not real good at Linux performance monitoring, so what
 tools/metrics/etc. would you suggest I look into to analyse the
 Elasticsearch nodes more thoroughly?

 I don't see any issues in the Elasticsearch logs.

 I also neglected to mention the Elasticsearch version but it is 1.4.1.

 On Monday, December 15, 2014 12:54:34 PM UTC+10, lennart wrote:

 Hey,

 this message makes me suspect that the issue here is a too slow ES setup:

 2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout
 reached. Not waiting any longer for writer threads to complete.

 This will lead to messages queuing up in the graylog2-server heap,
 leading to long GC times.

 Can you check the IO load of your ES machine(s)? Also check your ES logs.

 Thanks,
 Lennart

 On Sun, Dec 14, 2014 at 7:12 PM, Pete GS starp...@gmail.com wrote:
  Hi all, we're implementing Graylog2 here at work for general log
  monitoring/analysis as our Splunk license is limited and a bit expensive
  for
  what we need.
 
  I've got Graylog2 working very well in our test lab but once I put all
  our
  Production workload onto it it just doesn't seem to cope at all. I've
  just
  upgraded this morning to 0.92.1 but am still seeing the same issues with
  output buffer processor timeouts and garbage collection taking longer
  than 1
  second and is up to 30 - 40 seconds.
 
  The biggest issue I'm encountering is how to identify the cause of the
  issues. For example, how do I determine if Elasticsearch is the
  bottleneck?
  Or if it's simply not enough memory in the Graylog2 nodes?
 
  I've read a lot through the doco and I'm pretty sure I've done most if
  not
  all the right things, but this is all very new to me and noone else here
  knows anything about Elasticsearch etc. either.
 
  At the moment the two Graylog2 nodes are virtual machines on vSphere 5.5
  but
  I'm running up a physical server to try replacing one of them just in
  case.
 
  Everything is running on CentOS 6.6 and is up to date and I'm using the
  provided openjdk 1.7. I did try Oracle Java 1.8 the other day on one
  node
  but it made no difference.
 
  Any tips I can get for troubleshooting and narrowing down the cause of
  the
  issue would be great.
 
  Here's a sample of what I constantly see in the Graylog2 logs:
 
  2014-12-15T11:01:29.413+10:00 WARN  [jvm] [bne3-0002las]
  [gc][old][1280][102] duration [25.2s], collections [1]/[25.3s], total
  [25.2s]/[1h], memory [14.8gb]-[14.7gb]/[15.3gb], all_pools {[young]
  [4.2gb]-[4.1gb]/[4.3gb]}{[survivor] [0b]-[0b]/[449mb]}{[old]
  [10.6gb]-[10.6gb]/[10.6gb]}
  2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout
  reached.
  Not waiting any longer for writer threads to complete.
  2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout
  reached.
  Not waiting any longer for writer threads to complete.
  2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout
  reached.
  Not waiting any longer for writer threads to complete.
  2014-12-15T11:01:29.413+10:00 WARN  [OutputBufferProcessor] Timeout
  reached.
  Not waiting any longer for writer threads to complete.
  2014-12-15T11:01:29.415+10:00 WARN  [NodePingThread] Did not find meta
  info
  of this node. Re-registering.
  2014-12-15T11:01:53.696+10:00 WARN  [jvm] [bne3-0002las]
  [gc][old][1281][103] duration [24s], collections [1]/[24.2s], total
  [24s]/[1h], memory [14.7gb]-[14.8gb]/[15.3gb], all_pools {[young]
  [4.1gb]-[4.1gb]/[4.3gb]}{[survivor] [0b]-[0b]/[449mb]}{[old]
  [10.6gb]-[10.6gb]/[10.6gb]}
  2014-12-15T11:01:53.697+10:00 WARN  [GarbageCollectionWarningThread]
  Last GC
  run with PS MarkSweep took longer than 1 second (last duration=24049
  milliseconds)
  2014-12-15T11:01:53.704+10:00 WARN  [NodePingThread] Did not find meta
  info
  of this node. Re-registering.
  2014-12-15T11:02:17.135+10:00 WARN  [jvm] [bne3-0002las]
  [gc][old][1282][104] duration [23.2s], collections [1]/[23.4s], total
  [23.2s]/[1.1h], memory [14.8gb]-[14.8gb]/[15.3gb], all_pools {[young]
  [4.1gb]-[4.2gb]/[4.3gb]}{[survivor] [0b]-[0b]/[449mb]}{[old]
  [10.6gb]-[10.6gb]/[10.6gb]}
  2014-12-15T11:02:17.135+10:00 WARN  [GarbageCollectionWarningThread]
  Last GC
  run with PS MarkSweep took longer than 1 second (last duration=23256
  milliseconds)
  2014-12-15T11:02:41.383+10:00 WARN  [GarbageCollectionWarningThread]
  Last GC
  run with PS MarkSweep took longer than 1 second (last duration=24136
  milliseconds)
 
  Here's the setup:
 
  2 x

Re: [graylog2] Support for Elasticsearch 1.40

2014-11-21 Thread Lennart Koopmann 
Hey Josep,

The first RC of v0.92 was release today and supports Elasticsearch v1.4.0.

Cheers,
Lennart

On Thu, Nov 20, 2014 at 10:18 AM, Josep Maria Comas Serrano
josepmariaco...@gmail.com wrote:
 Hi, we've configured Graylog2 successfully, I wonder if there will be soon
 support for Elasticsearch 1.4.0?

 Great job,

 Best,

 JM

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Suggestion: Stream Schedules

2014-11-14 Thread Lennart Koopmann 
Hey Zi,

thanks for the suggestion! Can you elaborate your use case for this?

Thanks,
Lennart

On Fri, Nov 14, 2014 at 4:01 PM, Zi Dvbelju zidvbe...@gmail.com wrote:
 I have a quick suggestion for streams - implement optional schedules during
 which a stream can be active/paused. Would be an incredibly nice feature!

 Keep up the good work, absolutely loving Graylog2.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] New Graylog2 releases

2014-11-04 Thread Lennart Koopmann 
Hey everybody,

we just released Graylog2 v0.90.3, v0.91.3, v0.92.0-beta.1 and here
are the announcement blog posts with important changes, bugfixes and
new features:

 * 
http://www.graylog2.org/news/post/0007-graylog2-v0-90-3-and-v0-91-3-has-been-released
 * http://www.graylog2.org/news/post/0008-graylog2-v0-92-beta-1

Upgrade to v0.90.3 and v0.91.3 is recommended.

If you are running the v0.91 series that supports Elasticsearch v1.3
you should make sure to go to v0.91.3 with ES 1.3.4 because v1.3.2
contains a bug that can cause index corruption.

Thanks,
Lennart (on behalf of the whole team)

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Server fails to start

2014-10-22 Thread Lennart Koopmann 
Hey Mark,

can you post those Java errors/stacktraces?

Thanks,
Lennart

On Thu, Oct 23, 2014 at 12:10 AM, Mark Moorcroft plak...@gmail.com wrote:

 I rebooted my graylog2 box today and now I get the following:

 [root@graylog ~]# service graylog2-server start
 Starting graylog2-server:  [  OK  ]
 [root@graylog ~]# Exception in thread main java.lang.AssertionError: data
 were read beyond record size, check your serializer

 Followed by 2 pages of java errors.

 Anybody have any ideas?

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Correct view of log coming from any Cisco device

2014-10-22 Thread Lennart Koopmann 
Let your Cisco devices send to a Graylog2 Raw/Plaintext input and
use the Graylog2 extractors to parse the message.

On Wed, Oct 22, 2014 at 3:49 PM,  mbal...@gmail.com wrote:
 Hello everybody,

 First of all thnaks for exist!
 I
 ''ve just installed and configured a GreyLog2 server with success.
 It would be awesome if it could manage correctly logs sent from any Cisco
 devices.
 So I have a question for you:
 Is it possible to receive in a correct way the logs from Cisco devices with
 a clean
 (without third party software) installation?

 I've tested several solution found on internet like this (that it's seems
 more relevant in my modest opinion):
 --
 no service sequence-numbers
 no service timestamps log datetime msec
 no logging message-counter syslog
 logging origin-id hostname
 -

 but the result has no changed.

 Waitng for a kindly reply.

 Best Regards.


 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Situation with indices

2014-09-25 Thread Lennart Koopmann 
989.8mb. That looks like your change to 8g did not take effect. Can
you double check how you start the server and that the ENV variables
are actually taken into account?

On Wed, Sep 24, 2014 at 11:16 PM, Arie satyava...@gmail.com wrote:

  heap_max = 989.8mb



 On Wednesday, September 24, 2014 11:05:20 PM UTC+2, lennart wrote:

 Can you checkt that the change actually took effect by querying ES
 directly?

 curl -XGET http://localhost:9200/_nodes/stats/jvm?pretty=true
 ...
 heap_max : 990.7mb

 Thanks,
 Lennart

 On Wed, Sep 24, 2014 at 10:27 PM, Arie satya...@gmail.com wrote:
  Hi Lennart
 
  in the yml file there is 8192m configured for ES_HEAP_SIZE. at first i
  have
  foregotten the m,
  but now it is there and I can recalculated 4 out of 14 indices. Stil it
  goes
  out-of-memory tho.
 
  The server has 16GB, and no problem there.
 
 
 
  On Wednesday, September 24, 2014 9:53:36 PM UTC+2, lennart wrote:
 
  Hey Arie,
 
  loos like your ElasticSearch process is running out of memory. How
  much heap space did you allocate to it?
 
  Thanks,
  Lennart
 
  On Wed, Sep 24, 2014 at 9:34 PM, Arie satya...@gmail.com wrote:
   And ther is this error in ther server logfile for some indices:
  
   2014-09-24T21:07:15.736+02:00 INFO  [RebuildIndexRangesJob] Could not
   calculate range of index [graylog2_12]. Skipping.
   org.elasticsearch.action.search.SearchPhaseExecutionException: Failed
   to
   execute phase [query_fetch], all shards failed; shardFailures
   {[eUTBQqseT1mfR9rhU3OSRg][graylog2_12][0]:
  
  
   RemoteTransportException[[Graylog2-test][inet[/10.64.91.14:9300]][search/phase/query+fetch]];
   nested: QueryPhaseExecutionException[[graylog2_12][0]:
   query[ConstantScore(*:*)],from[0],size[1],sort[custom:timestamp:
  
  
   org.elasticsearch.index.fielddata.fieldcomparator.LongValuesComparatorSource@46977d73!]:
   Query Failed [Failed to execute main query]]; nested:
   ElasticSearchException[java.lang.OutOfMemoryError: Java heap space];
   nested:
   ExecutionError[java.lang.OutOfMemoryError: Java heap space]; nested:
   OutOfMemoryError[Java heap space]; }
   at
  
  
   org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:272)
   at
  
  
   org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$3.onFailure(TransportSearchTypeAction.java:224)
   at
  
  
   org.elasticsearch.search.action.SearchServiceTransportAction$7.handleException(SearchServiceTransportAction.java:324)
   at
  
  
   org.elasticsearch.transport.netty.MessageChannelHandler.handleException(MessageChannelHandler.java:181)
   at
  
  
   org.elasticsearch.transport.netty.MessageChannelHandler.handlerResponseError(MessageChannelHandler.java:171)
   at
  
  
   org.elasticsearch.transport.netty.MessageChannelHandler.messageReceived(MessageChannelHandler.java:123)
   at
  
  
   org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
   at
  
  
   org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
   at
  
  
   org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
   at
  
  
   org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
   at
  
  
   org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)
   at
  
  
   org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)
   at
  
  
   org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
   at
  
  
   org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
   at
  
  
   org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
   at
  
  
   org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
   at
  
  
   org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
   at
  
  
   org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
   at
  
  
   org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
   at
  
  
   org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
   at
  
  
   org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
   at
  
  
   org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
   at

Re: [graylog2] Re: Situation with indices

2014-09-24 Thread Lennart Koopmann 
Hey Arie,

loos like your ElasticSearch process is running out of memory. How
much heap space did you allocate to it?

Thanks,
Lennart

On Wed, Sep 24, 2014 at 9:34 PM, Arie satyava...@gmail.com wrote:
 And ther is this error in ther server logfile for some indices:

 2014-09-24T21:07:15.736+02:00 INFO  [RebuildIndexRangesJob] Could not
 calculate range of index [graylog2_12]. Skipping.
 org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to
 execute phase [query_fetch], all shards failed; shardFailures
 {[eUTBQqseT1mfR9rhU3OSRg][graylog2_12][0]:
 RemoteTransportException[[Graylog2-test][inet[/10.64.91.14:9300]][search/phase/query+fetch]];
 nested: QueryPhaseExecutionException[[graylog2_12][0]:
 query[ConstantScore(*:*)],from[0],size[1],sort[custom:timestamp:
 org.elasticsearch.index.fielddata.fieldcomparator.LongValuesComparatorSource@46977d73!]:
 Query Failed [Failed to execute main query]]; nested:
 ElasticSearchException[java.lang.OutOfMemoryError: Java heap space]; nested:
 ExecutionError[java.lang.OutOfMemoryError: Java heap space]; nested:
 OutOfMemoryError[Java heap space]; }
 at
 org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:272)
 at
 org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$3.onFailure(TransportSearchTypeAction.java:224)
 at
 org.elasticsearch.search.action.SearchServiceTransportAction$7.handleException(SearchServiceTransportAction.java:324)
 at
 org.elasticsearch.transport.netty.MessageChannelHandler.handleException(MessageChannelHandler.java:181)
 at
 org.elasticsearch.transport.netty.MessageChannelHandler.handlerResponseError(MessageChannelHandler.java:171)
 at
 org.elasticsearch.transport.netty.MessageChannelHandler.messageReceived(MessageChannelHandler.java:123)
 at
 org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at
 org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
 at
 org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)
 at
 org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)
 at
 org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
 at
 org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
 at
 org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
 at
 org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
 at
 org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
 at
 org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
 at
 org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
 at
 org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
 at
 org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
 at
 org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
 at
 org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
 2014-09-24T21:07:15.739+02:00 INFO  [RebuildIndexRangesJob] Done calculating
 index ranges for 15 indices. Took 132244ms.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit

Re: [graylog2] Re: Situation with indices

2014-09-24 Thread Lennart Koopmann 
Can you checkt that the change actually took effect by querying ES directly?

curl -XGET http://localhost:9200/_nodes/stats/jvm?pretty=true
...
heap_max : 990.7mb

Thanks,
Lennart

On Wed, Sep 24, 2014 at 10:27 PM, Arie satyava...@gmail.com wrote:
 Hi Lennart

 in the yml file there is 8192m configured for ES_HEAP_SIZE. at first i have
 foregotten the m,
 but now it is there and I can recalculated 4 out of 14 indices. Stil it goes
 out-of-memory tho.

