[graylog2] does sidecar support other beats or only logbeat and filebeat?

2016-12-30 Thread Mike Daoust 
Id really like to use some of the other beats with graylog, is this a 
supported function and are there any guides out there you have run across 
to get them setup?

Thanks

Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/0ed2eb6d-2330-4cdd-a714-894aeae31330%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog Chef Recipe Question

2016-05-25 Thread Mike Daoust 
I see now,
>
>
I downloaded the tarball for the config file and its comments.  Is there a 
reason we are tagging the node id into this name?
Looks like overriding that with the elasticsearch_config_file = /blah/ will 
be the way to go for me.

Im interested in discussing why this is.  It makes naming messy and I now 
have an extra config to setup and test out before upgrading from 1x to 2x.

Thanks

Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5f5bec50-2262-4f83-be61-0c7b4aaab8cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog Chef Recipe Question

2016-05-25 Thread Mike Daoust 
Were moving the 2x graylog/ES and during my tests, using the latest graylog 
cookbook in the chef supermarket the ES client installed with graylog 
server is getting named and I cannot figure out where this is coming from.  
I am able to override the name using the 
/etc/graylog/server/graylog-elasticsearch.yml however I didn't need to do 
this in the past and used elasticsearch_node_name = nodename in the 
server.conf file.  is the graylog-elasticsearch.yml required now?





-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f10b6e31-40f5-467a-b2ea-cfd5c24579e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Unexpected Index rotation

2016-04-28 Thread Mike Daoust 
Does Graylog have a recommended way of handling clusters with multiple 
graylog-server nodes and master elections?
I lost a pretty large chunk of data yesterday due to multiple masters 
creating multiple indexes per day and causing indexes to roll off.  Luckily 
this was not customer data so other than egg on my face it wasn't a big 
deal but I could see where this could accidentally cause some big problems.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/03c12de0-1dd6-4390-a254-b96dca2d7c1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Unexpected Index rotation

2016-04-27 Thread Mike Daoust 
as of now Im thinking it was due to multiple graylog-server masters in the 
cluster.  I ran a config update with chef and all 3 graylog nodes ended up 
as masters.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/cb9b2d07-ae61-4bff-90c9-529db044a72e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Unexpected Index rotation

2016-04-27 Thread Mike Daoust 
Im at a loss here,

My index rotation is set to time, 1d and max of 90 indices currently.
Im getting multiple indexes per day of varying size and document counts. 
 Has anyone else ever run into this?  I could use some pointers on what Im 
looking for as the cause.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8f0b86ad-b150-47ec-8275-ffde92824da2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: graylog 1.2.2 ldap not saving settings

2016-03-19 Thread Mike Daoust 
I dont know for sure if this will help, but what I would look at is that 
all 3 nodes server.conf have the same hashed password as the web.conf

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/38728698-ed53-42af-aa7e-98e7d51ea93d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-03-10 Thread Mike Daoust 


FastNode SlowNode configuration, aging an index based off of time using 3 
nodes

 

1.   Edit elasticsearch.yml:  

Node1 - node.box_type: Fastnode

Node2 - node.box_type: Fastnode

Node3 - node.box_type: Slownode

 

2.   Configure Template so new indexes are created on FastNodes

curl -XPUT localhost:9200/_template/template_1 -d '

{

  "template": "Index_Name_Here_*",

  "settings": {

   "index.routing.allocation.require.box_type": "FastNode"

  }

}

'

 

All of your data should be going to the designated FastNodes. Now we figure 
out how to age the data.  The command below contains everything you need to 
age the data. 


curl –XGET 
'http://loggingesms01.apps.appriver.corp:9200/graylog2_40/_settings' 


Essentially what you need to do is: 

get a list of indexes 

loop over the index list looking at the creation date and box_type.  

If the box_type matches FastNode and index created date is X days older 
than the current timestamp.

Execute these actions

 

#unwrite protect index

curl -XPOST loggingesms01.apps.appriver.corp:9200/graylog2_40/_settings -d 
' {"index.blocks.write" : "false"}'


#drop replicas (up to you, if you have 1 slow node keeping replicas doesn’t 
make sence)

curl -XPUT loggingesms01.apps.appriver.corp:9200/graylog2_40/_settings -d ' 
{"index.routing.allocation.require.box_type" : "SlowNode"} '

 

# Move index to SlowNode

curl -XPUT loggingesms01.apps.appriver.corp:9200/graylog2_40/_settings -d ' 
{"index.number_of_replicas" : "0"} '




I ended up using powershell due to familiarity and lack of time to figure 
out how to work with json in bash.  It ended up being a good choice for us 
as we are moving towards using an enterprise task scheduling software which 
powershell will work perfectly with.  


