from:"Micha \-"

[graylog2] Re: graylog 2.0 GA - issues with nginx and reverse proxy - Error: Request has been terminated

2016-04-27 Thread Micha -

Hi,

For us Graylog v2.0 (since Beta) is working like a charm behind a Apache 
ReverseProxy with SSL Offloading

Our config looks like this, maybe this helps someone:

  ServerName graylogserver.example.com


  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCertificateFile /etc/ssl/certs/graylog.crt
  SSLCertificateKeyFile /etc/ssl/certs/graylog.key

  KeepAliveTimeout 900

  RewriteEngine On

  ## Graylog Dashboard
  RewriteCond %{REQUEST_URI} !^/api
  RewriteRule  ^/(.*) http://localhost:9000/$1 [P,L]

  ## Graylog Api - also needed for the dashboard
  RequestHeaderset X-Graylog-Server-URL 
"https://graylogserver.example.com/api;
  RewriteCond  %{REQUEST_URI} ^/api
  RewriteRule  ^/(api\/)(.*)  http://127.0.0.1:12900/$2 [P,L]

  
  Order allow,deny
  Allow from all
  



Regards
Micha

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c5a2838a-8ed8-4524-b4bb-4bb2019d7d2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Load Balancer health check with Big-IP F5

2016-04-15 Thread Micha -

Hi Marty,

at the moment i just using one Node so i still wasn't place one of our F5 
Clusters in front of Graylog. I just tested the monitor via telnet like i 
always do for new monitors. 

f5ve]# telnet graylogserver 12900
Trying graylogserver...
Connected to graylogserver .
Escape character is '^]'.
GET /system/lbstatus HTTP/1.0

HTTP/1.1 200 OK
X-Graylog-Node-ID: c02340cc-d5b7-4f27-aba6-b795c51865b8
X-Runtime-Microseconds: 187
Content-Type: text/plain
Date: Fri, 15 Apr 2016 12:15:48 GMT
Connection: close
Content-Length: 5

ALIVE

alternative you could change the receive string from ALIVE to just 200 and 
test if the pool stays up - if that doesnt work also - i guess there is a 
problem somewhere else.

Greets
Micha






-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f5822ec8-c2e8-466a-a45b-c31091d1dfab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Load Balancer health check with Big-IP F5

2016-04-13 Thread Micha -

Hi Martin,

For tthis monitor you dont't need an external Monitor on the F5

Just Configure the monitor like one of that, and it should work

AS HTTP/1.0

*Send String:*
GET /system/lbstatus HTTP/1.0\r\n\r\n

*Receive String:*
Alive 

OR as HTTP/1.1

*Send String:*
GET /system/lbstatus HTTP/1.1\r\nHost: dummy\r\n\r\n

*Receive String:*
Alive 


Regards
Micha

Am Mittwoch, 13. April 2016 01:38:35 UTC+2 schrieb Marty:
>
> Hi Folks,
>
> Graylog V1.3.4
>
> Just wondering if anyone has integrated the Graylog LB state into the F5 
> native http health check.
> I can't get this to work when sending:
>
> GET /system/lbstatus HTTP/1.1
>
>
> From the command line (using netcat) on the graylog node, this also fails. 
> Just get a newline (no output).
>
> $ echo -e "GET /system/lbstatus HTTP/1.1\r\n" | nc 127.0.0.1 12900
>
> Using nc natively is OK, as seen below. Need to send  twice, as shown.
>
> $ nc 127.0.0.1 12900
> GET /system/lbstatus HTTP/1.1
> 
> HTTP/1.1 200 OK
> Content-Type: text/plain
> X-Graylog-Node-ID: ----x
> X-Runtime-Microseconds: 240 
> Transfer-Encoding: chunked 
>  
> 5
> ALIVE 
> 0 
> 
>
> Using curl is fine:
>
> S curl -w '\n' http://127.0.0.1:12900/system/lbstatus
> ALIVE
>
> I got around this on the F5, by using curl with an external script.
>
> Just wondering if there is an issue or I'm doing something incorrect.
>
> Cheers,
> Martin
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/43f7d237-ca8f-4ef4-97a3-25666c94deba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Geo-Location Processor only resolves msg source address ?