 The server has 16GB, and no problem there.



 On Wednesday, September 24, 2014 9:53:36 PM UTC+2, lennart wrote:

 Hey Arie,

 loos like your ElasticSearch process is running out of memory. How
 much heap space did you allocate to it?

 Thanks,
 Lennart

 On Wed, Sep 24, 2014 at 9:34 PM, Arie satya...@gmail.com wrote:
  And ther is this error in ther server logfile for some indices:
 
  2014-09-24T21:07:15.736+02:00 INFO  [RebuildIndexRangesJob] Could not
  calculate range of index [graylog2_12]. Skipping.
  org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to
  execute phase [query_fetch], all shards failed; shardFailures
  {[eUTBQqseT1mfR9rhU3OSRg][graylog2_12][0]:
 
  RemoteTransportException[[Graylog2-test][inet[/10.64.91.14:9300]][search/phase/query+fetch]];
  nested: QueryPhaseExecutionException[[graylog2_12][0]:
  query[ConstantScore(*:*)],from[0],size[1],sort[custom:timestamp:
 
  org.elasticsearch.index.fielddata.fieldcomparator.LongValuesComparatorSource@46977d73!]:
  Query Failed [Failed to execute main query]]; nested:
  ElasticSearchException[java.lang.OutOfMemoryError: Java heap space];
  nested:
  ExecutionError[java.lang.OutOfMemoryError: Java heap space]; nested:
  OutOfMemoryError[Java heap space]; }
  at
 
  org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:272)
  at
 
  org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$3.onFailure(TransportSearchTypeAction.java:224)
  at
 
  org.elasticsearch.search.action.SearchServiceTransportAction$7.handleException(SearchServiceTransportAction.java:324)
  at
 
  org.elasticsearch.transport.netty.MessageChannelHandler.handleException(MessageChannelHandler.java:181)
  at
 
  org.elasticsearch.transport.netty.MessageChannelHandler.handlerResponseError(MessageChannelHandler.java:171)
  at
 
  org.elasticsearch.transport.netty.MessageChannelHandler.messageReceived(MessageChannelHandler.java:123)
  at
 
  org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
  at
 
  org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
  at
 
  org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
  at
 
  org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296)
  at
 
  org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462)
  at
 
  org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443)
  at
 
  org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
  at
 
  org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
  at
 
  org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
  at
 
  org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
  at
 
  org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268)
  at
 
  org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255)
  at
 
  org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
  at
 
  org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
  at
 
  org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
  at
 
  org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
  at
 
  org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
  at
 
  org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
  at
 
  org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
  at
 
  java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
  at
 
  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
  at

Re: [graylog2] 443 as non-root?

2014-08-26 Thread Lennart Koopmann 
Another think to look at when on Ubuntu:
http://manpages.ubuntu.com/manpages/hardy/man1/authbind.1.html

On Tue, Aug 26, 2014 at 8:02 PM, Mark Moorcroft plak...@gmail.com wrote:

 I have read various strategies here to run the web interface with 443 access
 as non-root, such as iptables redirects etc. Apache and postfix both manage
 to run as non-root on low ports. So I was wondering if it's on the radar to
 allow this with GL2? I realize apache and postfix manage this trick through
 various hoops jumped through. But at the end of the day I wonder if you
 will eventually be able to install GL2 web with 443 enabled and it just
 works?

 privileged low port access discussion

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Can Graylog 2 show top 10 ip address

2014-07-12 Thread Lennart Koopmann 
On Fri, Jul 11, 2014 at 11:11 PM, Kay Röpke kroe...@gmail.com wrote:
 Unfortunately this is not possible on a dashboard yet, but we are
 looking to improve it for a future version.

Small correction: This is possible on dashboards. You can add any
quickvalue results to a dashboard with the little dashboard icon on
the top of the modal that pops up.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Can't get statistics for a more or less numeric field

2014-06-03 Thread Lennart Koopmann 
Hey Niklas,

you are right with your observations. The statistical analysis
requires the value to be stored as an integer (or another numeric
type) in the index to work. If the used GELF library is not able to
send numeric type you'll have to use a fallback method: Extractors.
You can use an extractor (Type: Copy Input) to copy the whole input of
the field count and apply a numeric converter on it. This will store
it as an integer in your case.

Note that you might have to manually cycle the deflector (System -
Indices - Maintenance dropdown menu) to enforce a new mapping or
ElasticSearch will try to be smart and convert the integer back to a
string because it has the field count mapped as a string.

The field line is indeed handled specifically but is deprecated in
the current GELF specs.

Greetings from the other side of Hafencity,
Lennart

On Tue, Jun 3, 2014 at 3:42 PM, Niklas Grebe niklas.gr...@innogames.com wrote:
 Hey folks,

 first of all thanks - you’re doing a great job with Graylog2!

 We’re sending messages via gelfj to a gl2 udp input stream for gelf
 messages. A raw message looks like this:
 {host:my.host,_customField1:it,full_message: (test:it)
 31,short_message: (test:it)
 31,line:53,version:1.0,_customField2:test,timestamp:1401796573.67,_type:stats,_thread:main,level:6,facility:test_facility,file:Logger.java,_count:31,_timestampMs:1401796573670”}

 _count is a custom field which has a aggregated count in it. The web
 interface says to this field ”Statistical analysis is only available for
 numeric field types.” which seems to be right because we can see in the tcp
 dump that there are quotes around this field. In gelfj there is a method for
 extended fields which casts them toString:
 https://github.com/t0xa/gelfj/blob/8ca278c0ea0f2ac9cd6db03e55f27631f4571002/src/main/java/org/graylog2/log/GelfConsoleAppender.java#L100
 So there is no proper way to extend fields to gelf which are numeric with
 this library, or did i missed something? I know that this is more or less a
 problem with gelfj but it’s in the first place in the library list for gelf
 logger on the graylog webpage: http://graylog2.org/gelf#libraries and i also
 found something interesting: The normal field line (which is also sended via
 double quotes like a string) is interpreted as a integer and we can do
 statistics with this field. Is this a special exception in the graylog2
 webui just for the line field in gelf messages?



 Greetings,
 Niklas

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog2 v0.20.2 has been released

2014-05-23 Thread Lennart Koopmann 
Hey everybody,

the final release of Graylog2 v0.20.2 has arrived:
http://blog.graylog2.org/graylog2-v0-20-2-has-been-released/

A big thank you to the TORCH team. We put a lot of effort into this
release and will follow up with a v0.21.0 that brings ElasticSearch
v1.x support.

Thank you very much,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] The Graylog2 extractor directory

2014-05-20 Thread Lennart Koopmann 
Hey everybody,

we are happy to announce that we released the Graylog2 extractor
directory today. With the most recent release of Graylog2 allowing
importing/exporting of extractor configurations this directory is a
first big step forward to supporting all common vendor log formats out
there.

Read the intro blog post here:
http://blog.graylog2.org/the-graylog2-extractor-directory-parsing-vendor-logs-solved/

Do you have any extractor configs that you'd like to share?

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] [ANNOUNCE] Graylog2 v0.20.2-rc.1 has been released

2014-05-07 Thread Lennart Koopmann 
Hey everybody,

I am happy to announce that we released the first RC version of
Graylog2 v0.20.2:

http://blog.torch.sh/graylog2-v0-20-2-rc-1-has-been-released/

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Hi , I installed Graylog2 and configure a cisco switch to send the log to graylog, after that start strange behaivor. HELP!!!

2014-05-07 Thread Lennart Koopmann 
Cisco is usually not sending valid RFC syslog and the parsing fails. What
device is sending this? Can you post (full, non-parsed) example messages?


On Wed, May 7, 2014 at 1:57 PM, Washington Gomez
washingtongo...@gmail.comwrote:


 https://lh6.googleusercontent.com/-sMBx3Id-Yc4/U2ofgBLPJII/TH8/pgn1EgGbctI/s1600/Dibujo.PNG

  --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] MasterCache filling up

2014-05-07 Thread Lennart Koopmann 
Thanks for the update Tyler!

On Wed, May 7, 2014 at 12:04 AM, Tyler Bell ty...@appliedtrust.com wrote:
 I think I just found the issue. I thought we had a box big enough to run the
 Graylog2 server, plus Web Interface, but we had a bunch of Steams enabled
 recently. We disabled them to see what would happen and we came back to full
 processing capacity (~1750 msg/s). I'm suggesting that we get a separate box
 for the web interface now.


 On Tuesday, May 6, 2014 12:53:44 PM UTC-6, Tyler Bell wrote:

 There are no ES errors. Cluster Health is Green. I see data being added to
 my /data partition. Is there a way to see what else ES could be doing that
 would force Graylog to only process 1/3 of the logs it was processing a week
 ago?

 {
   cluster_name : X,
   status : green,
   timed_out : false,
   number_of_nodes : 3,
   number_of_data_nodes : 2,
   active_primary_shards : 320,
   active_shards : 320,
   relocating_shards : 0,
   initializing_shards : 0,
   unassigned_shards : 0
 }


 On Tuesday, May 6, 2014 12:29:53 PM UTC-6, lennart wrote:

 Can you check your ElasticSearch logs for errors? I am pretty sure it
 is the reason.

 On Tue, May 6, 2014 at 5:57 PM, Tyler Bell ty...@appliedtrust.com
 wrote:
  I'm having an issue with Graylog continuously falling behind with log
  processing, and the MasterCache filling up til the 10G of Heap Space
  maxes
  out and crashes. The really weird thing is that a week ago, everything
  was
  processing fine and I was taking between 1500-2000 msg/s. Now I barely
  get
  over 500-750 msg/s. I don't think ElasticSearch is the issue because
  none of
  the OutputCache or Buffer is increasing.
 
  I'm wondering if it has something to do with this: Number of indices
  (80)
  higher than limit (20). Running retention for 60 indices. It doesn't
  look
  like Graylog is properly rotating indexes and running this retention
  instead.
 
  After restarting graylog2 and emptying cache...
  [util][caches][2014-05-06T08:46:04.850-07:00] InputCache size: 5758
  [util][caches][2014-05-06T08:46:04.850-07:00] OutputCache size: 0
  [util][buffers][2014-05-06T08:46:04.850-07:00] OutputBuffer is at 0.0%.
  [0/2048]
  [util][buffers][2014-05-06T08:46:04.850-07:00] ProcessBuffer is at
  33.251953%. [681/2048]
  [util][heap][2014-05-06T08:46:04.850-07:00] Used memory (MB): 1465
  [util][heap][2014-05-06T08:46:04.850-07:00] Free memory (MB): 8330
  [util][heap][2014-05-06T08:46:04.850-07:00] Total memory (MB): 9814
  [util][heap][2014-05-06T08:46:04.850-07:00] Max memory (MB): 9814
  [util][written][2014-05-06T08:46:04.850-07:00] Messages written to all
  outputs: 1561
 
 
  After MasterCache fills up a bit
  [util][caches][2014-05-06T08:42:18.109-07:00] InputCache size: 2487587
  [util][caches][2014-05-06T08:42:18.109-07:00] OutputCache size: 0
  [util][buffers][2014-05-06T08:42:18.109-07:00] OutputBuffer is at 0.0%.
  [0/2048]
  [util][buffers][2014-05-06T08:42:18.109-07:00] ProcessBuffer is at
  40.429688%. [828/2048]
  [util][heap][2014-05-06T08:42:18.109-07:00] Used memory (MB): 6392
  [util][heap][2014-05-06T08:42:18.109-07:00] Free memory (MB): 3736
  [util][heap][2014-05-06T08:42:18.109-07:00] Total memory (MB): 10129
  [util][heap][2014-05-06T08:42:18.109-07:00] Max memory (MB): 10129
  [util][written][2014-05-06T08:42:18.109-07:00] Messages written to all
  outputs: 3100
 
 
  ES Node config: (GLNode0 is the Graylog server). I know mlockall is
  false,
  and is configured to be true, but these are virtualized servers and
  there
  are some issues there.
 
  {
ok : true,
cluster_name : Graylog2,
nodes : {
  X.X.X.X : {
name : GLNode1,
transport_address : inet[/X.X.X.X:9300],
hostname : X.X.X.X,
version : 0.90.10,
http_address : inet[/X.X.X.X:9200],
attributes : {
  master : true
},
process : {
  refresh_interval : 1000,
  id : 1611,
  max_file_descriptors : 32000,
  mlockall : false
}
  },
  X.X.X.X : {
name : GLNode0,
transport_address : inet[/X.X.X.X:9350],
hostname : X.X.X.X,
version : 0.90.10,
attributes : {
  client : true,
  data : false,
  master : false
},
process : {
  refresh_interval : 1000,
  id : 28382,
  max_file_descriptors : 4096,
  mlockall : false
}
  },
  X.X.X.X : {
name : GLNode2,
transport_address : inet[/X.X.X.X:9300],
hostname : X.X.X.X,
version : 0.90.10,
http_address : inet[/X.X.X.X:9200],
attributes : {
  master : false
},
process : {
  refresh_interval : 1000,
  id : 4508,
  max_file_descriptors : 32000,
  mlockall : false
}
  }
}
  }
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group

Re: [graylog2] Zookeeper client timeout

2014-05-07 Thread Lennart Koopmann 
Looks like your systems are just overloaded and you need faster
hardware or a scale out on more machines.