I attached the ps1 so you can see how exactly I handled things.



I would also like to say that this may not be the "best way" however it 
works and seems solid.

 

 

 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d0bfda31-9b96-4106-9713-65bd43ef9d8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


hotcold.ps1
Description: Binary data

[graylog2] Re: Aging older data to slow nodes

2016-03-09 Thread Mike Daoust 
Im duplicating In production now, once its running there Ill respond with 
how I accomplished everything.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1a640768-4be6-491d-8381-f20c2372f4b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: graylog 1.2.2 ldap not saving settings

2016-03-08 Thread Mike Daoust 

>
> So We got this figured out or at least got it working.
>

The group mapping (optional) section in the LDAP settings area is not 
optional for an AD setup at least
  
Previous versions of graylog required you to be specific in your search 
base for what users you wanted to be able to log in.  eg. 
 CN=Graylog_Group,OU=GrayLog,OU=Development,OU=mycompany,DC=mycompany,DC=corp

In version 1.2.2 and later what works for us is:
search base dn: OU=Development,OU=mycompany,DC=mycompany,DC=corp

group search base dn: OU=Development,OU=mycompany,DC=mycompany,DC=corp
pattern: (objectClass=group)
attribute: cn

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/00d65880-cfc9-43ef-b675-fa181eaaf50b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-03-08 Thread Mike Daoust 
Ive got this all figured out.  Is anyone interested in how to make a 
configuration like this work?  Im a windows guy so I scripted out the 
moving indexes portion using powershell however someone who can parse json 
in bash could replicate the same things fairly easy.

Anyways Im happy to help

Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/23f4175e-1f11-4e48-a30c-8f0bc85a6fde%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: graylog 1.2.2 ldap not saving settings

2016-03-08 Thread Mike Daoust 
It seems that graylog recorded multiple ldap entries in mongodb.  Removing 
all of the ldap configs and setting up a fresh one has resolved the issue 
of the UI not appearing to be saving anything.

I still have the issue where I cant log in using my AD creds even though 
both tests in the ldap section pass.


On Saturday, March 5, 2016 at 9:31:51 AM UTC-6, Mike Daoust wrote:
>
> I tried to configure LDAP in the LDAP section if graylogs web interface.  
> After inputting my settings, both tests in the setting section pass.  When 
> I hit save settings the interface says settings saved.  When I go back into 
> the settings they are blank.
>
> On Mar 5, 2016 9:09 AM, "Jochen Schalanda"  wrote:
> >
> > Hi Mike,
> >
> > it would tremendously help if you tried to write complete sentences and 
> a clear problem description.
> >
> > LDAP settings are stored in MongoDB. How exactly did you try to create 
> the LDAP settings and which error messages did you encounter while doing 
> that?
> >
> > Cheers,
> > Jochen
> >
> >
> > On Saturday, 5 March 2016 07:17:20 UTC+1, Mike Daoust wrote:
> >>
> >> 
> graylog-web/application.2016-03-04.log:org.graylog2.restclient.lib.APIException:
>  
> API call failed GET 
> http://@loggingglsrv02.apps.appriver.corp:12900/system/ldap/settings 
> returned 404 Not Found body: {"type":"ApiError","message":"HTTP 404 
>  Not Found"}
> >>
> >>
> >>
> >>
> >> On Friday, March 4, 2016 at 11:58:02 PM UTC-6, Mike Daoust wrote:
> >>>
> >>> where do the ldap settings get saved?
> >>>
> >>> On Friday, March 4, 2016 at 6:02:05 PM UTC-6, Mike Daoust wrote:
> >>>>
> >>>> graylog 1.2.2 ldap not saving settings, any ideas?
> >
> > -- 
> > You received this message because you are subscribed to a topic in the 
> Google Groups "Graylog Users" group.
> > To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/graylog2/xzs_pOIC_hY/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to 
> graylog2+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/bb9ee00d-c68d-4461-b1b9-4f148c2d059b%40googlegroups.com
> .
> >
> > For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/016eb853-f19c-41ec-8b44-3a06a682be2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: graylog 1.2.2 ldap not saving settings

2016-03-05 Thread Mike Daoust 
I tried to configure LDAP in the LDAP section if graylogs web interface.
After inputting my settings, both tests in the setting section pass.  When
I hit save settings the interface says settings saved.  When I go back into
the settings they are blank.

