subject:"Re\: \[graylog2\] Re\: Logstash to graylog using TLS"

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-18 Thread Richard S. Westmoreland

So you have Raw TCP input on that same port?  Can you see the port listening, 
and can you telnet to it from the logstash host?

> On Jan 18, 2017, at 6:03 PM, Benbrahim Anass  wrote:
> 
> I tried the minimal config:
>  tcp {
> host => "172.16.52.25"
> port => 5445
> }
> 
> with the raw text input as you said, i recieve nothing in graylog, but i see 
> that logstash is forwarding everything 
> cheers
> Anas
> Le mercredi 18 janvier 2017 09:35:01 UTC+1, Richard S. Westmoreland a écrit :
>> 
>> Raw TCP Input
>> 
>> On Jan 18, 2017, at 4:28 PM, Benbrahim Anass  wrote:
>> 
>>> i already parse everything using json, if like you said i use TCP output, 
>>> what input in graylog should i use?
>>> 
>>> cheers 
>>> Anas
>>> 
>>> Le mardi 17 janvier 2017 12:01:17 UTC+1, Richard S. Westmoreland a écrit :
 
 Ah sorry, TCP.  If he sets it to JSON then an extractor should parse that 
 back out easily.
 
 https://www.elastic.co/guide/en/logstash/current/plugins-outputs-tcp.html
 
 
> On Jan 17, 2017, at 7:54 PM, Jochen Schalanda  wrote:
> 
> Hi Richard,
> 
>> On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland 
>> wrote:
>> If you're just trying to connect Logstash and Graylog over TLS, I think 
>> getting AMQP would be overkill.  You should start with getting the TLS 
>> cert ready, then enable a GELF TCP Input with TLS, then configure 
>> Logstash to send to that.
> 
> Logstash currently doesn't support GELF TCP.
> 
> Cheers,
> Jochen 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+u...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/158fdceb-e02c-46f1-9d38-33e3f67ae4d4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to graylog2+u...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/graylog2/39f3c880-b027-4571-936d-854f4b0b3ea8%40googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/193be34b-1038-4d11-85c1-c4f2138e8856%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/B1331828-A80B-485C-8B2F-A8751068B7F4%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-18 Thread Benbrahim Anass

I tried the minimal config:
 tcp {
host => "172.16.52.25"
port => 5445
}

with the raw text input as you said, i recieve nothing in graylog, but i 
see that logstash is forwarding everything 
cheers
Anas
Le mercredi 18 janvier 2017 09:35:01 UTC+1, Richard S. Westmoreland a 
écrit :
>
> Raw TCP Input
>
> On Jan 18, 2017, at 4:28 PM, Benbrahim Anass  > wrote:
>
> i already parse everything using json, if like you said i use TCP output, 
> what input in graylog should i use?
>
> cheers 
> Anas
>
> Le mardi 17 janvier 2017 12:01:17 UTC+1, Richard S. Westmoreland a écrit :
>>
>> Ah sorry, TCP.  If he sets it to JSON then an extractor should parse that 
>> back out easily.
>>
>> https://www.elastic.co/guide/en/logstash/current/plugins-outputs-tcp.html
>>
>>
>> On Jan 17, 2017, at 7:54 PM, Jochen Schalanda  wrote:
>>
>> Hi Richard,
>>
>> On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland wrote:
>>>
>>> If you're just trying to connect Logstash and Graylog over TLS, I think 
>>> getting AMQP would be overkill.  You should start with getting the TLS cert 
>>> ready, then enable a GELF TCP Input with TLS, then configure Logstash to 
>>> send to that.
>>>
>>
>> Logstash currently doesn't support GELF TCP.
>>
>> Cheers,
>> Jochen 
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/158fdceb-e02c-46f1-9d38-33e3f67ae4d4%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+u...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/39f3c880-b027-4571-936d-854f4b0b3ea8%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/193be34b-1038-4d11-85c1-c4f2138e8856%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-18 Thread Richard S. Westmoreland

Raw TCP Input

> On Jan 18, 2017, at 4:28 PM, Benbrahim Anass  wrote:
> 
> i already parse everything using json, if like you said i use TCP output, 
> what input in graylog should i use?
> 
> cheers 
> Anas
> 
> Le mardi 17 janvier 2017 12:01:17 UTC+1, Richard S. Westmoreland a écrit :
>> 
>> Ah sorry, TCP.  If he sets it to JSON then an extractor should parse that 
>> back out easily.
>> 
>> https://www.elastic.co/guide/en/logstash/current/plugins-outputs-tcp.html
>> 
>> 
>>> On Jan 17, 2017, at 7:54 PM, Jochen Schalanda  wrote:
>>> 
>>> Hi Richard,
>>> 
 On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland wrote:
 If you're just trying to connect Logstash and Graylog over TLS, I think 
 getting AMQP would be overkill.  You should start with getting the TLS 
 cert ready, then enable a GELF TCP Input with TLS, then configure Logstash 
 to send to that.
>>> 
>>> Logstash currently doesn't support GELF TCP.
>>> 
>>> Cheers,
>>> Jochen 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to graylog2+u...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/graylog2/158fdceb-e02c-46f1-9d38-33e3f67ae4d4%40googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/39f3c880-b027-4571-936d-854f4b0b3ea8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/D3BD3F17-3491-40C9-B4B1-CD55A6215EB6%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-17 Thread Benbrahim Anass

i already parse everything using json, if like you said i use TCP output, 
what input in graylog should i use?