On Tue, May 6, 2014 at 4:13 PM, Yossi Nachum nachum...@gmail.com wrote:
 Hi,

 I am trying to run the following graylog2 system:

 server1: graylog2-server-v0.21 + graylog2-radio-v0.20 + kafka + graylog2-web

 server2: elasticsearch

 when I am sending a lot of log messages (~20K per second) the lag in the
 kafka server start to increase and then I get the following messages in
 zookeeper log:

 [2014-05-05 17:27:13,144] INFO Accepted socket connection from
 /127.0.0.1:38581(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,144] INFO Accepted socket connection from
 /127.0.0.1:38582(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,144] INFO Client attempting to renew session
 0x145ccf8c9a00174 at
 /127.0.0.1:38582(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,145] INFO Invalid session 0x145ccf8c9a00174 for client
 /127.0.0.1:38582, probably expired
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,145] INFO Closed socket connection for client
 /127.0.0.1:38582 which had sessionid 0x145ccf8c9a00174
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,148] INFO Client attempting to renew session
 0x145ccf8c9a00175 at
 /127.0.0.1:38581(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,148] INFO Invalid session 0x145ccf8c9a00175 for client
 /127.0.0.1:38581, probably expired
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,148] INFO Closed socket connection for client
 /127.0.0.1:38581 which had sessionid 0x145ccf8c9a00175
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,161] INFO Accepted socket connection from
 /127.0.0.1:38586(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,172] INFO Client attempting to establish new session at
 /127.0.0.1:38586(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,173] INFO Accepted socket connection from
 /127.0.0.1:38588(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,174] INFO Client attempting to establish new session at
 /127.0.0.1:38588(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,183] INFO Established session 0x145ccf8c9a00176 with
 negotiated timeout 6000 for client /127.0.0.1:38586
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:13,184] INFO Established session 0x145ccf8c9a00177 with
 negotiated timeout 6000 for client /127.0.0.1:38588
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:21,000] INFO Expiring session 0x145ccf8c9a00176, timeout
 of 6000ms exceeded (org.apache.zookeeper.server.ZooKeeperServer)

 [2014-05-05 17:27:21,000] INFO Expiring session 0x145ccf8c9a00177, timeout
 of 6000ms exceeded (org.apache.zookeeper.server.ZooKeeperServer)

 [2014-05-05 17:27:21,001] INFO Processed session termination for sessionid:
 0x145ccf8c9a00176 (org.apache.zookeeper.server.PrepRequestProcessor)

 [2014-05-05 17:27:21,001] INFO Processed session termination for sessionid:
 0x145ccf8c9a00177 (org.apache.zookeeper.server.PrepRequestProcessor)

 [2014-05-05 17:27:21,002] INFO Closed socket connection for client
 /127.0.0.1:38586 which had sessionid 0x145ccf8c9a00176
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:21,004] INFO Closed socket connection for client
 /127.0.0.1:38588 which had sessionid 0x145ccf8c9a00177
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,146] INFO Accepted socket connection from
 /127.0.0.1:38760(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,146] INFO Accepted socket connection from
 /127.0.0.1:38761(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,146] INFO Client attempting to renew session
 0x145ccf8c9a00176 at
 /127.0.0.1:38760(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,147] INFO Invalid session 0x145ccf8c9a00176 for client
 /127.0.0.1:38760, probably expired
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,147] INFO Client attempting to renew session
 0x145ccf8c9a00177 at
 /127.0.0.1:38761(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,147] INFO Invalid session 0x145ccf8c9a00177 for client
 /127.0.0.1:38761, probably expired
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,148] INFO Closed socket connection for client
 /127.0.0.1:38760 which had sessionid 0x145ccf8c9a00176
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,148] INFO Closed socket connection for client
 /127.0.0.1:38761 which had sessionid 0x145ccf8c9a00177
 (org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,151] INFO Accepted socket connection from
 /127.0.0.1:38762(org.apache.zookeeper.server.NIOServerCnxn)

 [2014-05-05 17:27:56,173] INFO Client attempting to establish new session at
 /127.0.0.1:38762(org.apache.zookeeper.server.NIOServerCnxn)

Re: [graylog2] No search bar for non admin users

2014-04-29 Thread Lennart Koopmann 
A better user group model will be included in future versions. You
actually don't have to patch anything to make this work for your
setup. Take a look at the permission related API calls to solve this
programatically. Note however that this is not documented and not
really supported by us until we have the the new user group model
implemented.

On Mon, Apr 28, 2014 at 5:12 PM, Kapil Nimje kapil.ni...@gmail.com wrote:
 Hi,

 I am using Graylog2 for our project for Log management. We are using
 graylog2-server-0.20.1 and graylog2-web-interface-0.20.1. I have added the
 patch in the code RestPemission.java class for reading the additional
 permissions i.e. SEARCHES_ABSOLUTE, SEARCHES_KEYWORD, SEARCHES_RELATIVE.
 With this change I am able to see the search bar for non admin users in the
 graylog web interface.

 Now, I wanted to confirm that, does this accepted in the mainline Graylog2
 code base? otherwise we need to maintain this patch relative to upstream on
 an ongoing basis.
 Do we have any ETA for adding this feature in the newer version?

 Also, I have gone through the issue mentioned for #620.
 https://github.com/Graylog2/graylog2-web-interface/issues/620

 Thanks
 Kapil

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylogweb no_proxy

2014-04-23 Thread Lennart Koopmann 
Seems like you have enabled SSL for the email transport but port 25
doesn't sound like you actually want to use SSL.

Set transport_email_use_ssl to false in your graylog2.conf

On Wed, Apr 23, 2014 at 7:21 PM, Miguel Cruz toky.c...@gmail.com wrote:
 Here is output from graylog2.log file:

 [root@awslxgrayuted01 log]# tailf graylog2.log

 at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:484)

 at
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)

 at
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)

 at
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)

 at
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)

 at
 com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)

 at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:354)

 at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:211)

 at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1927)

 ... 58 more

 2014-04-23 13:16:07,468 ERROR:
 org.graylog2.rest.resources.streams.alerts.StreamAlertResource - Sending
 dummy alert failed: {}

 org.apache.commons.mail.EmailException: Sending the email to the following
 server failed : localhost:25

 at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1410)

 at org.apache.commons.mail.Email.send(Email.java:1437)

 at org.graylog2.alerts.AlertSender.sendEmail(AlertSender.java:106)

 at org.graylog2.alerts.AlertSender.sendEmails(AlertSender.java:64)

 at
 org.graylog2.rest.resources.streams.alerts.StreamAlertResource.sendDummyAlert(StreamAlertResource.java:355)

 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

 at java.lang.reflect.Method.invoke(Method.java:597)

 at
 org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)

 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)

 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)

 at
 org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)

 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)

 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:402)

 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:349)

 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106)

 at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259)

 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)

 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)

 at org.glassfish.jersey.internal.Errors.process(Errors.java:315)

 at org.glassfish.jersey.internal.Errors.process(Errors.java:297)

 at org.glassfish.jersey.internal.Errors.process(Errors.java:267)

 at
 org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318)

 at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236)

 at
 org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1010)

 at
 org.graylog2.jersey.container.netty.NettyContainer.messageReceived(NettyContainer.java:275)

 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

 at
 org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142)

 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)

 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)

 at
 org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)

 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)

 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)

 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

 at

Re: [graylog2] Decoding a GELF packet payload with Wireshark?

2014-04-23 Thread Lennart Koopmann 
Hey Wiley,

the GELF payload is either GZIP or ZLIB compressed or even completely
uncompressed. Maybe that helps?

Chunked GELF packages need to be decoded and re-assembled to read all
the information in them of course. You can learn more about that here:
http://graylog2.org/gelf

(However you can configure your GELF sending clients to never chunk
and avoid this decoding problem)

Cheers,
Lennart

On Wed, Apr 23, 2014 at 10:18 PM, Wiley Sanders wsand...@gmail.com wrote:
 Howdy,

 Has anybody done this? The GELF payload is not human readable.

 The root problem is that I don't see a way to blacklist a host that suddenly
 decides to send me 5000 GELF packets per second (100x normal traffic),
 except by blocking it by IP address using iptables. I can capture packets
 into a PCAP file and look at them with wireshark. From that I canget the
 probable IP address of the host, but te IP address is not in DNS and calls
 itself by a fake name in the GELF payload anyway.

 Once I can map the host name in GELF to an IP address, I can then block it
 with IP tables.

 Thanks,
 -w

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog2 wipes data after restart

2014-04-16 Thread Lennart Koopmann 
haha, thanks for those nice words :)

It looks like your setup is completely overloaded. Can you check the
IO, CPU and RAM usage?

On Wed, Apr 16, 2014 at 11:40 AM, Robson Eisinger papil...@gmail.com wrote:
 Hi guys, my first post here and yeah, I need some help, but first I want to
 say something positive about Graylog2: this piece of shit is amazing, is
 fast and reliable to find and cross information on our logs. =)

 In our installation, we are using the latest release of Graylog2 (v0.20.1),
 without graylog2-radio, just elasticsearch, the web interface and the
 graylog2-server (with mongo db).

 That said, we are having problem when we are forced to restart graylog,
 after a burst of information from one of our log sources (an email server).
 Basically, when one of our user account is compromised, the spammer sent a
 huge amount of messages and that generate a equally huge amount of logs
 entries and the graylog2 can't handle all the incoming data:

 2014-03-31 00:00:04,177 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,179 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,202 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,210 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,217 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,217 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [2] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,222 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,224 INFO :
 org.graylog2.periodical.DeflectorManagerThread - Number of messages in
 logstash_7 (5003723) is higher than the limit (500). Pointing
 deflector to new index now!
 2014-03-31 00:00:04,224 INFO : org.graylog2.indexer.Deflector - Cycling
 deflector to next index now.
 2014-03-31 00:00:04,224 INFO : org.graylog2.indexer.Deflector - Cycling from
 logstash_7 to logstash_8
 2014-03-31 00:00:04,224 INFO : org.graylog2.indexer.Deflector - Creating
 index target logstash_8...
 2014-03-31 00:00:04,229 ERROR: org.graylog2.indexer.Indexer - Failed to
 index [1] messages. Please check the index error log in your web interface
 for the reason.
 2014-03-31 00:00:04,233 ERROR:
 org.graylog2.periodical.DeflectorManagerThread - Couldn't point deflector to
 a new index

 Those log lines above goes until the next day when we restarted the server.
 Following the logs entries after we restarted. Notice that:  Index
 [logstash_3] is empty. Not calculating ranges.

 And GL2 consider only the logstash_8, to be honest, I'm kinda of lost here,
 for some reason GL2 lost the indexes from logstash 3 to 7, disk space wasn't
 the problem, my best guess is related to IO load, but we restarted after we
 mitigated the data burst. So thats why I'm here, how can I avoid the data
 wipe or what I'm missing?

 The rest of the log, a few lines before we restart until the restart process
 is over.

 2014-04-01 09:42:04,230 ERROR:
 org.graylog2.periodical.DeflectorManagerThread - Couldn't point deflector to
 a new index
 2014-04-01 09:42:05,438 ERROR:
 org.graylog2.rest.resources.system.ClusterResource - Node undefined not
 found.
 2014-04-01 09:42:06,476 ERROR:
 org.graylog2.rest.resources.system.ClusterResource - Node undefined not
 found.
 2014-04-01 09:42:07,515 ERROR:
 org.graylog2.rest.resources.system.ClusterResource - Node undefined not
 found.
 2014-04-01 09:42:08,552 ERROR:
 org.graylog2.rest.resources.system.ClusterResource - Node undefined not
 found.
 2014-04-01 09:42:09,586 ERROR:
 org.graylog2.rest.resources.system.ClusterResource - Node undefined not
 found.
 2014-04-01 09:42:14,223 INFO :
 org.graylog2.periodical.DeflectorManagerThread - Number of messages in
 logstash_7 (5003723) is higher tha
 n the limit (500). Pointing deflector to new index now!
 2014-04-01 09:42:14,223 INFO : org.graylog2.indexer.Deflector - Cycling
 deflector to next index now.
 2014-04-01 09:42:14,224 INFO : org.graylog2.indexer.Deflector - Cycling from
 logstash_7 to logstash_8
 2014-04-01 09:42:14,224 INFO : org.graylog2.indexer.Deflector - Creating
 index target logstash_8...
 2014-04-01 09:42:14,229 ERROR:
 org.graylog2.periodical.DeflectorManagerThread - Couldn't point deflector to
 a new index
 2014-04-01 09:42:24,224 INFO :
 org.graylog2.periodical.DeflectorManagerThread - Number of messages in
 logstash_7 (5003723) is

Re: [graylog2] trouble with search, getting strange results

2014-04-08 Thread Lennart Koopmann 
Please try searching for this: 1311-10013*

The other messages that are not found have a _ not a - after the
10013. I guess this is not being split automatically by the tokenizer.

On Tue, Apr 8, 2014 at 10:39 AM, Denny Gebel nomoresecr...@gmail.com wrote:
 Hi all,

 we have some serious problem with the search - maybe someone can give me a
 hint or solution. Currently we see this problem with vsftpd logs.

 Example:

 I am searching for a specific client IP (10.20.1.163). Result is like 100+
 messages. Resultset looks fine. See the most recent five messages below.