On Mar 5, 2016 9:09 AM, "Jochen Schalanda"  wrote:
>
> Hi Mike,
>
> it would tremendously help if you tried to write complete sentences and a
clear problem description.
>
> LDAP settings are stored in MongoDB. How exactly did you try to create
the LDAP settings and which error messages did you encounter while doing
that?
>
> Cheers,
> Jochen
>
>
> On Saturday, 5 March 2016 07:17:20 UTC+1, Mike Daoust wrote:
>>
>>
graylog-web/application.2016-03-04.log:org.graylog2.restclient.lib.APIException:
API call failed GET
http://@loggingglsrv02.apps.appriver.corp:12900/system/ldap/settings
returned 404 Not Found body: {"type":"ApiError","message":"HTTP 404
 Not Found"}
>>
>>
>>
>>
>> On Friday, March 4, 2016 at 11:58:02 PM UTC-6, Mike Daoust wrote:
>>>
>>> where do the ldap settings get saved?
>>>
>>> On Friday, March 4, 2016 at 6:02:05 PM UTC-6, Mike Daoust wrote:
>>>>
>>>> graylog 1.2.2 ldap not saving settings, any ideas?
>
> --
> You received this message because you are subscribed to a topic in the
Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit
https://groups.google.com/d/topic/graylog2/xzs_pOIC_hY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/bb9ee00d-c68d-4461-b1b9-4f148c2d059b%40googlegroups.com
.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGVsF6YvkihCvDdMjEZRQSfnNrK45TMhFoyd9LccDNyC1D9b3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: graylog 1.2.2 ldap not saving settings

2016-03-04 Thread Mike Daoust 
graylog-web/application.2016-03-04.log:org.graylog2.restclient.lib.APIException:
 
API call failed GET 
http://@loggingglsrv02.apps.appriver.corp:12900/system/ldap/settings 
returned 404 Not Found body: {"type":"ApiError","message":"HTTP 404 
 Not Found"}




On Friday, March 4, 2016 at 11:58:02 PM UTC-6, Mike Daoust wrote:
>
> where do the ldap settings get saved?
>
> On Friday, March 4, 2016 at 6:02:05 PM UTC-6, Mike Daoust wrote:
>>
>> graylog 1.2.2 ldap not saving settings, any ideas?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/882a2544-2a36-4b9b-8ab0-f221b8e5c85f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: graylog 1.2.2 ldap not saving settings

2016-03-04 Thread Mike Daoust 
where do the ldap settings get saved?

On Friday, March 4, 2016 at 6:02:05 PM UTC-6, Mike Daoust wrote:
>
> graylog 1.2.2 ldap not saving settings, any ideas?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/18aa8393-e562-4f07-8f03-91d045af9be3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] graylog 1.2.2 ldap not saving settings

2016-03-04 Thread Mike Daoust 
graylog 1.2.2 ldap not saving settings, any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/ea8b3a0b-8f08-4a08-9031-a25d9910cad4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-03-01 Thread Mike Daoust 

which of the multiple time/date stamps does curator use when determining 
how old an index is?  Doesnt seems to be documented in an easy to find 
place.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/370ea2f2-2d17-41b1-bf10-84bc8de61185%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-02-29 Thread Mike Daoust 
not having any luck so far getting this to work

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a7c8ca37-a7b4-49fa-90d8-3b42ab002ec4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-02-22 Thread Mike Daoust 
prepend was the wrong word, sorry.  I think what I meant is clear though.

graylog2_date/time

On Monday, February 22, 2016 at 4:03:51 PM UTC-6, Mike Daoust wrote:
>
> Is there a way to have the graylog index prepend the date/time instead of 
> just iterating over numbers?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/1153b189-0461-46b8-9e04-709a7c408be5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-02-22 Thread Mike Daoust 
Is there a way to have the graylog index prepend the date/time instead of 
just iterating over numbers?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/943bd9c6-1c7a-4dd9-b835-b00f5e5e32d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Aging older data to slow nodes

2016-02-22 Thread Mike Daoust 
Jochen,
It would be fantastic if that were added in.

If anyone else is interested in this type of setup I would be willing to 
share my experiences.

thanks

Mike

On Friday, February 19, 2016 at 4:19:24 AM UTC-6, Jochen Schalanda wrote:
>
> Hi Mike,
>
> you could build something like this using a Hot/Warm architecture in 
> Elasticsearch, see https://www.elastic.co/blog/hot-warm-architecture for 
> an example.
>
> We might also add this directly into Graylog in a future release.
>
>
> Cheers,
> Jochen
>
> On Thursday, 18 February 2016 21:31:31 UTC+1, Mike Daoust wrote:
>>
>> I wondered if anyone is moving data over X days old to slower nodes in 
>> order to keep the most recent data performing as fast as possible.  Do you 
>> have any advice or articles I could reference?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/110f6fed-ddfe-4a2d-8dd5-9ef2e537d4dd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Aging older data to slow nodes

2016-02-18 Thread Mike Daoust 
I wondered if anyone is moving data over X days old to slower nodes in 
order to keep the most recent data performing as fast as possible.  Do you 
have any advice or articles I could reference?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/f4528938-7fbe-4e4e-9284-61cecd572883%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Elasticsearch 2.0 and Graylog compatibility?