2016-04-01 Thread Micha -



Hi Edmundo,

The hint with the configutation made it, changed it and now it seems to 
work :)

<https://lh3.googleusercontent.com/-2FjsWE3k_CE/Vv5wm2TkQXI/ABA/lUz4B0F5gNcW2JFef3fpYhjVSk7SvxCbQ/s1600/config_changed.png>

<https://lh3.googleusercontent.com/-NIlNPC1N8xU/Vv5wvjDgZGI/ABI/LC67YWfMjBgL7v83yk_IBDQbzjIHuQboA/s1600/config_changed_map.png>


Thank you so far :)
<https://lh3.googleusercontent.com/-2FjsWE3k_CE/Vv5wm2TkQXI/ABA/lUz4B0F5gNcW2JFef3fpYhjVSk7SvxCbQ/s1600/config_changed.png>



Am Freitag, 1. April 2016 14:40:38 UTC+2 schrieb Micha -:
>
>
> Sure :)
>
>
> Is unchanged i think on my other manual installation with more or less 
> Productiv Traffic  it looks same. But here a screenshot from the VM:
>
>
>
> <https://lh3.googleusercontent.com/-1YoS84W8Z8I/Vv5rySuqBoI/AAw/91sof8Iy5fUWuiRgoSppAFvb66rq4qkZQ/s1600/config.png>
>  
>
>
>
> Am Freitag, 1. April 2016 14:31:50 UTC+2 schrieb Edmundo Alvarez:
>>
>> It looks like it's running before extractors in your Graylog instance. 
>> Could you please share with us your "Message Processors Configuration" in 
>> System -> Configurations? 
>>
>> Edmundo 
>>
>> > On 01 Apr 2016, at 13:36, Micha - <michae...@wuerth-it.com> wrote: 
>> > 
>> > Hi Edmundo, 
>> > 
>> > Thanks for your reply - but then i guess should work since i have 
>> already an extractor and a field (client_ip) with only the IP Address - but 
>> it doesnt. 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > Seems still to me like it only resolves the sender Address, hmrpf   
>> > 
>> > Am Freitag, 1. April 2016 13:10:19 UTC+2 schrieb Edmundo Alvarez: 
>> > Hi Michael, 
>> > 
>> > The Geo-location resolver looks for IPs in all fields that _only_ 
>> contain an IP address. That means, you need to extract the IP to it's own 
>> field (using an extractor or sending logs with something like GELF), to 
>> make the geo-location work. 
>> > 
>> > The description text is unfortunately outdated, but will take care of 
>> fixing it for the next release. 
>> > 
>> > I hope that helps. 
>> > 
>> > Regards, 
>> > Edmundo 
>> > 
>> > > On 01 Apr 2016, at 09:55, michae...@wuerth-it.com wrote: 
>> > > 
>> > > Hi, 
>> > > 
>> > > Maybe I missed something somewhere, but it looks to me like 
>> Geo-Location Processor only tries to resolve the sender address of the 
>> message, and not any fields like stated in the description 
>> > > 
>> > >  "scans all fields of every message for IPv4 addresses" 
>> > > 
>> > > 
>> > > On a graylog-beta-2.0.0-beta.1-1.ova I just enabled the Plugin under 
>> configuration and added the DB file from Maxmind. 
>> > > 
>> > > Graylog Settings: 
>> > > 
>> > > Geo-Location Processor 
>> > > 
>> > > If enabled, the GeoIP processor plugin scans all fields of every 
>> message for IPv4 addresses and puts the location information into a field 
>> named fieldname_geolocation where "fieldname" is the name of the field in 
>> which an IP address has been found. 
>> > > 
>> > > Enabled: yes 
>> > > Database type:  City database 
>> > > Database path: /etc/graylog/GeoLite2-City.mmdb 
>> > > 
>> > > root@graylog-beta:~# ll /etc/graylog/GeoLite2-City.mmdb 
>> > > -rw-rw-r-- 1 root root 36745923 Mar 29 08:05 
>> /etc/graylog/GeoLite2-City.mmdb 
>> > > 
>> > > 
>> > > when i send a sample msg line into Graylog: 
>> > > root@graylog-beta:~# echo '8.8.8.8 - test message' |  ncat -w1 -u 
>> 127.0.0.1 51 
>> > > 
>> > > 
>> > > 
>> > > 
>> > > 
>> > > With  Subystem Indexer Logging set to Debug i get this: 
>> > > 2016-04-01_07:21:22.17052 2016-04-01 07:21:22,159 DEBUG: 
>> org.graylog.plugins.map.geoip.GeoIpResolverEngine - Could not get location 
>> from IP 127.0.0.1 
>> > > 2016-04-01_07:21:22.17079 
>> com.maxmind.geoip2.exception.AddressNotFoundException: The address 
>> 127.0.0.1 is not in the database. 
>> > > 2016-04-01_07:21:22.17149   at 
>> com.maxmind.geoip2.DatabaseReader.get(DatabaseReader.java:161