 Mon Apr 7 23:00:48 2014 [pid 26077] [username] OK UPLOAD: Client
 10.20.1.163, /somedir/OPC-1311-10013-20140407_230001-system.info, 26196
 bytes, 0.72Kbyte/sec
 Mon Apr 7 23:00:11 2014 [pid 26077] [username] OK UPLOAD: Client
 10.20.1.163, /somedir/1311-10013_something_20140407_22.xml, 1042
 bytes, 0.72Kbyte/sec
 Mon Apr 7 23:00:06 2014 [pid 25919] [username] OK LOGIN: Client
 10.20.1.163
 Mon Apr 7 23:00:05 2014 [pid 25920] CONNECT: Client 10.20.1.163
 Mon Apr 7 22:01:14 2014 [pid 27601] [username] OK UPLOAD: Client
 10.20.1.163, /somedir/1311-10013_something_20140407_21.xml, 1047
 bytes, 0.02Kbyte/sec


 Now I want to search for 1311-10013, which should me give at least(!) the
 three results from my search above. In fact, I'm getting ONLY one message as
 result.

 Mon Apr 7 23:00:48 2014 [pid 26077] [username] OK UPLOAD: Client
 10.20.1.163, /somedir/OPC-1311-10013-20140407_230001-system.info, 26196
 bytes, 0.72Kbyte/sec


 Logs are transferred with logstash from the ftp server. input = file, output
 = gelf. No filter etc. Graylog/Graylog-Web: 0.20.1


 Any suggestions? What am I doing wrong?


 Thanks,

 Denny

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Is it possible to do error tracking with graylog2?

2014-03-18 Thread Lennart Koopmann 
Sure, that's no problem! i suggest you take a look at GELF and send
structured log messages from your applications directly:
http://graylog2.org/gelf

On Tue, Mar 18, 2014 at 12:08 PM, Hannes123 eugen.f...@gmail.com wrote:
 Dear community,
 I am looking for a flexible solution to store user actions (specific clicks
 on UI elements) which can be tracked if an error occurs.
 So basically I need a sink for messages like (user_id:1, data:{...}), and
 errors (user_id:1, info:{...})
 which can be related to eachother in the web gui.

 would be great if this can be done with graylo2.

 Thank as log for any hint!



 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] 13 minutes of latency for syslog input

2014-03-18 Thread Lennart Koopmann 
Hey Raphaël,

the date is parsed from the syslog message. The local time of
graylog2-server is used if that fails for some reason. Please double
check that the hosts that run graylog2-server and
graylog2-web-interface have the correct local time or are actually NTP
synced. Take a look at the timestamp in the syslog message. Is that
one correct?

Thanks,
ÖLennart

On Mon, Mar 17, 2014 at 11:39 AM, Raphaël Berlamont
raphael.berlam...@raphux.com wrote:
 Hi list,

 I'm encountering a strange behavior :
 - messages that come into the syslog listener are only available 13-14
 minutes later in the search result (with a 13-14 minutes old dates).
 - messages that come into the GELF (UDP) listener are available right away.

 For example, for our firewalls stream, when I select Search in the last
 five minutes, the stream is always empty. If I search for The last 15
 minutes, I have plenty of results, but the newest is at best 13 minutes
 old.

 Every hosts are NTP synced.

 And to check that messages come correctly (I mean, on time), I launched a
 tshark that confirms that messages are received in real time on the graylog2
 host : no lag between the sender and graylog2 (and the dates in the syslog
 messages are correct, no lag).

 What can explain this huge latency ?

 Regards,
 --
 Raph

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] connection to graylog2-server

2014-03-18 Thread Lennart Koopmann 
Can you post your graylog2-web-interface and graylog2-server configs? Thanks.

On Tue, Mar 18, 2014 at 5:41 PM, Florian Gilson gils...@gmail.com wrote:
 Hi all

 I installed elasticsearch 0.90 and graylog2-server 0.20.1.
 But when i start the web interface i have a big problem : during 5 seconds
 it's write that there is one node connected and i can fill in my identifiant
 and the during 5 seconds it's write that there is 0 node connected and i
 can't fill in my identifiant and it always alternate like this. And even if
 i try to connect during the 5 second one node is connected i can't. In my
 graylog2-server.log there are nothing it wrote that graylog2 is up and
 running. Someone know how fix it?

 Thanks,

 Florian

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Can't add an alert receiver via API

2014-03-18 Thread Lennart Koopmann 
Looks to me like type and entity must be query parameters, not part of
the JSON body. You should however not get a NPE on that. Just fixed
that.

The API docs are completely missing indeed and that is something we
are working on. Good that you got started with it anyways.

Thanks! :)

On Tue, Mar 18, 2014 at 6:33 PM, Reuben Gow geuben...@gmail.com wrote:
 The following:

 url -s -XPOST -u admin:admin_password -H Content-Type: application/json
 -d '{type:users,entity:valid_username}'  http://graylog2
 IP:12900/streams/532852ede4b0c2a33cc6b7c7/alerts/receivers

 where that is a valid stream ID, causes a 500 error.

 java.lang.NullPointerException
 at
 org.graylog2.rest.resources.streams.alerts.StreamAlertResource.addReceiver(StreamAlertResource.java:274)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:601)
 at
 org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)
 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)
 at
 org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)
 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:402)
 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:349)
 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106)
 at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259)
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
 at
 org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318)
 at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236)
 at
 org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1010)
 at
 org.graylog2.jersey.container.netty.NettyContainer.messageReceived(NettyContainer.java:275)
 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at
 org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
 at
 org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
 at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
 at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
 at
 org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
 at
 org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
 at

Re: [graylog2] Weird things with logs. Sometimes more, sometimes less.

2014-03-17 Thread Lennart Koopmann 
Can you check your ElasticSearch logs for errors?

On Mon, Mar 17, 2014 at 1:38 PM, Dmitri Stoljarov
dmitri.stolja...@gmail.com wrote:

 Any news/ideas about issue with missing logs?



 On Thursday, March 13, 2014 10:16:03 AM UTC+2, Dmitri Stoljarov wrote:

 Hi,

 I don't have any drools or extractors configured.

 Here's debug output (http://dimka.ee/foo/gl2-0.20.1_debug_output.txt).
 Hope it helps somehow.

 I sent 5 events to graylog2 Gelf UDP input, but only 3 events were written
 to ES.

 regards,


 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Hosts Reported 652

2014-03-16 Thread Lennart Koopmann 
Yes: Send RFC compatible syslog. :) What device or daemon is sending
your data? Take a look at this guide from our docs if you are sending
with rsyslog: 
http://support.torch.sh/help/kb/getting-your-logs-into-graylog2/sending-with-rsyslog

On Sun, Mar 16, 2014 at 2:20 PM, Ahmad ahmad.sa...@gmail.com wrote:
 Hi,
 I am using graylog2 0.20.1 now and facing the problem in the source name.
 Is there any workaround to fix this?


 On Tuesday, November 12, 2013 4:48:26 PM UTC+3, lennart wrote:

 The soon to be released v0.20.0 is able to parse any plain text format
 using extractors. For earlier versions you need to use syslog messages
 that are strictly following the RFC. Do you have an example message
 for us? How are you sending the messages? From rSyslog for example?

 Thanks,
 Lennart

 On Tue, Nov 12, 2013 at 10:29 AM, Kay Röpke kro...@gmail.com wrote:
  Hi!
 
  This is a common problem when sending slightly different formats of
  syslog
  messages, where the syslog parser library would expect the host.
  syslog4j unfortunately has many of these problems :(
 
 
  On Tuesday, November 12, 2013 1:02:37 AM UTC+1, Clementous Clement
  wrote:
 
  Hello Fellow Gray's,
 
  I'm noticing an issue w/ the number of Hosts registered within the
  graylog2 web-interface. Looking that the objects. they appear to be
  session
  based, hosts. e.g. sshd {28932} or sudo {5467}. Is there a
  configuration
  item, I missed?
 
  i've attached a few screenshot for your viewing..
 
  Thanks in Advance,
 
 
 
  =-Clem!
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Exception occurs when performing a search

2014-03-14 Thread Lennart Koopmann 
You need to start with a clean MongoDB and ElasticSearch when
migrating from Graylog2 v0.1x to v0.2x. Sorry about that - There are
migration paths for any future version but the step to v0.20 was just
too big.

On Fri, Mar 14, 2014 at 4:07 PM, Terron Williams
mrterronwilli...@gmail.com wrote:
 Salutations Lennart,

 Thanks for your reply! I believe you are correct partner. I had an older
 installation on my system.
 Should I install the 0.20.1 fresh, or can I recover what I have?

 Cheers!

 Terron


 On Thursday, March 13, 2014 6:14:41 PM UTC-4, lennart wrote:

 Hey Terron,

 before we dig deeper into the issue: Could it be that you upgraded an
 old Graylog2 installation to the 0.20 series?

 Thanks,
 Lennart

 On Wed, Mar 12, 2014 at 4:45 PM, Terron Williams
 mrterron...@gmail.com wrote:
  Friends,
 
  I just installed graylog2-server-0.20.1  graylog2-web-interface-0.20.1,
  and
  when I perform a search from the Graylog web interface, I receive an
  exception. Please see below. Any ideas? Please forgive if this issue is
  previously known.
 
  Thanks much in advance!
 
  Terron
 
  Load line Up
  *graylog2-server-0.20.1
  *graylog2-web-interface-0.20.1
  *Linux version 2.6.32-431.5.1.el6.x86_64
  (mock...@c6b10.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat
  4.4.7-4) (GCC) ) #1 SMP Wed Feb 12 00:41:43 UTC 2014
  *java version 1.7.0_51
  *rpm -qpil elasticsearch-0.90.10.noarch.rpm
  *MongoDB version: 2.4.9
 
  //graylog2-server-0.20.1 config
 
  grep -v # /etc/graylog2.conf | egrep -v ^[[:space:]]*$
 
  *is_master = true
  *node_id_file = /etc/graylog2-server-node-id
  *password_secret =
 
  VrjK7vEqdABVMk93mDrW1WxcNzitWXOHzjJ3Mgzs6a3YnPqO5chfdn5xm7vtBAtxVl6jCilBXKLeIoV3rVNpNq7ZwTW0qjiY
  *root_password_sha2 =
  d2c3c5a9fa646162d110cda388a251171d65b4ddb1d74443c62fa7da6b56d31b
  * plugin_dir = plugin
  *rest_listen_uri = http://127.0.0.1:12900/
  *elasticsearch_max_docs_per_index = 2000
  *elasticsearch_max_number_of_indices = 20
  *retention_strategy = delete
  *elasticsearch_shards = 1
  *elasticsearch_replicas = 0
  *elasticsearch_index_prefix = graylog2
  *allow_leading_wildcard_searches = false
  *elasticsearch_cluster_name = elasticsearch
  *elasticsearch_analyzer = standard
  *output_batch_size = 5000
  *processbuffer_processors = 5
  *outputbuffer_processors = 5
  *processor_wait_strategy = blocking
  *ring_size = 1024
  *dead_letters_enabled = false
  *mongodb_useauth = false
  *mongodb_host = 127.0.0.1
  *mongodb_database = graylog2
  *mongodb_port = 27017
  *mongodb_max_connections = 100
  *mongodb_threads_allowed_to_block_multiplier = 5
  *transport_email_enabled = false
  *transport_email_hostname = mail.example.com
  *transport_email_port = 587
  *transport_email_use_auth = true
  *transport_email_use_tls = true
  *transport_email_use_ssl = true
  *transport_email_auth_username = y...@example.com
  *transport_email_auth_password = secret
  *transport_email_subject_prefix = [graylog2]
  *transport_email_from_email = gray...@example.com
 
  //graylog2-web-interface-0.20.1 config
 
  # grep -v #
 
  /root/Downloads/graylog2-web-interface-0.20.1/conf/graylog2-web-interface.conf
  | egrep -v ^[[:space:]]*$
 
  *graylog2-server.uris=http://127.0.0.1:12900/;
 
  *application.secret=gnBBVpVKWMoS2NlWBlQhcwPdeB3qJyK9f1axCLkYCOPAlDVV2ztkeNuOmfLxH2hziyBLwQbvLetZMM5LKTWhFRFM7CSzjNQE
  *field_list_limit=0
  *application.global=lib.Global
 
  //Starting graylog server
 
  tail -f graylog2-server.log
  at
 
  java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
   at java.lang.Thread.run(Thread.java:744)
  2014-03-11 14:21:54,191 INFO : org.graylog2.Main - Graylog2 0.20.1
  starting
  up. (JRE: Oracle Corporation 1.7.0_51 on Linux
  2.6.32-431.5.1.el6.x86_64)
  2014-03-11 14:21:54,662 INFO : org.graylog2.plugin.system.NodeId - Node
  ID:
  bcfdcd43-addc-451f-bca4-2d88852ccb09
   2014-03-11 14:21:54,664 INFO : org.graylog2.Core - No
  rest_transport_uri
  set. Falling back to [http://172.17.23.157:12900].
  2014-03-11 14:21:56,208 INFO : org.graylog2.buffers.ProcessBuffer -
  Initialized ProcessBuffer with ring size 1024 and wait strategy
  BlockingWaitStrategy.
   2014-03-11 14:21:56,228 INFO : org.graylog2.buffers.OutputBuffer -
  Initialized OutputBuffer with ring size 1024 and wait strategy
  BlockingWaitStrategy.
  2014-03-11 14:21:58,700 INFO : org.elasticsearch.node -
  [graylog2-server]
  version[0.90.10], pid[3171], build[0a5781f/2014-01-10T10:18:37Z]
   2014-03-11 14:21:58,700 INFO : org.elasticsearch.node -
  [graylog2-server]
  initializing ...
  2014-03-11 14:21:58,853 INFO : org.elasticsearch.plugins -
  [graylog2-server]
  loaded [], sites []
  2014-03-11 14:22:09,571 INFO : org.elasticsearch.node -
  [graylog2-server]
  initialized
   2014-03-11 14:22:09,571 INFO : org.elasticsearch.node -
  [graylog2-server]
  starting ...
  2014-03-11 14:22:09,711 INFO : org.elasticsearch.transport -
  [graylog2-server] bound_address

[graylog2] Guide for proper rsyslog Graylog2 configuration

2014-03-10 Thread Lennart Koopmann 
Just a quick heads up that we improved the documentation for rsyslog
Graylog2 configuration:
http://support.torch.sh/help/kb/getting-your-logs-into-graylog2/sending-with-rsyslog

This enforces RFC 5424 compliant messages, fixes problems with
timestamps and even brings you millisecond resolution.