2015-10-29 Thread Mike Daoust 
I wondered if there is more information about this now that 2.0 is out?  Is 
there a timeline when we can expect graylog to use elasticsearch 2.0?

On Wednesday, October 14, 2015 at 1:47:55 PM UTC-5, David Dunstan wrote:
>
>
> Hi folks, Is there any update the Graylog maintainers might be able to 
> share with us regarding Elasticsearch 2.0 and compatibility? Would be great 
> - thanks in advance for any info. Thanks
>
> Dave
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/faddea73-cf84-4787-9c50-fecc451158c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] How many of you are using chef to deploy?

2015-10-19 Thread Mike Daoust 

>
> hah nice.  That was the key.
>

Thank you 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/dc0493dd-21d3-46a9-a6e2-45872b117da3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] How many of you are using chef to deploy?

2015-10-19 Thread Mike Daoust 

>
> well my problem is I cant get the cookbook to work at all.  Im testing on 
> the web portion for simplicity
>
 im getting

* No candidate version available for graylog-web
10.80.1.143 

10.80.1.143 Error executing action `install` on resource 
'apt_package[graylog-web]'
10.80.1.143 

10.80.1.143 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/b213df0a-7178-4ddc-9d87-089c361c856d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] How many of you are using chef to deploy?

2015-10-19 Thread Mike Daoust 
How many of you are using chef to deploy?
Has anyone found other solutions for being able to quickly deploy graylog?

Im having trouble with the available chef recipe, I started writing my own 
and am having some success however I dont want to spend a large amount of 
time reinventing the wheel if I don't need to.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5df3b28b-682c-4fd9-9a07-17557237453d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] elasticsearch version requirements

2015-09-08 Thread Mike Daoust 
Is it documented anywhere which versions of elasticsearch are suggested for 
graylog?

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/16e94ff6-2089-426a-96fb-0ba2e832888a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog-web not logging to /var/logs

2015-08-05 Thread Mike Daoust 
I am using log rotate, Ill have to explore that.

On Tuesday, August 4, 2015 at 3:37:34 AM UTC-5, Jochen Schalanda wrote:
>
> Hi Mike,
>
> I haven't heard of that error scenario until now.
>
> Are you using tools like logrotate to rotate log files in /var/log/? 
> Maybe the log file the Graylog web interface was writing into was rotated 
> (renamed, deleted, …) and now it couldn't keep writing into that file.
>
> Cheers,
> Jochen
>
> On Tuesday, 4 August 2015 00:02:08 UTC+2, Mike Daoust wrote:
>>
>> Has anyone run across this.  2 of my servers graylog-web service stopped 
>> generating error logs at the end of  last month and seemed to stop being 
>> accessible at the same time though the service says its started and running.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5b2d3b7c-0a85-4a69-a9f8-5b851bde86be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog-web not logging to /var/logs

2015-08-03 Thread Mike Daoust 
Has anyone run across this.  2 of my servers graylog-web service stopped 
generating error logs at the end of  last month and seemed to stop being 
accessible at the same time though the service says its started and running.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/07c68493-8c45-49a9-b33c-d1b25fcfee8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Node not taking messages

2015-07-28 Thread Mike Daoust 
I ended up figuring it out.  Total oversight on my side.