Re: [graylog2] Geo-Location Processor only resolves msg source address ?

2016-04-01 Thread Micha -




Sure :)


Is unchanged i think on my other manual installation with more or less 
Productiv Traffic  it looks same. But here a screenshot from the VM:


<https://lh3.googleusercontent.com/-1YoS84W8Z8I/Vv5rySuqBoI/AAw/91sof8Iy5fUWuiRgoSppAFvb66rq4qkZQ/s1600/config.png>
 



Am Freitag, 1. April 2016 14:31:50 UTC+2 schrieb Edmundo Alvarez:
>
> It looks like it's running before extractors in your Graylog instance. 
> Could you please share with us your "Message Processors Configuration" in 
> System -> Configurations? 
>
> Edmundo 
>
> > On 01 Apr 2016, at 13:36, Micha - <michae...@wuerth-it.com > 
> wrote: 
> > 
> > Hi Edmundo, 
> > 
> > Thanks for your reply - but then i guess should work since i have 
> already an extractor and a field (client_ip) with only the IP Address - but 
> it doesnt. 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > Seems still to me like it only resolves the sender Address, hmrpf   
> > 
> > Am Freitag, 1. April 2016 13:10:19 UTC+2 schrieb Edmundo Alvarez: 
> > Hi Michael, 
> > 
> > The Geo-location resolver looks for IPs in all fields that _only_ 
> contain an IP address. That means, you need to extract the IP to it's own 
> field (using an extractor or sending logs with something like GELF), to 
> make the geo-location work. 
> > 
> > The description text is unfortunately outdated, but will take care of 
> fixing it for the next release. 
> > 
> > I hope that helps. 
> > 
> > Regards, 
> > Edmundo 
> > 
> > > On 01 Apr 2016, at 09:55, michae...@wuerth-it.com wrote: 
> > > 
> > > Hi, 
> > > 
> > > Maybe I missed something somewhere, but it looks to me like 
> Geo-Location Processor only tries to resolve the sender address of the 
> message, and not any fields like stated in the description 
> > > 
> > >  "scans all fields of every message for IPv4 addresses" 
> > > 
> > > 
> > > On a graylog-beta-2.0.0-beta.1-1.ova I just enabled the Plugin under 
> configuration and added the DB file from Maxmind. 
> > > 
> > > Graylog Settings: 
> > > 
> > > Geo-Location Processor 
> > > 
> > > If enabled, the GeoIP processor plugin scans all fields of every 
> message for IPv4 addresses and puts the location information into a field 
> named fieldname_geolocation where "fieldname" is the name of the field in 
> which an IP address has been found. 