Hope that is useful for somebody! We recommend using it for all your
rsyslog configurations and are happy to include your documentation for
other syslog daemons.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Permission denied to input on syslog port 514

2014-03-07 Thread Lennart Koopmann 
Address already in use - Something is already listening on that port.

On Thu, Mar 6, 2014 at 5:02 PM, Suresh Prajapati
er.sureshprajap...@gmail.com wrote:
 Hi ,

 I've started rsyslog on 12500 port . Its still saying it can not bind to
 that port for input

  An input has failed to start. a few seconds ago

 Input 53189bb60cf201071467bacd has failed to start on node
 aaa96817-0fc9-4759-a806-30cea824a926 for this reason: Could not bind syslog
 TCP input to address /0.0.0.0:12500, Failed to bind to: /0.0.0.0:12500,
 Address already in use. This means that you are unable to receive any
 messages from this input. This is mostly an indication for a
 misconfiguration or an error. You can click here to solve this



 On Thursday, 13 February 2014 18:48:29 UTC+5:30, lennart wrote:

 Great! Thanks for posting your solution.

 On Thu, Feb 13, 2014 at 1:48 PM, André Coelho coe...@gmail.com wrote:
  I'm configuring a switch that does not have the option to set other port
  for
  the destination log server, it only sends to port 514.
 
  I have tried authbind but it does not work with port 514
  I have tried setcap 'cap_net_bind_service=+ep' /usr/bin/java but it does
  not
  work
 
  Then finally using IPTABLES worked:
 
  iptables -A PREROUTING -t nat -i eth0 -p udp --dport 514 -j REDIRECT
  --to-port 10515
 
  Thanks for you help
 
 
  Em quarta-feira, 12 de fevereiro de 2014 17h14min51s UTC-2, lennart
  escreveu:
 
  You need to be root to bind sockets on ports =1024 on most *NIX
  systems. Either run graylog2-server as root (not recommended) or use a
  port higher than 1024.  You could also try to give the local user than
  runs graylog2-server permission to bind to those restricted ports, but
  usually just choosing a higher port is the easiest solution.
 
  On Wed, Feb 12, 2014 at 7:19 PM, André Coelho coe...@gmail.com wrote:
   Hi All
   I have this version of graylog installed on ubuntu 12.04:
   Graylog2-server (Current: 0.20-rc.1-1)
   Graylog2-web (Current: 0.20-rc.2)
   Graylog2-radio Current: 0.20-rc.2)
  
   When I try to add a global Syslog Input to listen on port 514 TCP or
   UDP
   (bind address: 0.0.0.0) the server gives this error:
   Input 52fbb0d5e4b0a4cfa9f30f88 has failed to start on node
   f728fbee-73f5-4a3a-a0f1-c10511eed089 for this reason: Could not bind
   UDP
   syslog input to address /0.0.0.0:514, Failed to bind to:
   /0.0.0.0:514,
   Permission denied. This means that you are unable to receive any
   messages
   from this input. This is mostly an indication for a misconfiguration
   or
   an
   error. You can click here to solve this
   And the log looks like this:
   2014-02-12 16:16:39,732 ERROR: org.graylog2.inputs.InputRegistry -
   The
   [org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID
   52fbba87e4b0f89aaac73a29 misfired. Reason: Could not bind UDP
   syslog
   input
   to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, Permission
   denied
  
  
   This looks like the user that graylog runs does not have permission
   to
   bind
   port 514.
  
   Someone knows how to fix this?
  
   Thanks
  
   --
   You received this message because you are subscribed to the Google
   Groups
   graylog2 group.
   To unsubscribe from this group and stop receiving emails from it,
   send
   an
   email to graylog2+u...@googlegroups.com.
   For more options, visit https://groups.google.com/groups/opt_out.
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Graylog2: mongodb_replica_set

2014-03-07 Thread Lennart Koopmann 
Try it out. :) Shutdown the master and see what happens. Graylog2
should handle that transparently and will be notified about the new
master.

On Thu, Mar 6, 2014 at 3:56 PM, Robert robertbeu...@gmail.com wrote:
 There are a lot of hits on Google for creating a three node replica set with
 MongoDB and using it for Graylog2. For more information:
 http://docs.mongodb.org/manual/core/replica-set-architecture-three-members/.
 I understand I can add the following line to graylog2.conf:

 mongodb_replica_set = host1:27017,host2:27017,host3:27017

 What I don't understand is how I should use this setting if I want to have a
 failover solution. Lets say the master host in the MongoDB replica set
 fails, a election starts between the two hosts that are left and a new
 master will be elected. How should Graylog2 know which node will become the
 master? This is of importance because the master is the only host that will
 accept write actions, or am I wrong here?

 Regards,
 Robert

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Stream alert with log messages?

2014-03-07 Thread Lennart Koopmann 
The alert functionality will be extended in the future and come with a
template based system. Thanks!

On Thu, Mar 6, 2014 at 4:34 PM, Marek Beneš ben...@gmail.com wrote:
 Hi,
 is there a way to configure Graylog2 v0.20.1 to send log messages that
 triggered alert? Currently I only get metadata such as

 Stream had 10 messages in the last 5 minutes with trigger condition more
 than 0 messages. (Current grace time: 5 minutes)

 ##
 Date: 2014-03-06T15:20:25.025Z
 Stream ID: 53188e2345ce1faac5398069
 Stream title: AppServer errors
 Stream rules: [StreamRuleImpl: {_id=53188ece45ce1faac539811d,
 field=facility, value=AppServer, stream_id=53188e2345ce1faac5398069,
 inverted=false, type=1}, StreamRuleImpl: {_id=53188edd45ce1faac539812e,
 field=level, value=4, stream_id=53188e2345ce1faac5398069, inverted=false,
 type=4}]
 Alert triggered at: 2014-03-06T15:20:25.024Z

 but what I really like is to get the list of log messages ;-)

 Thanks a lot,
 Marek

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: We expected HTTP 200, but got a HTTP 404

2014-03-07 Thread Lennart Koopmann 
Looks like your Graylog2 setup is completely overloaded or
misconfigured. Your graylog2-server log is full of errors that need to
be fixed. Start by checking the ElasticSearch logs for errors. Another
error makes it look like you have not NTP synchronised your host.
Please check that all system times of Graylog2 related hosts are in
sync.

On Thu, Mar 6, 2014 at 10:58 PM, Ryan Jones rjo...@aereo.com wrote:
 Anyone?


 On Wednesday, March 5, 2014 2:18:01 PM UTC-5, Ryan Jones wrote:

 Everything was working just fine. I haven't made any changes. now when I
 click on system or even sources I get this messsage. Here is a GIST of the
 full trace. https://gist.github.com/wolfman2g1/9372391  As far as I can tell
 GL server is still processing logs. I can also telnet to the GL server and
 it connects. Not sure what is going on here

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Graylog2 0.20.0 preview 2 Syslog UDP configuration

2014-03-07 Thread Lennart Koopmann 
Yes, you can just use the REST APIs to spawn new inputs
programatically. The Vagrant box is getting new inputs spawned
automatically on spin up already:
https://github.com/hggh/graylog2-vagrant/blob/master/modules/graylog2/files/create_graylog2_inputs_gelf

On Thu, Mar 6, 2014 at 6:17 PM, Robert Logan rlo...@qmetric.co.uk wrote:
 Thats fairly useless when you are using graylog in an automated setup.

 If I need to set it up with (the old) syslog_listen_port on 8140 then it was
 a simple config entry that could be added on build. Its not practical to
 build 10 environments with graylog and then have to log into 10 web
 interfaces to reconfigure.

 is there a rest endpoint that i can use to do this on?


 On Sunday, 13 October 2013 19:17:18 UTC+1, Kay Röpke wrote:

 Hi!

 We should have removed the configuration entries, sorry for that!

 You set up the inputs from within the web interface now. Once you are
 logged in, go to the System menu, choose Nodes from the right submenu.
 There on the graylog2 server node, go to the Action menu and choose
 Inputs. From there you can launch as many inputs as you want, on any port
 you want.
 For the privileged ports  1024 you have to the graylog2-server process as
 root, of course.

 Sorry for the confusion,

 Kay

 On Friday, October 11, 2013 7:45:08 PM UTC+2, Deepak Jagannath wrote:

 It looks like I have everything setup correctly. However I can't figure
 out what port, how to configure, or turn on the syslog udp port. I tried
 514, 9099, etc. I get connection refused from netcat so I think it's not
 listening. I'm trying from localhost.

 echo Hello Graylog2, let's be friends. | nc -w 1 -u 127.0.0.1 9099

 Here's my setup:
 Elastic Search 0.90.5-1 installed via RPM (RHEL)
 elasticsearch.yml
 cluster.name: graylog2
 node.master: true
 node.data: true

 Graylog2 Server 0.20.0 preview 2  installed via zip from Github.
 graylog2.conf
 is_master = true
 elasticsearch_index_prefix = graylog2
 elasticsearch_cluster_name = graylog2
 elasticsearch_node_name = graylog2-server
 elasticsearch_node_master = false
 elasticsearch_node_data = false

 Graylog2 Web 0.20.0 preview 2 installed via zip from Github

 Systems status
 System messages: Started up.
 ElasticSearch Cluster is green

 Elasticsearch logs
 graylog2.log
 [2013-10-11 17:35:32,034][INFO ][cluster.service  ] [Thundra]
 added
 {[graylog2-server][PLpmGkraTO6oCJjCHGbIOw][inet[/10.54.10.10:9350]]{client=true,
 data=false, master=false},}, reason: zen-disco-receive(join from
 node[[graylog2-server][PLpmGkraTO6oCJjCHGbIOw][inet[/10.54.10.10:9350]]{client=true,
 data=false, master=false}])

 Thanks,
 Deepak


 --

 The information in this email is confidential and may be legally privileged.
 It is intended solely for the addressee.  Access to this email by anyone
 else is unauthorised.  If you are not the intended recipient, any
 disclosure, copying, distribution or any action taken or omitted to be taken
 in reliance on it, is prohibited and may be unlawful.

 Policy Expert is a trading name of QMetric Group Limited who is authorised
 and regulated by the Financial Conduct Authority.  The registered company
 address of QMetric Group Limited is: 32-38 Dukes Place, London, EC3A 7LP and
 its company registration number is 07151701.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Permission denied to input on syslog port 514

2014-03-07 Thread Lennart Koopmann 
You are listening on port 12500 with both rsyslog and graylog2-server
on the same machine. That does not work and the error is telling you
that. Use different ports and you should be fine.

On Fri, Mar 7, 2014 at 2:30 PM, Suresh Prajapati
er.sureshprajap...@gmail.com wrote:
 Thanks Lennart for reply :)

 So this is what I've done

 1. Started rsyslog on machine on 12500.
 2. While configuring the graylog2 input mentioned the
  ip: 0.0.0.0
  port: 12500
 3.  then the error came.

 Another problem I got, I was trying to send my logs from my mac to graylog2
 but could not. Iv'e followed this guide
 http://support.torch.sh/help/kb/getting-your-logs-into-graylog2/sending-with-osx-syslogd

 Any help would be appreciated :)

 -suresh


 On Fri, Mar 7, 2014 at 6:51 PM, Lennart Koopmann lenn...@torch.sh wrote:

 Address already in use - Something is already listening on that port.

 On Thu, Mar 6, 2014 at 5:02 PM, Suresh Prajapati
 er.sureshprajap...@gmail.com wrote:
  Hi ,
 
  I've started rsyslog on 12500 port . Its still saying it can not bind to
  that port for input
 
   An input has failed to start. a few seconds ago
 
  Input 53189bb60cf201071467bacd has failed to start on node
  aaa96817-0fc9-4759-a806-30cea824a926 for this reason: Could not bind
  syslog
  TCP input to address /0.0.0.0:12500, Failed to bind to: /0.0.0.0:12500,
  Address already in use. This means that you are unable to receive any
  messages from this input. This is mostly an indication for a
  misconfiguration or an error. You can click here to solve this
 
 
 
  On Thursday, 13 February 2014 18:48:29 UTC+5:30, lennart wrote:
 
  Great! Thanks for posting your solution.
 
  On Thu, Feb 13, 2014 at 1:48 PM, André Coelho coe...@gmail.com wrote:
   I'm configuring a switch that does not have the option to set other
   port
   for
   the destination log server, it only sends to port 514.
  
   I have tried authbind but it does not work with port 514
   I have tried setcap 'cap_net_bind_service=+ep' /usr/bin/java but it
   does
   not
   work
  
   Then finally using IPTABLES worked:
  
   iptables -A PREROUTING -t nat -i eth0 -p udp --dport 514 -j REDIRECT
   --to-port 10515
  
   Thanks for you help
  
  
   Em quarta-feira, 12 de fevereiro de 2014 17h14min51s UTC-2, lennart
   escreveu:
  
   You need to be root to bind sockets on ports =1024 on most *NIX
   systems. Either run graylog2-server as root (not recommended) or use
   a
   port higher than 1024.  You could also try to give the local user
   than
   runs graylog2-server permission to bind to those restricted ports,
   but
   usually just choosing a higher port is the easiest solution.
  