On Monday, July 27, 2015 at 1:42:45 PM UTC-5, Mike Daoust wrote:
>
> Im completely drawing a blank here.
>
> Have a 3 GL server nodes.  Only 2 of them are taking messages.  The node 
> not getting any messages is starting just fine and is listed in the 
> web.conf of all web nodes.  Any suggestions?
>
>
>
>
>
> 2015-07-27T13:14:14.160-05:00 INFO  [node] [Internal-Logging03-GL] started
>> 2015-07-27T13:14:14.295-05:00 INFO  [service] [Internal-Logging03-GL] 
>> detected_master 
>> [Internal-Logging01-ES][BzV1fQD9Q6m10QrTFZB44g][Internal-Logging01][inet[/10.242.228.161:9300]],
>>  
>> added 
>> {[Internal-Logging01-ES][BzV1fQD9Q6m10QrTFZB44g][Internal-Logging01][inet[/10.242.228.161:9300]],[Internal-Logging01-GL][zDEBwMlESBuvo43FiPEzlg][Internal-Logging01][inet[/10.242.228.161:9350]]{client=true,
>>  
>> data=false, 
>> master=false},[Internal-Logging03-ES][yPdS241YQ7WIuGaoKCSYww][Internal-Logging03][inet[/10.242.230.162:9300]],[Internal-Logging02-GL][22EmM-TARRCwr2-G8CaPSw][Internal-Logging02][inet[/10.242.228.166:9350]]{client=true,
>>  
>> data=false, 
>> master=false},[Internal-Logging02-ES][PUD74j4qRjCmQvfr6U3zKw][Internal-Logging02][inet[/10.242.228.166:9300]],},
>>  
>> reason: zen-disco-receive(from master 
>> [[Internal-Logging01-ES][BzV1fQD9Q6m10QrTFZB44g][Internal-Logging01][inet[/10.242.228.161:9300]]])
>> 2015-07-27T13:14:18.654-05:00 INFO  [RestApiService] Adding security 
>> context factory: 
>> 
>> 2015-07-27T13:14:18.674-05:00 INFO  [RestApiService] Started REST API at <
>> http://internal-logging03.apps.appriver.corp:12900/>
>> 2015-07-27T13:14:18.676-05:00 INFO  [ServiceManagerListener] Services are 
>> healthy
>> 2015-07-27T13:14:18.678-05:00 INFO  [ServerBootstrap] Services started, 
>> startup times in ms: {InputSetupService [RUNNING]=5, 
>> GroovyShellSetupService [RUNNING]=11, MetricsReporterService [RUNNING]=11, 
>> OutputSetupService [RUNNING]=15, BufferSynchronizerService [RUNNING]=15, 
>> DashboardRegistryService [RUNNING]=16, KafkaJournal [RUNNING]=19, 
>> PeriodicalsService [RUNNING]=28, JournalReader [RUNNING]=35, 
>> IndexerSetupService [RUNNING]=3374, RestApiService [RUNNING]=7716}
>> 2015-07-27T13:14:18.680-05:00 INFO  [InputSetupService] Triggering 
>> launching persisted inputs, node transitioned from Uninitialized?[LB:DEAD] 
>> to Running?[LB:ALIVE]
>> 2015-07-27T13:14:18.687-05:00 INFO  [ServerBootstrap] Graylog server up 
>> and running.
>> 2015-07-27T13:14:18.725-05:00 INFO  [InputStateListener] Input [GELF 
>> UDP/55b643c00cf2b25b612bda04] is now STARTING
>> 2015-07-27T13:14:18.959-05:00 INFO  [InputStateListener] Input [GELF 
>> UDP/55b643c00cf2b25b612bda04] is now RUNNING
>> 2015-07-27T13:14:20.650-05:00 INFO  [AbstractValidatingSessionManager] 
>> Enabling session validation scheduler...
>> 2015-07-27T13:14:20.753-05:00 INFO  [Version] HV01: Hibernate 
>> Validator 5.1.2.Final
>> ^C
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Node not taking messages

2015-07-27 Thread Mike Daoust 
Im completely drawing a blank here.

Have a 3 GL server nodes.  Only 2 of them are taking messages.  The node 
not getting any messages is starting just fine and is listed in the 
web.conf of all web nodes.  Any suggestions?