> > > 
> > > Enabled: yes 
> > > Database type:  City database 
> > > Database path: /etc/graylog/GeoLite2-City.mmdb 
> > > 
> > > root@graylog-beta:~# ll /etc/graylog/GeoLite2-City.mmdb 
> > > -rw-rw-r-- 1 root root 36745923 Mar 29 08:05 
> /etc/graylog/GeoLite2-City.mmdb 
> > > 
> > > 
> > > when i send a sample msg line into Graylog: 
> > > root@graylog-beta:~# echo '8.8.8.8 - test message' |  ncat -w1 -u 
> 127.0.0.1 51 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > With  Subystem Indexer Logging set to Debug i get this: 
> > > 2016-04-01_07:21:22.17052 2016-04-01 07:21:22,159 DEBUG: 
> org.graylog.plugins.map.geoip.GeoIpResolverEngine - Could not get location 
> from IP 127.0.0.1 
> > > 2016-04-01_07:21:22.17079 
> com.maxmind.geoip2.exception.AddressNotFoundException: The address 
> 127.0.0.1 is not in the database. 
> > > 2016-04-01_07:21:22.17149   at 
> com.maxmind.geoip2.DatabaseReader.get(DatabaseReader.java:161) 
> ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > > 2016-04-01_07:21:22.17230   at 
> com.maxmind.geoip2.DatabaseReader.city(DatabaseReader.java:217) 
> ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > > 2016-04-01_07:21:22.17284   at 
> org.graylog.plugins.map.geoip.GeoIpResolverEngine.extractGeoLocationInformation(GeoIpResolverEngine.java:100)
>  
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > > 2016-04-01_07:21:22.17429   at 
> org.graylog.plugins.map.geoip.GeoIpResolverEngine.filter(GeoIpResolverEngine.java:74)
>  
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > > 2016-04-01_07:21:22.17572   at 
> org.graylog.plugins.map.geoip.processor.GeoIpProcessor.process(GeoIpProcessor.java:79)
>  
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > > 2016-04-01_07:21:22.17587   at 
> org.graylog2.buffers.processors.ServerProcessBufferProcessor.handleMessage(ServerProcessBufferProcessor.java:56)
>  
&g

Re: [graylog2] Geo-Location Processor only resolves msg source address ?

2016-04-01 Thread Micha -



Hi Edmundo,

Thanks for your reply - but then i guess should work since i have already 
an extractor and a field (client_ip) with only the IP Address - but it 
doesnt. 




<https://lh3.googleusercontent.com/-Ic7h59J7vUY/Vv5cTS5LbCI/AAg/elazRSpy4yQMSGqEnHdJbpJlQYltq2mpw/s1600/message.png>

<https://lh3.googleusercontent.com/-XACljpLHqGU/Vv5cPrb6qqI/AAc/B8QCcLCgYAAwP6VhS-m7UIDgv1XPepY1w/s1600/Extractor.png>