   On Wed, Feb 12, 2014 at 7:19 PM, André Coelho coe...@gmail.com
   wrote:
Hi All
I have this version of graylog installed on ubuntu 12.04:
Graylog2-server (Current: 0.20-rc.1-1)
Graylog2-web (Current: 0.20-rc.2)
Graylog2-radio Current: 0.20-rc.2)
   
When I try to add a global Syslog Input to listen on port 514 TCP
or
UDP
(bind address: 0.0.0.0) the server gives this error:
Input 52fbb0d5e4b0a4cfa9f30f88 has failed to start on node
f728fbee-73f5-4a3a-a0f1-c10511eed089 for this reason: Could not
bind
UDP
syslog input to address /0.0.0.0:514, Failed to bind to:
/0.0.0.0:514,
Permission denied. This means that you are unable to receive any
messages
from this input. This is mostly an indication for a
misconfiguration
or
an
error. You can click here to solve this
And the log looks like this:
2014-02-12 16:16:39,732 ERROR: org.graylog2.inputs.InputRegistry -
The
[org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID
52fbba87e4b0f89aaac73a29 misfired. Reason: Could not bind UDP
syslog
input
to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514,
Permission
denied
   
   
This looks like the user that graylog runs does not have
permission
to
bind
port 514.
   
Someone knows how to fix this?
   
Thanks
   
--
You received this message because you are subscribed to the Google
Groups
graylog2 group.
To unsubscribe from this group and stop receiving emails from it,
send
an
email to graylog2+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
  
   --
   You received this message because you are subscribed to the Google
   Groups
   graylog2 group.
   To unsubscribe from this group and stop receiving emails from it,
   send
   an
   email to graylog2+u...@googlegroups.com.
   For more options, visit https://groups.google.com/groups/opt_out.
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+unsubscr...@googlegroups.com.
  For more options, visit https://groups.google.com/d/optout.

 --
 You received this message

Re: [graylog2] Re: Graylog2 0.20.0 preview 2 Syslog UDP configuration

2014-03-07 Thread Lennart Koopmann 
Let me know if you need anything else! :)

On Fri, Mar 7, 2014 at 2:33 PM, Robert Logan rlo...@qmetric.co.uk wrote:
 Thanks Lennart ... on a Friday - demo on Monday ... I can automate it :)


 Woop.


 On 7 March 2014 13:31, Lennart Koopmann lenn...@torch.sh wrote:

 Yes, you can just use the REST APIs to spawn new inputs
 programatically. The Vagrant box is getting new inputs spawned
 automatically on spin up already:

 https://github.com/hggh/graylog2-vagrant/blob/master/modules/graylog2/files/create_graylog2_inputs_gelf

 On Thu, Mar 6, 2014 at 6:17 PM, Robert Logan rlo...@qmetric.co.uk wrote:
  Thats fairly useless when you are using graylog in an automated setup.
 
  If I need to set it up with (the old) syslog_listen_port on 8140 then it
  was
  a simple config entry that could be added on build. Its not practical to
  build 10 environments with graylog and then have to log into 10 web
  interfaces to reconfigure.
 
  is there a rest endpoint that i can use to do this on?
 
 
  On Sunday, 13 October 2013 19:17:18 UTC+1, Kay Röpke wrote:
 
  Hi!
 
  We should have removed the configuration entries, sorry for that!
 
  You set up the inputs from within the web interface now. Once you are
  logged in, go to the System menu, choose Nodes from the right submenu.
  There on the graylog2 server node, go to the Action menu and choose
  Inputs. From there you can launch as many inputs as you want, on any
  port
  you want.
  For the privileged ports  1024 you have to the graylog2-server process
  as
  root, of course.
 
  Sorry for the confusion,
 
  Kay
 
  On Friday, October 11, 2013 7:45:08 PM UTC+2, Deepak Jagannath wrote:
 
  It looks like I have everything setup correctly. However I can't
  figure
  out what port, how to configure, or turn on the syslog udp port. I
  tried
  514, 9099, etc. I get connection refused from netcat so I think it's
  not
  listening. I'm trying from localhost.
 
  echo Hello Graylog2, let's be friends. | nc -w 1 -u 127.0.0.1 9099
 
  Here's my setup:
  Elastic Search 0.90.5-1 installed via RPM (RHEL)
  elasticsearch.yml
  cluster.name: graylog2
  node.master: true
  node.data: true
 
  Graylog2 Server 0.20.0 preview 2  installed via zip from Github.
  graylog2.conf
  is_master = true
  elasticsearch_index_prefix = graylog2
  elasticsearch_cluster_name = graylog2
  elasticsearch_node_name = graylog2-server
  elasticsearch_node_master = false
  elasticsearch_node_data = false
 
  Graylog2 Web 0.20.0 preview 2 installed via zip from Github
 
  Systems status
  System messages: Started up.
  ElasticSearch Cluster is green
 
  Elasticsearch logs
  graylog2.log
  [2013-10-11 17:35:32,034][INFO ][cluster.service  ] [Thundra]
  added
 
  {[graylog2-server][PLpmGkraTO6oCJjCHGbIOw][inet[/10.54.10.10:9350]]{client=true,
  data=false, master=false},}, reason: zen-disco-receive(join from
 
  node[[graylog2-server][PLpmGkraTO6oCJjCHGbIOw][inet[/10.54.10.10:9350]]{client=true,
  data=false, master=false}])
 
  Thanks,
  Deepak
 
 
 
  --
 
  The information in this email is confidential and may be legally
  privileged.
  It is intended solely for the addressee.  Access to this email by anyone
  else is unauthorised.  If you are not the intended recipient, any
  disclosure, copying, distribution or any action taken or omitted to be
  taken
  in reliance on it, is prohibited and may be unlawful.
 
  Policy Expert is a trading name of QMetric Group Limited who is
  authorised
  and regulated by the Financial Conduct Authority.  The registered
  company
  address of QMetric Group Limited is: 32-38 Dukes Place, London, EC3A 7LP
  and
  its company registration number is 07151701.
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+unsubscr...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to a topic in the
 Google Groups graylog2 group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/graylog2/JF_2asPyKtk/unsubscribe.
 To unsubscribe from this group and all its topics, send an email to
 graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.



 --

 The information in this email is confidential and may be legally privileged.
 It is intended solely for the addressee.  Access to this email by anyone
 else is unauthorised.  If you are not the intended recipient, any
 disclosure, copying, distribution or any action taken or omitted to be taken
 in reliance on it, is prohibited and may be unlawful.

 Policy Expert is a trading name of QMetric Group Limited who is authorised
 and regulated by the Financial Conduct Authority

[graylog2] [ANNOUNCE] Graylog2 v0.20.1 has been released

2014-02-24 Thread Lennart Koopmann 
We just released v0.20.1:

  * http://blog.torch.sh/graylog2-v0-20-1-has-been-released/

It brings an important bugfix, several improvements and a new feature:
Dead letter queues and indexer failure reporting.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] graylog-0.20 main.css is empty, /streams results in 500 (upgrade from 0.13)

2014-02-22 Thread Lennart Koopmann 
Yes! Your old data unfortunately is not compatible with the new
version. We did so many changes from 0.12 to 0.20 that we decided to
make a hard break and not build in any migrations or similar.

Future versions will of course ship with a proper migration path.

Starting with a clean ElasticSearch and MongoDB setup should fix your problems.

Thanks,
Lennart

On Fri, Feb 21, 2014 at 12:50 PM, sjon sjon.hortens...@gmail.com wrote:
 I just installed graylog-web-interface-0.20 and some things don't seem to
 work right. The interface looks a bit strange because
 /assets/stylesheets/main.css is empty (although the response-code is 200).
 Also; the /streams page is empty (with a 500 response-code). I cannot find
 any messages in the logfiles that help me any further. Can anyone help me
 debug this?

 This installation runs with a pre-0.20 elasticsearch  mongo database and I
 haven't taken any explicit migration steps; might that be the problem?

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] graylog2 server's elasticsearch settings

2014-02-22 Thread Lennart Koopmann 
On Fri, Feb 21, 2014 at 11:27 PM, Romeo Theriault
romeo.theria...@maine.edu wrote:
 Do these settings (e.g. shards, replicas, indices) over-ride the
 elasticsearch settings that I configure in elasticsearch's config
 file?

Yes! You do not need to use the ElasticSearch YML file at all if the
config available in graylog2.conf is enough. Usually that is the case
and we recommend using the ElasticSearch config only for experienced
users.

 From the graylog2 server's server.conf file I'm guessing that
 graylog2_server has an embedded version of elasticsearch. Is this
 correct?

Correct.

Thanks,
Lennart

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] How to use custom field value in field chart

2014-02-20 Thread Lennart Koopmann 
Hey Reginaldo,

select a field you want to chart from the sidebar, hit the little cog
and press Generate chart. Note that this is of course only possible
for numeric values.

You can also get the same data via the REST APIs, that is true. :)

Let me know if you need help with anything.

Thanks,
Lennart

On Wed, Feb 19, 2014 at 9:01 PM, Reginaldo Russinholi bagr...@gmail.com wrote:
 Hi,

 I'd like to generate a chart using a custom field value, that is inside the
 messages sent to Graylog2, but using Graylog Web Interface I see no way to
 do this.

 Is there a way to do this? Is it possible retrieve the custom field value
 searching 'fieldhistogram' by using the Graylog2 REST API?

 Regards,

 Reginaldo Russinholi

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] [ANNOUNCE] Graylog2 v0.20.0 has been released

2014-02-19 Thread Lennart Koopmann 
Hey everybody,

we are so happy to announce that we just released Graylog2 v0.20.0
after almost a full year of work.

You can find the release announcement page here:
http://graylog2.org/wow/such/0.20.0

With this as a foundation we'll be releasing regular updates with new
features based on the many requests we already got by you.

Thank you very much for helping us so much in the last months. You are awesome!

Have a great day,
Lennart (in behalf of the whole TORCH team)

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Permission denied to input on syslog port 514

2014-02-13 Thread Lennart Koopmann 
Great! Thanks for posting your solution.

On Thu, Feb 13, 2014 at 1:48 PM, André Coelho coe...@gmail.com wrote:
 I'm configuring a switch that does not have the option to set other port for
 the destination log server, it only sends to port 514.

 I have tried authbind but it does not work with port 514
 I have tried setcap 'cap_net_bind_service=+ep' /usr/bin/java but it does not
 work

 Then finally using IPTABLES worked:

 iptables -A PREROUTING -t nat -i eth0 -p udp --dport 514 -j REDIRECT
 --to-port 10515

 Thanks for you help


 Em quarta-feira, 12 de fevereiro de 2014 17h14min51s UTC-2, lennart
 escreveu:

 You need to be root to bind sockets on ports =1024 on most *NIX
 systems. Either run graylog2-server as root (not recommended) or use a
 port higher than 1024.  You could also try to give the local user than
 runs graylog2-server permission to bind to those restricted ports, but
 usually just choosing a higher port is the easiest solution.

 On Wed, Feb 12, 2014 at 7:19 PM, André Coelho coe...@gmail.com wrote:
  Hi All
  I have this version of graylog installed on ubuntu 12.04:
  Graylog2-server (Current: 0.20-rc.1-1)
  Graylog2-web (Current: 0.20-rc.2)
  Graylog2-radio Current: 0.20-rc.2)
 
  When I try to add a global Syslog Input to listen on port 514 TCP or UDP
  (bind address: 0.0.0.0) the server gives this error:
  Input 52fbb0d5e4b0a4cfa9f30f88 has failed to start on node
  f728fbee-73f5-4a3a-a0f1-c10511eed089 for this reason: Could not bind
  UDP
  syslog input to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514,
  Permission denied. This means that you are unable to receive any
  messages
  from this input. This is mostly an indication for a misconfiguration or
  an
  error. You can click here to solve this
  And the log looks like this:
  2014-02-12 16:16:39,732 ERROR: org.graylog2.inputs.InputRegistry - The
  [org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID
  52fbba87e4b0f89aaac73a29 misfired. Reason: Could not bind UDP syslog
  input
  to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, Permission
  denied
 
 
  This looks like the user that graylog runs does not have permission to
  bind
  port 514.
 
  Someone knows how to fix this?
 
  Thanks
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] How to fix Check the system clocks of your graylog2-server nodes

2014-02-13 Thread Lennart Koopmann 
Does it appear again if you just close it? Maybe you restarted you
graylog2-server nodes a bit too fast.

On Thu, Feb 13, 2014 at 10:31 AM, Şahin Koç shn...@gmail.com wrote:
 I am getting following warning and don't know how to fix it:


 Check the system clocks of your graylog2-server nodes. 12 minutes ago

 A graylog2-server node detected a condition where it was deemed to be
 inactive immediately after being active. This usually indicates either a
 significant jump in system time, e.g. via NTP, or that a second
 graylog2-server node is active on a system that has a different system time.
 Please make sure that the clocks of graylog2 systems are synchronized.


 I have only one graylog node with only one elastic search cluster. They are
 both present at the same server. System clock is set to local time of the
 location which is Istanbul. Please help me to fix it. Thanks

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Log monitoring with graylog2

2014-02-13 Thread Lennart Koopmann 
That is an old documentation that I just removed. Sorry about the confusion.

Every graylog2-server ships with a built in API browser. You can
access it from the Nodes dropdown menu in /system/nodes of your
graylog2-web-interface.

On Thu, Feb 13, 2014 at 12:03 PM, Alik Kurdyukov akurdyu...@gmail.com wrote:
 Great, thanks.

 I found only http://docs.graylog2.apiary.io for docs on the API. It doesn't
 seem to be complete. Is there any other docs on the API? Or points in the
 server code?


 On Monday, February 10, 2014 4:52:08 PM UTC+4, lennart wrote:

 You could use the graylog2-server REST API to read data into Zabbix I
 think.

 On Mon, Feb 10, 2014 at 1:33 PM, Alik Kurdyukov akurd...@gmail.com
 wrote:
  Hello,
 
  First, thank you guys for great tool. I'm using it to monitor several
  distributed windows services.
 
  I need to monitor logs for messages with special levels i.e. fatal. I
  tried
  to implement log filtering plugin, but it seems there's no support for
  custom plugins yet.
 
  Is it possible to monitor logs for special kind of levels and post data
  into
  zabbix?
 
  Thanks,
  Alik.
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: v0.20.0-rc.2: Incorrect Indices count

2014-02-12 Thread Lennart Koopmann 
Can you try to manually re-calculating the index ranges? System -
Indices - Maintenance dropdown menu - Recalculate index ranges

Thanks!