2015-07-27T13:14:14.160-05:00 INFO  [node] [Internal-Logging03-GL] started
> 2015-07-27T13:14:14.295-05:00 INFO  [service] [Internal-Logging03-GL] 
> detected_master 
> [Internal-Logging01-ES][BzV1fQD9Q6m10QrTFZB44g][Internal-Logging01][inet[/10.242.228.161:9300]],
>  
> added 
> {[Internal-Logging01-ES][BzV1fQD9Q6m10QrTFZB44g][Internal-Logging01][inet[/10.242.228.161:9300]],[Internal-Logging01-GL][zDEBwMlESBuvo43FiPEzlg][Internal-Logging01][inet[/10.242.228.161:9350]]{client=true,
>  
> data=false, 
> master=false},[Internal-Logging03-ES][yPdS241YQ7WIuGaoKCSYww][Internal-Logging03][inet[/10.242.230.162:9300]],[Internal-Logging02-GL][22EmM-TARRCwr2-G8CaPSw][Internal-Logging02][inet[/10.242.228.166:9350]]{client=true,
>  
> data=false, 
> master=false},[Internal-Logging02-ES][PUD74j4qRjCmQvfr6U3zKw][Internal-Logging02][inet[/10.242.228.166:9300]],},
>  
> reason: zen-disco-receive(from master 
> [[Internal-Logging01-ES][BzV1fQD9Q6m10QrTFZB44g][Internal-Logging01][inet[/10.242.228.161:9300]]])
> 2015-07-27T13:14:18.654-05:00 INFO  [RestApiService] Adding security 
> context factory: 
> 
> 2015-07-27T13:14:18.674-05:00 INFO  [RestApiService] Started REST API at 
> 
> 2015-07-27T13:14:18.676-05:00 INFO  [ServiceManagerListener] Services are 
> healthy
> 2015-07-27T13:14:18.678-05:00 INFO  [ServerBootstrap] Services started, 
> startup times in ms: {InputSetupService [RUNNING]=5, 
> GroovyShellSetupService [RUNNING]=11, MetricsReporterService [RUNNING]=11, 
> OutputSetupService [RUNNING]=15, BufferSynchronizerService [RUNNING]=15, 
> DashboardRegistryService [RUNNING]=16, KafkaJournal [RUNNING]=19, 
> PeriodicalsService [RUNNING]=28, JournalReader [RUNNING]=35, 
> IndexerSetupService [RUNNING]=3374, RestApiService [RUNNING]=7716}
> 2015-07-27T13:14:18.680-05:00 INFO  [InputSetupService] Triggering 
> launching persisted inputs, node transitioned from Uninitialized?[LB:DEAD] 
> to Running?[LB:ALIVE]
> 2015-07-27T13:14:18.687-05:00 INFO  [ServerBootstrap] Graylog server up 
> and running.
> 2015-07-27T13:14:18.725-05:00 INFO  [InputStateListener] Input [GELF 
> UDP/55b643c00cf2b25b612bda04] is now STARTING
> 2015-07-27T13:14:18.959-05:00 INFO  [InputStateListener] Input [GELF 
> UDP/55b643c00cf2b25b612bda04] is now RUNNING
> 2015-07-27T13:14:20.650-05:00 INFO  [AbstractValidatingSessionManager] 
> Enabling session validation scheduler...
> 2015-07-27T13:14:20.753-05:00 INFO  [Version] HV01: Hibernate 
> Validator 5.1.2.Final
> ^C


-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: 1 ES Cluster with multiple indexes

2015-04-21 Thread Mike Daoust 
In my test an elastic node/cluster can have 2 or more separate graylog 
instances write to their own separate indexes and have each instance of 
graylog only be able to view only its own index

On Monday, April 20, 2015 at 2:03:36 PM UTC-5, Mike Daoust wrote:
>
> Is it possible to have 2 or more completely separate graylog servers 
> logging to their own respective index and not be able to see each others 
> indexes when doing searches?
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: 1 ES Cluster with multiple indexes

2015-04-21 Thread Mike Daoust 
Cool,

Ill setup a test and report back what I find.

Thanks

On Monday, April 20, 2015 at 2:03:36 PM UTC-5, Mike Daoust wrote:
>
> Is it possible to have 2 or more completely separate graylog servers 
> logging to their own respective index and not be able to see each others 
> indexes when doing searches?
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] 1 ES Cluster with multiple indexes

2015-04-20 Thread Mike Daoust 
Is it possible to have 2 or more completely separate graylog servers 
logging to their own respective index and not be able to see each others 
indexes when doing searches?

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Multiple 1 ES cluster with multiple indexes

2015-04-20 Thread Mike Daoust 
Is it possible to have 2 or more completely separate graylog servers 
logging to their own respective index and not be able to see each others 
indexes when doing searches?

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: 50k + messages per second

2015-04-15 Thread Mike Daoust 
Thank you, That is very useful information to have.

On Tuesday, April 14, 2015 at 4:26:23 PM UTC-5, Mike Daoust wrote:
>
> Hey folks
>
> I have a new project that Im looking for some insight on.
> we are testing out logging some high volume data that is between 65 and 
> 100k per second.
>
> What would you all think would be an optimal config?  With higher loads do 
> you find that having everything separate vs full stack offers better 
> performance?
>
>
> Thanks
>
> Mike
>
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] 50k + messages per second

2015-04-14 Thread Mike Daoust 
Hey folks

I have a new project that Im looking for some insight on.
we are testing out logging some high volume data that is between 65 and 
100k per second.

What would you all think would be an optimal config?  With higher loads do 
you find that having everything separate vs full stack offers better 
performance?


Thanks

Mike






-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog-web not logging to rsyslog\Graylog-Web Interface stopped working

2015-03-24 Thread Mike Daoust 
Solved problem with a apt-get puge and reinstall.  Not ideal.  Ive had a 
fair number of little issues like this where the system hasnt been touched 
but stops working correctly.





