Johan, Henrik,
I tried to track this problem down.The problem is that the JVM does
not cache reverse DNS lookups. The available JVM DNS cache settings
like networkaddress.cache.ttl only affect forward DNS lookups.
The code for doing the reverse lookups in Graylog did not change in a
long time,
Roberto,
the Cisco ASA does not send valid Syslog, unfortunately. You have to
create a Raw input and create extractors.
There is a blog post about this here:
http://spottedhyena.co.uk/2015/01/graylog2-cisco-asa-cisco-catalyst/
Hope that helps!
Regards,
Bernd
On 27 February 2015 at 15:57,
Hello,
In webpanel - only write-active indice has information about it's size and
message count.
Active (but not writeable) indexes has only information about time like:
Contains messages up to an hour ago.
--
You received this message because you are subscribed to the Google Groups
graylog2
Hi, I'm trying to process with gawk a PHP log for loading it graylog2 (I
have many log lines really big). I'm not able of send the correct
information to graylog2 input UDP 12200
If I want to send the next log (is gelf formated) entry to graylog2 using
two chunks how could I do it? What
Hello,
How to set heap size (Xms and Xmx values) in graylog 1.0?
I've already set up elasticsearch heap size, by modifying es_heap_size in
/etc/default/elasticsearch, but I don't see any similar variable in graylog
config file.
--
You received this message because you are subscribed to the
Hi,
I am trying to convert from an ELK to Graylog, but I am not having much
luck extracting useful information. I have a log in key value pair format,
and have set up an extractor to copy input and then convert using key value
pair. it does not work. the log entry looks like this:
hname
Dear, I have a Graylog2 version 0.20.6 as our syslog server of our company.
I defined an INPUT Syslog UDP running on port UDP/10514, and after that
we point several Windows and Linux servers to the Graylog2 with no problems.
But in the case of the Cisco ASA firewalls, we have a problem because
Previously, you had to define a value in the init script (i.e. shown below)
and then add $HEAP_SIZE after the $JAVA variable in the actual line that
starts the process.
HEAP_SIZE='-Xms3072M -Xmx3072M'
However, I noticed this broke in graylog 1.0. It's now inheriting the value
from somewhere
Thanks I will look into this and update my findings.
On Thursday, February 26, 2015 at 12:00:15 AM UTC-7, Bernd Ahlers wrote:
Hey,
you can tweak the message_journal_max_age and
message_journal_max_size settings in your graylog.conf. (see