cheers 
Anas

Le mardi 17 janvier 2017 12:01:17 UTC+1, Richard S. Westmoreland a écrit :
>
> Ah sorry, TCP.  If he sets it to JSON then an extractor should parse that 
> back out easily.
>
> https://www.elastic.co/guide/en/logstash/current/plugins-outputs-tcp.html
>
>
> On Jan 17, 2017, at 7:54 PM, Jochen Schalanda  > wrote:
>
> Hi Richard,
>
> On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland wrote:
>>
>> If you're just trying to connect Logstash and Graylog over TLS, I think 
>> getting AMQP would be overkill.  You should start with getting the TLS cert 
>> ready, then enable a GELF TCP Input with TLS, then configure Logstash to 
>> send to that.
>>
>
> Logstash currently doesn't support GELF TCP.
>
> Cheers,
> Jochen 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+u...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/158fdceb-e02c-46f1-9d38-33e3f67ae4d4%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/39f3c880-b027-4571-936d-854f4b0b3ea8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-17 Thread Richard S. Westmoreland

Ah sorry, TCP.  If he sets it to JSON then an extractor should parse that back 
out easily.

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-tcp.html


> On Jan 17, 2017, at 7:54 PM, Jochen Schalanda  wrote:
> 
> Hi Richard,
> 
>> On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland wrote:
>> If you're just trying to connect Logstash and Graylog over TLS, I think 
>> getting AMQP would be overkill.  You should start with getting the TLS cert 
>> ready, then enable a GELF TCP Input with TLS, then configure Logstash to 
>> send to that.
> 
> Logstash currently doesn't support GELF TCP.
> 
> Cheers,
> Jochen 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/158fdceb-e02c-46f1-9d38-33e3f67ae4d4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/D5D0C1A1-2158-444E-A4EB-289DE458F6C4%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-17 Thread Jochen Schalanda

Hi Richard,

On Tuesday, 17 January 2017 11:51:40 UTC+1, Richard S. Westmoreland wrote:
>
> If you're just trying to connect Logstash and Graylog over TLS, I think 
> getting AMQP would be overkill.  You should start with getting the TLS cert 
> ready, then enable a GELF TCP Input with TLS, then configure Logstash to 
> send to that.
>

Logstash currently doesn't support GELF TCP.

Cheers,
Jochen 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/158fdceb-e02c-46f1-9d38-33e3f67ae4d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

2017-01-17 Thread Richard S. Westmoreland

If you're just trying to connect Logstash and Graylog over TLS, I think getting 
AMQP would be overkill.  You should start with getting the TLS cert ready, then 
enable a GELF TCP Input with TLS, then configure Logstash to send to that.


> On Jan 17, 2017, at 7:12 PM, Benbrahim Anass  wrote:
> 
> Thanks man, it seems that rabbitMQ broker needs to be installed somewhere 
> first and from there graylog extract recieved messages if i got this right 
> using the broker URL
> please correct me if i'm wrong
> 
> about kafka, i didnt find a way to use TLS with it
> 
> 
> cheers
> anas
> 
> Le mardi 17 janvier 2017 10:54:05 UTC+1, Jochen Schalanda a écrit :
>> 
>> Hi,
>> 
>> in case you want to use AMQP (RabbitMQ), I'd recommend reading up on the 
>> terminology and details first:
>> https://www.rabbitmq.com/getstarted.html
>> https://www.rabbitmq.com/admin-guide.html
>> https://www.rabbitmq.com/how.html
>> There are other ways to send messages from Logstash to Graylog, such as 
>> Apache Kafka or using TLS to send JSON to Graylog and extract it there with 
>> a JSON extractor.
>> 
>> Cheers,
>> Jochen
>> 
>>> On Tuesday, 17 January 2017 10:42:28 UTC+1, Benbrahim Anass wrote:
>>> for exemple broker hosname, when i put localhost : connexion denied , i 
>>> dont know what to put there.
>>> routing key : no idea what is that
>>> 
>>> cheers
>>> Anas
>>> 
>>> Le mardi 17 janvier 2017 10:05:03 UTC+1, Jochen Schalanda a écrit :
 
 Hi,
 
 On Tuesday, 17 January 2017 09:35:02 UTC+1, Benbrahim Anass wrote:
> 
> i tried gelf AMQP but i  had difficulties configuring it
 
 What exactly didn't work for you?
 
 Cheers,
 Jochen 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/f929f4b8-95b6-408c-8f96-626b5e7f15d7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/A75AD82C-D40E-4746-92EF-7C1F7BA4F1B5%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Logstash to graylog using TLS

Re: [graylog2] Re: Logstash to graylog using TLS

Re: [graylog2] Re: Logstash to graylog using TLS

Re: [graylog2] Re: Logstash to graylog using TLS

Re: [graylog2] Re: Logstash to graylog using TLS

Re: [graylog2] Re: Logstash to graylog using TLS

Re: [graylog2] Re: Logstash to graylog using TLS

7 matches

Site Navigation

Mail list logo

Footer information