On Tuesday, March 24, 2015 at 8:31:03 AM UTC-5, Mike Daoust wrote:
>
>
> I got a chance to look more this morning, when I start 
> graylog-web-interface in user/share/graylog-web/bin it failed stating the 
> graylog-web-interface.conf was missing.
> When I copied the web.conf to graylog-web.interface.conf it started 
> working however the normal upstart job still does not.  I dont understand 
> whats going on just yet.
>
>
> On Monday, March 23, 2015 at 5:03:48 PM UTC-5, Mike Daoust wrote:
>>
>> Using graylog 1.0.1,  systems been running fine since the update from .9x 
>> a few weeks ago.  The web interface stopped responding today.  The service 
>> wont start and nothing is being logged to 
>> /var/log/graylog-web/application.log
>> sys log is full of terminated with status 255
>>
>> Any thoughts?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog-web not logging to rsyslog\Graylog-Web Interface stopped working

2015-03-24 Thread Mike Daoust 

I got a chance to look more this morning, when I start 
graylog-web-interface in user/share/graylog-web/bin it failed stating the 
graylog-web-interface.conf was missing.
When I copied the web.conf to graylog-web.interface.conf it started working 
however the normal upstart job still does not.  I dont understand whats 
going on just yet.


On Monday, March 23, 2015 at 5:03:48 PM UTC-5, Mike Daoust wrote:
>
> Using graylog 1.0.1,  systems been running fine since the update from .9x 
> a few weeks ago.  The web interface stopped responding today.  The service 
> wont start and nothing is being logged to 
> /var/log/graylog-web/application.log
> sys log is full of terminated with status 255
>
> Any thoughts?
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Graylog-web not logging to rsyslog

2015-03-23 Thread Mike Daoust 
Using graylog 1.0.1,  systems been running fine since the update from .9x a 
few weeks ago.  The web interface stopped responding today.  The service 
wont start and nothing is being logged to 
/var/log/graylog-web/application.log
sys log is full of terminated with status 255

Any thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] You caused a org.graylog2.restclient.lib.APIException. API call failed GET after upgrade to 1.0.0

2015-03-03 Thread Mike Daoust 
After upgrading my graylog cluster from .92 to 1.0.0 clustered setup the 
system tab is no longer accessible.
The test upgrade I did went flawlessly so not sure what the deal is.


*You caused a org.graylog2.restclient.lib.APIException. API call failed 
GET **Reason:* Could not fetch system information. We expected HTTP 200, 
but got a HTTP -1.


   - org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder#execute (
   *ApiClientImpl.java:498*)
   - org.graylog2.restclient.models.ClusterService#getNumberOfSystemMessages 
   (*ClusterService.java:128*)
   - controllers.SystemController#index (*SystemController.java:65*)
   - Routes$$anonfun$routes$1$$anonfun$applyOrElse$43$$anonfun$apply$491#apply 
   (*routes_routing.scala:1669*)
   - Routes$$anonfun$routes$1$$anonfun$applyOrElse$43$$anonfun$apply$491#apply 
   (*routes_routing.scala:1669*)
   - play.core.Router$HandlerInvokerFactory$$anon$4#resultCall (
   *Router.scala:264*)
   - 
play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1#invocation
 
   (*Router.scala:255*)
   - play.core.j.JavaAction$$anon$1#call (*JavaAction.scala:55*)
   - play.GlobalSettings$1#call (*GlobalSettings.java:67*)
   - play.mvc.Security$AuthenticatedAction#call (*Security.java:44*)
   - play.core.j.JavaAction$$anonfun$11#apply (*JavaAction.scala:82*)
   - play.core.j.JavaAction$$anonfun$11#apply (*JavaAction.scala:82*)
   - scala.concurrent.impl.Future$PromiseCompletingRunnable#liftedTree1$1 (
   *Future.scala:24*)
   - scala.concurrent.impl.Future$PromiseCompletingRunnable#run (
   *Future.scala:24*)
   - play.core.j.HttpExecutionContext$$anon$2#run (
   *HttpExecutionContext.scala:40*)
   - play.api.libs.iteratee.Execution$trampoline$#execute (
   *Execution.scala:46*)
   - play.core.j.HttpExecutionContext#execute (
   *HttpExecutionContext.scala:32*)
   - scala.concurrent.impl.Future$#apply (*Future.scala:31*)
   - scala.concurrent.Future$#apply (*Future.scala:485*)
   - play.core.j.JavaAction$class#apply (*JavaAction.scala:82*)
   - 
play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1#apply
 