On Wed, Feb 12, 2014 at 1:40 PM, Joe Vandermark
joe.vanderm...@gmail.com wrote:
 Yes, just one index (fresh install) and it is working fine.

 --
 You received this message because you are subscribed to the Google Groups 
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] rc2: gelf udp input aborts at first JSON parse error

2014-02-12 Thread Lennart Koopmann 
We have identified that as a connection handling problem in the inputs
and will fix it ASAP. Thanks!

On Wed, Feb 12, 2014 at 12:52 PM, Martin René Mortensen
martin.rene.morten...@gmail.com wrote:
 Hi,

 Im outputting GELF directory from apache, it may be a stretch, but it seemed
 to work. lately it doesnt, because of JSON parse errors, and at the first
 error it stops the input somehow, doesnt get any more messages.


 This is the error in graylog2 server log :
 12:42:29,377 ERROR [GELFProcessor] Could not parse JSON!
 com.fasterxml.jackson.core.JsonParseException: Unrecognized character escape
 'x'
  (code 120)
  at [Source: java.io.StringReader@791b6956; line: 1, column: 409]

 This is a sample log (I also log to files) :

 { version: 1.1, host: somehost.example.com, level: 6, timestamp:
 1392205765, short_message: POST /ws/pure4WebService/ HTTP/1.1,
 _user-agent: Oracle HTTPClient Version 10h, _client: 1.1.127.198,
 _duration_usec: 263475, _duration_sec: 0, _status: 200,
 _request_path: /ws/pure4WebService/, _request: /ws/pure4WebService/,
 _method: POST, _referrer: -, _hostheader: www1.example.com,
 _bytes: 50378, _scheme: - }


 It validates fine as JSON on jsonlint.com, but its probably not the log
 message its complaining about - but I dont know which. I dont escape my
 'x''s.

 /Martin

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] graylog2-server-0.20.0-rc.2 fails to run

2014-02-12 Thread Lennart Koopmann 
 not same cluster_name [elasticsearch]

Seems like your graylog2-server node is running with cluster.name
elasticsearch and your ElasticSearch node(s) are not. You need to
set the same cluster.name everywhere.

On Wed, Feb 12, 2014 at 6:40 PM, Craig Blake craigwbl...@gmail.com wrote:
 Hi, I'm trying to get graylog2 up and running for the first time and am
 continually getting errors about a missing ElasticSearch master.

 I'm following the directions here:
 http://support.torch.sh/help/kb/graylog2-server/installing-graylog2-server-v020x-on-nix-systems



 This is the configuration I'm using, built by following the directions at
 the above link and adding a change to disable multicast discovery from here:
 http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200

 is_master = true
 node_id_file = /etc/graylog2-server-node-id
 password_secret = 
 root_password_sha2 = 
 plugin_dir = plugin
 rest_listen_uri = http://127.0.0.1:12900/
 elasticsearch_max_docs_per_index = 2000
 elasticsearch_max_number_of_indices = 20
 retention_strategy = delete
 elasticsearch_shards = 4
 elasticsearch_replicas = 0
 elasticsearch_index_prefix = graylog2
 allow_leading_wildcard_searches = false
 elasticsearch_cluster_name = elasticsearch
 elasticsearch_discovery_zen_ping_multicast_enabled = false
 elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
 elasticsearch_analyzer = standard
 output_batch_size = 5000
 processbuffer_processors = 5
 outputbuffer_processors = 5
 processor_wait_strategy = blocking
 ring_size = 1024
 mongodb_useauth = true
 mongodb_user = graylog2
 mongodb_password = 
 mongodb_replica_set = mongo01:27017,mongo02:27017
 mongodb_database = graylog2
 mongodb_port = 27017
 mongodb_host = mongo01
 mongodb_max_connections = 100
 mongodb_threads_allowed_to_block_multiplier = 5
 transport_email_enabled = false
 transport_email_hostname = mail.example.com
 transport_email_port = 587
 transport_email_use_auth = true
 transport_email_use_tls = true
 transport_email_use_ssl = true
 transport_email_auth_username = y...@example.com
 transport_email_auth_password = secret
 transport_email_subject_prefix = [graylog2]
 transport_email_from_email = grayl...@example.com



 I notice in the output some DEBUG messages that say this:

 2014-02-12 17:30:43,380 DEBUG: org.elasticsearch.discovery.zen.ping.unicast
 - [graylog2-server] [2] filtering out response from
 [Scorpio][GrPJicD8TV6Kvaig7ZbLhQ][inet[/10.3.108.55:9300]], not same
 cluster_name [elasticsearch]



 And then the server fails with this error:

 2014-02-12 17:30:48,377 ERROR: org.graylog2.Main -

 

 ERROR: No ElasticSearch master was found.

 Need help?

 * Official documentation: http://support.torch.sh/help/kb
 * Mailing list: http://support.torch.sh/help/kb/general/forums-mailing-list
 * Issue tracker: http://support.torch.sh/help/kb/general/issue-trackers
 * Commercial support: http://www.torch.sh/

 But we also got some specific help pages that might help you in this case:

 *
 http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200

 Terminating. :(

 


 Any ideas what the problem is?

 Thanks,
 Craig

 ~

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: GELF multiline-Logs

2014-02-11 Thread Lennart Koopmann 
Hey Cornelius,

you are right, that was a bug. :) Kay already fixed it and we'll
release RC.3 tomorrow:
https://github.com/Graylog2/graylog2-web-interface/issues/612

Thank you very much,
Lennart

On Tue, Feb 11, 2014 at 3:18 PM,  cornelius.r...@gmail.com wrote:
 Hi Kay,

 ok, I'm sorry, this work for me as expected, great!
 I think I have to be more precise: the line-breaks are displayed within the
 small message window on the right side, but not when displaying the message
 in Full-Screen-Mode. Would it be possible to have the same behaviour there?
 Thank you!

 Bye, Cornelius




 On Tuesday, February 11, 2014 10:29:31 AM UTC+1, Kay Röpke wrote:

 cc'ing mailing list.

 I just tested this and it works as expected for me.
 Could you please share an example message?

 Just to make sure you are also running the RC2 of the web interface,
 right? Because the bug was there and not in the server.

 I sent:

 curl -0 -XPOST http://localhost:12202/gelf -d
 '{short_message:ohai, full_message:this
 is
 a
 test
 , host:localhost, facility:test}'

 to my HTTP GELF input and it showed up as I expected (this is running RC2
 here).

 Best,
 Kay

 On Mon, Feb 10, 2014 at 9:54 PM,  corneli...@gmail.com wrote:
  Hi Kai, hi Lennart,
 
  I've just downloaded und installed RC2. The Update worked out of the
  box, I
  played a little with the new version, again an improvement - e.g.
  alerting
  now works!
  But unfortunately multiline-Line-Breaks still don't work for me :-(
  The GELF-Event contains them, but within the web-interface there are
  still
  no line-breaks :-(
 
  Ciao, Cornelius
 
 
 
  On Wednesday, February 5, 2014 3:12:38 PM UTC+1, Kay Röpke wrote:
 
  This will be fixed in RC2.
 
  Thanks for your report!
 
 
  On Wed, Feb 5, 2014 at 10:56 AM, Lennart Koopmann len...@torch.sh
  wrote:
 
  Thanks for reporting this! Please follow this issue:
  https://github.com/Graylog2/graylog2-web-interface/issues/601
 
  Cheers,
  Lennart
 
  On Tue, Feb 4, 2014 at 7:44 PM, Grégory Nuyttens
  gregory@gmail.com wrote:
   At this time, I try a lot of thing:
  
   - simple messages with gelf and with an \n character inside my
   message
   - with logstash and multiline option
  
   but in the graylog web interface I only show a blank between
   multiple
   lines and no multiline display :-/
  
   I think you told about this issue:
   https://github.com/Graylog2/graylog2-web-interface/pull/126, it
   seems
   to be
   closed and resolved but the problem is come back in this version???
  
   Thanks if anyone have a solution or we can create again a new
   issue
   about this problem
  
  
  
   On Tuesday, January 28, 2014 4:24:40 PM UTC+1, corneli...@gmail.com
   wrote:
  
   Hi,
  
   first of all I want to say that I'm quite satisfied with graylog2
   0.2.0
   rc.1-1.
   But I have a question regarding multiline-Display within
   full_message.
   Although line-breaks, i.e. \n are included within the GELF-Message
   from
   logstash, e.g. Stacktraces are displayed as floating text.
   I read that there was an Issue 9 months ago, but that should be
   fixed.
   Is
   the same problem re-occuring? Or am I missing something?
  
   Regards, Cornelius
  
   --
   You received this message because you are subscribed to the Google
   Groups
   graylog2 group.
   To unsubscribe from this group and stop receiving emails from it,
   send
   an
   email to graylog2+u...@googlegroups.com.
 
   For more options, visit https://groups.google.com/groups/opt_out.
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
 
  For more options, visit https://groups.google.com/groups/opt_out.
 
 
 

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Blacklists

2014-02-11 Thread Lennart Koopmann 
Hey Tim,

the blacklists were not re-implemented for 0.20.0 yet, but will come
back in a way better implementation in a near-future version.

Sorry for the inconvenience.

Thanks,
Lennart

On Tue, Feb 11, 2014 at 5:10 PM, Tim timsha...@gmail.com wrote:
 Have been using Graylog 0.12 for a while

 Just been looking at the new 0.20 release candidate and cannot find any sign
 of where to configure blacklists

 Has this feature been removed from graylog?

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Exception on Users Tab

2014-02-10 Thread Lennart Koopmann 
Hey Abhay,

could it be that you are using a MongoDB database that was filled by a
previous Graylog2 version?

Thanks,
Lennart

On Mon, Feb 10, 2014 at 12:44 PM,  ab...@fab.com wrote:
 Hi All,

 I just setup graylog2 version(graylog2-v0-20-0-rc-1-1) on production.
 When i click on system/users i am getting this error:

 lib.APIException: API call failed GET http://@graylog-server-ip:12900/users
 returned 500 Internal Server Error body: java.lang.NullPointerException
 at org.graylog2.users.User.getName(User.java:154)
 at
 org.graylog2.rest.resources.users.UsersResource.toMap(UsersResource.java:410)
 at
 org.graylog2.rest.resources.users.UsersResource.toMap(UsersResource.java:404)
 at
 org.graylog2.rest.resources.users.UsersResource.listUsers(UsersResource.java:96)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at
 org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)
 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)
 at
 org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
 at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)
 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:402)
 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:349)
 at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106)
 at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259)
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
 at
 org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318)
 at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236)
 at
 org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1010)
 at
 org.graylog2.jersey.container.netty.NettyContainer.messageReceived(NettyContainer.java:254)
 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at
 org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
 at
 org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
 at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
 at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
 at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
 at
 org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
 at
 org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
 at

Re: [graylog2] Plugins for Graylog2 0.20.x

2014-02-10 Thread Lennart Koopmann 
0.1x plugins are not compatible and 0.20.0 only has the input plugin
interfaces back for now, because the other types are not implemented
yet.

Cheers,
Lennart

On Thu, Feb 6, 2014 at 3:09 AM, Gonzalo Gómez García
arcadia.gonz...@gmail.com wrote:
 Hi,

 I've got some questions about plugins on version 0.20

 Are the 0.1x plugins compatible with Graylog2 0.20?

 Is there any documentation about custom plugin development for Graylog2
 0.20?

 Regards

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[graylog2] [ANNOUNCE] Graylog2 v0.20.0-rc.2 has been released

2014-02-10 Thread Lennart Koopmann 
Hey everybody,

we just released the second RC version of Graylog2 v0.20.0. It brings
a lot of fixes and improvements - Find a complete list in the
announcement:

* http://blog.torch.sh/graylog2-v0-20-0-rc-2-has-been-released/

Have a great day,
Lennart (on behalf of the whole TORCH team)

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Graphite

2014-02-10 Thread Lennart Koopmann 
Hey Jonathan,

the Graphite forwarding will follow in future releases. I created this
issue to make sure we properly schedule it after 0.20.0:
https://github.com/Graylog2/graylog2-server/issues/421

Thanks,
Lennart

On Mon, Feb 10, 2014 at 5:18 PM, Jonathan Buch jb...@synyx.de wrote:
 Hi,

 I just got around to trying the new 0.20 branch of graylog2 with the goal of
 eventually phasing out a 0.9.* installation.

 Now, I've read that Graphite is included
 (http://blog.torch.sh/graylog2-v0-20-0-preview-5-has-been-released/),
 however on investigating that implementation seems to be mostly removed
 since the preview shortly before 0.20-rc.1

 * A GraphiteFormatter exists but the method contents are commented out
 * 29ca7e6f4c9ac7 alerts are now sending emails. #356 removes the rest of
 the graphite implementation unceremoniously with Whoop! as the only
 comment.

 Is there a plan to revive this functionality?  I guess it wouldn't really be
 hard to simply query JMX and use the available metrics and shove them into
 graphite, but I was hoping to skip that extra step.

 Greetings,

 Jo

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Error when merging charts

2014-02-07 Thread Lennart Koopmann 
I can confirm that this is exactly the issue I fixed. Will indeed be
included in rc.2. :)

Thanks for your kind words!

On Fri, Feb 7, 2014 at 11:57 AM, Paul Dunkler paul.dunk...@xyrality.com wrote:
 Fine. Thanks for the fast response. I'm with you that your fix could have 
 fixed that issue i'm facing too!

 Will report back after you've released the RC2.

 I believe this could be related to this issue 
 https://github.com/Graylog2/graylog2-web-interface/issues/590

 Previously if the graph data had missing values, then the number of data 
 points reported was lower than the time range would've required.
 After the fix we fill those missing buckets with a 0, so both time series 
 will have the same amount of data and also there won't be any wrong 
 interpolation going on.
 I believe this will also fix the graph merge problem.