Seems still to me like it only resolves the sender Address, hmrpf  

Am Freitag, 1. April 2016 13:10:19 UTC+2 schrieb Edmundo Alvarez:
>
> Hi Michael, 
>
> The Geo-location resolver looks for IPs in all fields that _only_ contain 
> an IP address. That means, you need to extract the IP to it's own field 
> (using an extractor or sending logs with something like GELF), to make the 
> geo-location work. 
>
> The description text is unfortunately outdated, but will take care of 
> fixing it for the next release. 
>
> I hope that helps. 
>
> Regards, 
> Edmundo 
>
> > On 01 Apr 2016, at 09:55, michae...@wuerth-it.com  wrote: 
> > 
> > Hi, 
> > 
> > Maybe I missed something somewhere, but it looks to me like Geo-Location 
> Processor only tries to resolve the sender address of the message, and not 
> any fields like stated in the description 
> > 
> >  "scans all fields of every message for IPv4 addresses" 
> > 
> > 
> > On a graylog-beta-2.0.0-beta.1-1.ova I just enabled the Plugin under 
> configuration and added the DB file from Maxmind. 
> > 
> > Graylog Settings: 
> > 
> > Geo-Location Processor 
> > 
> > If enabled, the GeoIP processor plugin scans all fields of every message 
> for IPv4 addresses and puts the location information into a field named 
> fieldname_geolocation where "fieldname" is the name of the field in which 
> an IP address has been found. 
> > 
> > Enabled: yes 
> > Database type:  City database 
> > Database path: /etc/graylog/GeoLite2-City.mmdb 
> > 
> > root@graylog-beta:~# ll /etc/graylog/GeoLite2-City.mmdb 
> > -rw-rw-r-- 1 root root 36745923 Mar 29 08:05 
> /etc/graylog/GeoLite2-City.mmdb 
> > 
> > 
> > when i send a sample msg line into Graylog: 
> > root@graylog-beta:~# echo '8.8.8.8 - test message' |  ncat -w1 -u 
> 127.0.0.1 51 
> > 
> > 
> > 
> > 
> > 
> > With  Subystem Indexer Logging set to Debug i get this: 
> > 2016-04-01_07:21:22.17052 2016-04-01 07:21:22,159 DEBUG: 
> org.graylog.plugins.map.geoip.GeoIpResolverEngine - Could not get location 
> from IP 127.0.0.1 
> > 2016-04-01_07:21:22.17079 
> com.maxmind.geoip2.exception.AddressNotFoundException: The address 
> 127.0.0.1 is not in the database. 
> > 2016-04-01_07:21:22.17149   at 
> com.maxmind.geoip2.DatabaseReader.get(DatabaseReader.java:161) 
> ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > 2016-04-01_07:21:22.17230   at 
> com.maxmind.geoip2.DatabaseReader.city(DatabaseReader.java:217) 
> ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > 2016-04-01_07:21:22.17284   at 
> org.graylog.plugins.map.geoip.GeoIpResolverEngine.extractGeoLocationInformation(GeoIpResolverEngine.java:100)
>  
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > 2016-04-01_07:21:22.17429   at 
> org.graylog.plugins.map.geoip.GeoIpResolverEngine.filter(GeoIpResolverEngine.java:74)
>  
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > 2016-04-01_07:21:22.17572   at 
> org.graylog.plugins.map.geoip.processor.GeoIpProcessor.process(GeoIpProcessor.java:79)
>  
> [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 
> > 2016-04-01_07:21:22.17587   at 
> org.graylog2.buffers.processors.ServerProcessBufferProcessor.handleMessage(ServerProcessBufferProcessor.java:56)
>  
> [graylog.jar:?] 
> > 2016-04-01_07:21:22.17656   at 
> org.graylog2.shared.buffers.processors.ProcessBufferProcessor.dispatchMessage(ProcessBufferProcessor.java:82)
>  
> [graylog.jar:?] 
> > 2016-04-01_07:21:22.18244   at 
> org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:61)
>  
> [graylog.jar:?] 
> > 2016-04-01_07:21:22.18651   at 
> org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35)
>  
> [graylog.jar:?] 
> > 2016-04-01_07:21:22.18660   at 
> com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:139) 
> [graylog.jar:?] 
> > 2016-04-01_07:21:22.18663   at 
> com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66)
>  
> [graylog.jar:?] 
> > 2016-04-01_07:21:22.1866

[graylog2] Re: graylog 2.0 GA - issues with nginx and reverse proxy - Error: Request has been terminated

[graylog2] Re: Load Balancer health check with Big-IP F5

[graylog2] Re: Load Balancer health check with Big-IP F5

Re: [graylog2] Geo-Location Processor only resolves msg source address ?

Re: [graylog2] Geo-Location Processor only resolves msg source address ?

Re: [graylog2] Geo-Location Processor only resolves msg source address ?

6 matches

Site Navigation

Mail list logo

Footer information