   (*Router.scala:252*)
   - 
play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5#apply 
   (*Action.scala:130*)
   - 
play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5#apply 
   (*Action.scala:130*)
   - play.utils.Threads$#withContextClassLoader (*Threads.scala:21*)
   - play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4#apply (
   *Action.scala:129*)
   - play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4#apply (
   *Action.scala:128*)
   - scala.Option#map (*Option.scala:145*)
   - play.api.mvc.Action$$anonfun$apply$1#apply (*Action.scala:128*)
   - play.api.mvc.Action$$anonfun$apply$1#apply (*Action.scala:121*)
   - play.api.libs.iteratee.Iteratee$$anonfun$mapM$1#apply (
   *Iteratee.scala:483*)
   - play.api.libs.iteratee.Iteratee$$anonfun$mapM$1#apply (
   *Iteratee.scala:483*)
   - play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1#apply (
   *Iteratee.scala:519*)
   - play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1#apply (
   *Iteratee.scala:519*)
   - play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14#apply 
   (*Iteratee.scala:496*)
   - play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14#apply 
   (*Iteratee.scala:496*)
   - scala.concurrent.impl.Future$PromiseCompletingRunnable#liftedTree1$1 (
   *Future.scala:24*)
   - scala.concurrent.impl.Future$PromiseCompletingRunnable#run (
   *Future.scala:24*)
   - akka.dispatch.TaskInvocation#run (*AbstractDispatcher.scala:41*)
   - akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask#exec (
   *AbstractDispatcher.scala:393*)
   - scala.concurrent.forkjoin.ForkJoinTask#doExec (*ForkJoinTask.java:260*)
   - scala.concurrent.forkjoin.ForkJoinPool$WorkQueue#runTask (
   *ForkJoinPool.java:1339*)
   - scala.concurrent.forkjoin.ForkJoinPool#runWorker (
   *ForkJoinPool.java:1979*)
   - scala.concurrent.forkjoin.ForkJoinWorkerThread#run (
   *ForkJoinWorkerThread.java:107*)

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: Graylog2 HA

2015-02-24 Thread Mike Daoust 
I know this is an old post but I am interested in this behavior as well. 
 Its problematic to explain that your HA cluster is mostly still working.


On Wednesday, June 18, 2014 at 7:22:55 AM UTC-5, corneli...@gmail.com wrote:
>
> Hello,
>
> I thought, I could setup an HA-Graylog2-Cluster. But there has to be only 
> a single master node, otherwise, I get this message:
>
>  Multiple graylog2-server masters in the cluster a few seconds ago
> There were multiple graylog2-server instances configured as master in your 
> Graylog2 cluster. The cluster handles this automatically by launching new 
> nodes as slaves if there already is a master but you should still fix this. 
> Check the graylog2.conf of every node and make sure that only one instance 
> has is_master set to true. Close this notification if you think you 
> resolved the problem. It will pop back up if you start a second master node 
> again.
>
> If I ignore this message, things seem to work - but if the master node 
> dies, you can't login to web-interface anymore :-(
>
> Is there a way to have "real" High-Availability?
>
> regards
>
> Cornelius
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP\AD - having issues

2014-12-29 Thread Mike Daoust 

Looks like the users previously were being  added as 
u...@domain.com@localhost.com.  I deleted those accounts manually in the 
mongodb and updated the Search base to 
(&(objectClass=user)(sAMAccountName={0})) and it seems to be adding the 
users correctly however the ldap synced users cannot log in.

I updated the search base to (&(objectClass=user)(UserPrincipalName={0}))
Seems to be working fine now.

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Re: LDAP\AD - having issues

2014-12-29 Thread Mike Daoust 
I updated the search base to (&(objectClass=user)(sAMAccountName={0})) with 
no success.  There seems to be something else going on as well though that 
Ill have to figure out.
The users I populated manually have disappeared.  It recognizes them as 
existing as I cannot re-add them however they are not visible.

On Thursday, December 18, 2014 4:45:13 PM UTC-6, Mike Daoust wrote:
>
> I am having issues getting ldap to work
> I did a tcpdump on ldap traffic, I can see the connection working but no 
> user ever gets added.
> Im filtering the pcap for our DC responses by ip source and ldap 
> bindresponce and it looks to me like a completely different uses is getting 
> picked out of AD then failing.
>
>
> Im not sure what else to do
>
> I am using the latest graylog and connecting to a windows DC
> search base OU=Users,OU=Development,OU=domain,DC=domain,DC=corp
> user search pattern  (objectClass=user)
> display name attrib   displayName
>

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] LDAP\AD - having issues

2014-12-20 Thread Mike Daoust 
I am having issues getting ldap to work
I did a tcpdump on ldap traffic, I can see the connection working but no 
user ever gets added.
Im filtering the pcap for our DC responses by ip source and ldap 
bindresponce and it looks to me like a completely different uses is getting 
picked out of AD then failing.


Im not sure what else to do

I am using the latest graylog and connecting to a windows DC
search base OU=Users,OU=Development,OU=domain,DC=domain,DC=corp
user search pattern  (objectClass=user)
display name attrib   displayName

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.