 We aim to release RC2 as soon as possible, possibly even today.

 And thank you for your praise :)

 Yes, this is one of the ways to report these things, but you could also use 
 the github projects to file bug reports if you like.

 cheers,
 -k

 On Friday, February 7, 2014 10:59:35 AM UTC+1, Paul Dunkler wrote:
 Hi there,

 first i would like to say - VERY VERY AWESOME NEW GRAYLOG2!! I already used 
 the first versions of graylog2 since some time - And i'm totally impressed 
 of the new version! Nice features, cool design - good handling!

 I tried to use the Merge Graphs-Feature, did one search, pinned a graph 
 and then did another one, created a new graph, dropped it on the other one - 
 But that doesn't seem to work. There are some Javascript-Errors from 
 Rickshaw that stacked series cannot have differing  numbers of points: 375 
 vs 346.

 Here are 2 screenshots - Hope they'll help:

 http://www.directupload.net/file/d/3526/j9x59yr8_png.htm
 http://www.directupload.net/file/d/3526/vfutvfry_png.htm

 Or isn't this the right place for such error reports? If not, please tell me 
 the right one!


 --
 Mit freundlichen Grüßen / Kind regards

 Paul Dunkler


 --
 You received this message because you are subscribed to the Google Groups 
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.


-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: GELF multiline-Logs

2014-02-05 Thread Lennart Koopmann 
Thanks for reporting this! Please follow this issue:
https://github.com/Graylog2/graylog2-web-interface/issues/601

Cheers,
Lennart

On Tue, Feb 4, 2014 at 7:44 PM, Grégory Nuyttens
gregory.nuytt...@gmail.com wrote:
 At this time, I try a lot of thing:

 - simple messages with gelf and with an \n character inside my message
 - with logstash and multiline option

 but in the graylog web interface I only show a blank between multiple
 lines and no multiline display :-/

 I think you told about this issue:
 https://github.com/Graylog2/graylog2-web-interface/pull/126, it seems to be
 closed and resolved but the problem is come back in this version???

 Thanks if anyone have a solution or we can create again a new issue
 about this problem



 On Tuesday, January 28, 2014 4:24:40 PM UTC+1, corneli...@gmail.com wrote:

 Hi,

 first of all I want to say that I'm quite satisfied with graylog2 0.2.0
 rc.1-1.
 But I have a question regarding multiline-Display within full_message.
 Although line-breaks, i.e. \n are included within the GELF-Message from
 logstash, e.g. Stacktraces are displayed as floating text.
 I read that there was an Issue 9 months ago, but that should be fixed. Is
 the same problem re-occuring? Or am I missing something?

 Regards, Cornelius

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] 0.20 rc1.1 ui fields and order

2014-02-05 Thread Lennart Koopmann 
The LogMessage changed indeed. It is now this:
https://github.com/Graylog2/graylog2-server/blob/020/graylog2-plugin-interfaces/src/main/java/org/graylog2/plugin/Message.java

The official docs for this will follow soon.

On Wed, Feb 5, 2014 at 1:03 PM, Martin René Mortensen
martin.rene.morten...@gmail.com wrote:
 Great.

 Any hints on how to use drools now? I cant seem to get it right in any way.
 New escape sequences? new LogMessage object to import ?

 Its difficult to tell from the source.


 On Monday, 3 February 2014 09:48:17 UTC+1, lennart wrote:

 Hey Martin,

 we already have your suggestions on the near-future roadmap. Thank you
 very much!

 Drools is still available in v0.20.0 and just needs a documentation
 update. That is one of the remaining tickets in the 0.20.0 milestone.

 Thanks,
 Lennart

 On Fri, Jan 31, 2014 at 6:59 PM, Martin René Mortensen
 martin.ren...@gmail.com wrote:
  Hi,
 
  First, 0.20 is a great release, I love it, especially the upgraded radio
  and
  choosing kafka for queueing, its blazingly fast.
 
  I have a few very important (I think) comments - maybe I just dont know
  which little button to press, but I cant get it to work.
 
  - Fields resetting: I cannot get the chosen fields to stick! they keep
  resetting when I reload the search and its really annoying.
  - Field sort order? How to do you chose the sort order of fields? I cant
  see
  a way, and I dont understand the current sort order.
 
  And a few questions:
 
  - Will drools rules stay in ? its a very effective tools for extracting
  alot
  of fields in one go. The online field extractor is nice and
  comprehensive,
  but its insane to make 200 rules for extracting fields from cisco
  devices
  logs for example. I suspect its also ineffective, when I can match 1
  line,
  and extract all the fields in one group capturing regexp with drools
  rules.
 
  Brgds. Martin
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: Message retention time

2014-02-04 Thread Lennart Koopmann 
The MongoDB part is for old Graylog2 versions only. Be aware that
manually deleting data can cause performance issues and needs a manual
re-calculation of the index ranges meta data after it.

On Tue, Feb 4, 2014 at 10:21 AM, Jean-Luc Bassereau
jlbasser...@gmail.com wrote:
 Hello,

 As far as I know, I'm able to delete datas from a snigle host using these
 commands :

 Deletion from ES :
 # curl -XDELETE 'http://localhost:9200/graylog2_*/message/_query' -d ' {
 query_string : { default_field : host, query : servername } }'


 Deletion from mongoDB :
 # mongo
 MongoDB shell version: 2.4.6
 connecting to: test
 use graylog2
 switched to db graylog2
 db.auth('grayloguser', 'PASSWORD')
 1
 db.hosts.remove( { 'host' : /^servername/ } )


 2014-02-03 Lennart Koopmann lenn...@torch.sh:

 Yes, we are working on that - But it will not be included in v0.20.0 yet.

 Thanks,
 Lennart

 On Mon, Feb 3, 2014 at 10:59 AM, Javier Barroso javibarr...@gmail.com
 wrote:
  Hello,
 
  Are there some work in progress about this issue ?
 
  Is it possible to delete messages only from a specific source  ?
 
  It would be useful having an interface to delete the most noise logs
  (for
  example, applications with debug mode turned on)
 
  Thank you very much
 
  El jueves, 19 de diciembre de 2013 12:01:45 UTC+1, lennart escribió:
 
  We are working on that for v0.20.0 in these days actually. :)
 
  On Thu, Dec 19, 2013 at 10:37 AM, Ruurd Adema ruurd...@gmail.com
  wrote:
   Me2! Retention based on time would be awesome! +1 feature request.
  
   Op maandag 24 december 2012 11:08:09 UTC+1 schreef Roman Lobus:
  
   Hello,
   Message retention time setting was removed in the new version of
   Graylog
   (0.10.1) but I can't find this setting in configuration file.
  
   What is exact name of message retention time option?
  
   Thank you in advance!
  
   Roman
  
   --
   You received this message because you are subscribed to the Google
   Groups
   graylog2 group.
   To unsubscribe from this group and stop receiving emails from it,
   send
   an
   email to graylog2+u...@googlegroups.com.
   For more options, visit https://groups.google.com/groups/opt_out.
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+unsubscr...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.




 --
 Cordialement,
 Jean-Luc Bassereau

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Graylog 0.20.0 with Nagios

2014-02-03 Thread Lennart Koopmann 
It is basic HTTP authentication. For example with curl: curl -XGET
http://youruser:password@127.0.0.1:12900/system

On Tue, Jan 28, 2014 at 8:49 AM, datluc lucypa...@googlemail.com wrote:
 Nobody ?

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Standart users can't create new dashboard (stacktrace generated)

2014-02-03 Thread Lennart Koopmann 
That is indeed a bug.

https://github.com/Graylog2/graylog2-web-interface/issues/593

Thanks for reporting this,
Lennart


On Mon, Feb 3, 2014 at 4:53 PM, Raphaël Berlamont 
raphael.berlam...@raphux.com wrote:

 Hi list,
 it seems that a user can't create a personnal dashboard, even if the user
 is prompt for this action :


 https://lh4.googleusercontent.com/-JbRr5q3UOqI/Uu-5t28VDYI/MlI/telzY49O1Z0/s1600/create_new_dashboard.png

 User is then redirected to the «create dashboard» formular, but when he
 clicks on the «Create», stacktrace appears, and in the log, we have this :

 ===

 16:48:31,047 INFO  [ShiroAuthorizationFilter] User not authorized.
 org.apache.shiro.authz.UnauthorizedException: Subject does not have
 permission [dashboards:create]
 at
 org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
 at
 org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
 at
 org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
 at
 org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
 at
 org.graylog2.security.ShiroAuthorizationFilter.filter(ShiroAuthorizationFilter.java:52)
 at
 org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:171)
 at
 org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:74)
 at
 org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
 at
 org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:250)
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
 at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
 at
 org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:318)
 at
 org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236)
 at
 org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1010)
 at
 org.graylog2.jersey.container.netty.NettyContainer.messageReceived(NettyContainer.java:254)
 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at
 org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
 at
 org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
 at
 org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:459)
 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.callDecode(ReplayingDecoder.java:536)
 at
 org.jboss.netty.handler.codec.replay.ReplayingDecoder.messageReceived(ReplayingDecoder.java:435)
 at
 org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
 at
 org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
 at
 org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
 at
 org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
 at
 org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318)
 at
 org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
 at
 org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
 at
 org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
 at
 org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
 at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:744)
 ===
 I think

Re: [graylog2] Re: Message retention time

2014-02-03 Thread Lennart Koopmann 
Yes, we are working on that - But it will not be included in v0.20.0 yet.

Thanks,
Lennart

On Mon, Feb 3, 2014 at 10:59 AM, Javier Barroso javibarr...@gmail.com wrote:
 Hello,

 Are there some work in progress about this issue ?

 Is it possible to delete messages only from a specific source  ?

 It would be useful having an interface to delete the most noise logs (for
 example, applications with debug mode turned on)

 Thank you very much

 El jueves, 19 de diciembre de 2013 12:01:45 UTC+1, lennart escribió:

 We are working on that for v0.20.0 in these days actually. :)

 On Thu, Dec 19, 2013 at 10:37 AM, Ruurd Adema ruurd...@gmail.com wrote:
  Me2! Retention based on time would be awesome! +1 feature request.
 
  Op maandag 24 december 2012 11:08:09 UTC+1 schreef Roman Lobus:
 
  Hello,
  Message retention time setting was removed in the new version of
  Graylog
  (0.10.1) but I can't find this setting in configuration file.
 
  What is exact name of message retention time option?
 
  Thank you in advance!
 
  Roman
 
  --
  You received this message because you are subscribed to the Google
  Groups
  graylog2 group.
  To unsubscribe from this group and stop receiving emails from it, send
  an
  email to graylog2+u...@googlegroups.com.
  For more options, visit https://groups.google.com/groups/opt_out.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: [Help me] Using GELF HTTP input

2014-01-30 Thread Lennart Koopmann 
You have to go to System - Inputs in the web interface to start new inputs.


On Thu, Jan 30, 2014 at 12:38 PM, Deep Pai
flickr.ordinarywo...@gmail.comwrote:

 Hi, How do you do step (1)? How do you setup graylog 2 to listen to GELF
 UDP input? I installed graylog2 but I only see that it is listening to the
 following ports:

 tcp0  0 :::12900
 :::*LISTEN  5411/java
 tcp0  0 :::9350
 :::*LISTEN  5411/java
 udp0  0 :::54328
 :::*5411/java



 On Thursday, 2 January 2014 15:38:08 UTC+5:30, Dmitri Stoljarov wrote:


 0. Use latest graylog2. Setup it according instructions.
 1. Create new graylog GELF UDP input. E.g. (port: 4450,bind_address:
 0.0.0.0)
 2. Configure logstash output:
 output {
   gelf {
 type = your-name
 port = 4450
 host = graylog2_ip_address
 facility = your-facility
  }
 }

 3. Verify that firewall is not blocking traffic to/from your graylog and
 logstash servers.
 4. For debugging, create stdout output on logstash, to be sure, that
 messages are picked up by intput filter and forwarded to output filter.




 On Thursday, January 2, 2014 10:52:15 AM UTC+2, Lê Bình wrote:

 I tried what you tell me, it doesn't make diferrent. Graylog2 should not
 receive message from gelf output.

  --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.


-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] No results in stream

2014-01-30 Thread Lennart Koopmann 
That should not happen because Graylog2 is never deleting or even changing
any already written messages.

Please make sure that you have selected the correct time range for the
search and that all graylog2-server and graylog2-web-interface nodes are
running with the same server time.


On Wed, Jan 29, 2014 at 7:38 PM, Summer Brooks sum...@historytype.comwrote:

 I'm running rc.1.1, and most things are working well so far, but I wanted
 to run this issue by the group before submitting it as a bug. It's entirely
 possible someone has already found a fix. I have an otherwise functioning
 stream set up, and alarms are working properly against it. However, the
 stream seems to periodically flush itself of log entries, so I get No
 results in stream when I try to open it. I'm not quite sure where to look
 for what might be causing that, so any help would be appreciated.

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.


-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: [ANNOUNCE] Graylog2 v0.20.0-rc.1 has been released

2014-01-15 Thread Lennart Koopmann 
Thank you *very* much Dmitri! :) I created a lot of issues for RC.2
and some for 0.20.1.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [graylog2] Re: Graylog v0.20.0 RC.1 Important Error !!!

2014-01-14 Thread Lennart Koopmann 
If you are using ES with multicast then this could be any ES node with
the same cluster.name that is discoverable via multicast.

See also: 
http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200

On Tue, Jan 14, 2014 at 1:09 PM, datluc lucypa...@googlemail.com wrote:
 Where does elasticsearch get the IP adress
 [[Sauron][jko_l23FRI6BW7eEU2ULHg][inet[/10.7.1.129:9300]]] ?

 The IP Adress of my Graylog System is 10.7.1.60.

 Kind Regards
 Lucy

 --
 You received this message because you are subscribed to the Google Groups
 graylog2 group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to graylog2+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
graylog2 group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

  1   2   >