My issue is resolved and not related to this post.
We use certificates from InCommon and I believe that provider wasn't
trusted by Java without adding InCommon to the trust store. I went with
nginx configuration for the SSL part, works great.
I did have some of the same problems listed here,
Since I use nftables on that system, this is what I added:
> table ip nat {
> chain prerouting {
> type nat hook prerouting priority 0; policy accept;
> tcp dport shell redirect to 5514
> udp dport shell redirect to 5514
> }
>
>
Hello,
I cloned the Graylog source code from Github, and I'm trying to make
customizations to it. I made some customizations on the filters, and now
I'm trying to add the rest apis. I'm working off of branch 1.3, and I was
able to import the subfolders as Maven projects on Eclipse except for
g
Hi Peter,
the menu items marked in your screenshots are all provided by plugins to
Graylog 2.0.0. Make sure that plugin_dir (see
https://github.com/Graylog2/graylog2-server/blob/2.0.0/misc/graylog.conf#L32-L33)
has been configured correctly, is accessible by the system user running
Graylog, a
PS: We followed the documentation under:
http://docs.graylog.org/en/2.0/pages/upgrade.html
http://docs.graylog.org/en/2.0/pages/configuring_webif.html
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop recei
Hi,
We upgraded our production environment to graylog 2.0.0 after successfully
testing it in the test environment.
But do not find the new 2.0 features in production while in test they are
there.
The difference is that we did upgrade the test environment to the beta
releases first and updated
Hey Dennis,
the Sidecar project is not compotible with Graylog 1.x. But you can spin up
one of our 2.0 virtual appliances and test on some nodes:
http://docs.graylog.org/en/2.0/pages/installation/virtual_machine_appliances.html
Cheers,
Marius
On 9 May 2016 at 18:10, Dennis Seaton
wrote:
> Sill
Silly question: I notice the Graylog documentation has been updated and
that the Graylog Collector is now depreciated with v2.0 GA. Looks like
NXLog is recommended for Windows clients. so I want to go ahead and
start switching over to NXLog, but the official docs also mention
installing Si
Hi,
I'll have the Graylog logs in a minute, but for now, I've got this out of
the Chrome browser:
Failed to load resource: the server responded with a status of 401
(Unauthorized)
plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.62d4f9e….js:14572
Unhandled rejection Supera
Thank you very much. After looking at the configuration for so long, it
simply took a fresh set of eyes to find the issue. I did also have to set
'mongodb_useauth" to 'false'. Other than that, you have me the answer that
was right in front of my face. Thank you again.
On Monday, May 9, 20
Good suggestions, not exactly what I asked, but thanks I'll probably use
iptables for now.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...
You could just create and IP tables rule which forwards port 514 to 1514
--
Later,
Darin
On Mon, May 9, 2016 at 11:08 AM, Tony Murray wrote:
> So we could run graylog as a non-root user.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
>
Hi Tony,
have you taken a look at the authbind utility for running Graylog as
non-root user while still being able to bind ports <1024?
Cheers,
Jochen
On Monday, 9 May 2016 17:08:22 UTC+2, Tony Murray wrote:
>
> So we could run graylog as a non-root user.
>
--
You received this message becaus
Hi Joan,
the documentation link you've posted talks about the normal operating
system packages (DEB and RPM) but since you're using graylog-ctl it looks
like you've been using the virtual machine image (OVA) before.
Please refer
to
http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl
So we could run graylog as a non-root user.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on th
Hi Joan,
you have to download and install the latest omnibus package in order to
update a Graylog appliance:
http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#upgrade-graylog
Cheers,
Marius
On 9 May 2016 at 16:54, Joan wrote:
> I just upgraded to 2.0.0-6 (GA version), from 2.0.
Hi,
make sure that there is only one mongodb_uri configuration setting in your
configuration file (currently there are 2) and that the configured MongoDB
server can be reached through the given MongoDB URI.
In your case, there doesn't seem to be a MongoDB server running on localhost
on port 27
I just upgraded to 2.0.0-6 (GA version), from 2.0.0-4.beta.3, doing the
following
apt-get update
apt-get dist-upgrade
graylog-ctl restart
Still there are some features that don't seem to be on my system, such as
the "Search surrounding messages" (commented on the blog), did I miss
something,
This is a new installation of Graylog2, MongoDB and Elasticsearch. The
Graylog login page says there are no Graylog servers. When looking in the
logs for Graylog, I see the following errors:
*2016-05-09T09:12:22.090-04:00 ERROR [CmdLineTool] Guice error (more detail on
log level debug): Error
Hi,
Elasticsearch doesn't have anything to do with Elasticsearch, so those are
different issues.
Which error messages do you get when enabling HTTPS (TLS) for the Graylog
REST API and the web interface? Mind that you must enable HTTPS (TLS) for
both, the Graylog REST API and the web interface
This works fine with HTTP, but if I enable web_enable_tls = true, then
everything breaks.
On Mon, May 9, 2016 at 7:03 PM, Jochen Schalanda wrote:
> Hi,
>
> please make sure that the other nodes of the Elasticsearch cluster are
> able to communicate with the embedded ES node in Graylog. Currently
Hi Jochen,
localhost:9200/_cat/indices?v reveals that graylog2_3 is the only index in
my Elasticsearch cluster:
health status index pri rep docs.count docs.deleted store.size
pri.store.size
green open graylog2_3 4 0 1804430139.3mb
139.3mb
localhost:92
Hi Aldo,
please refer to the manuals of OpenSSL (or any other program you're using
to create or convert private keys and your certificates):
- https://www.openssl.org/docs/manmaster/apps/pkcs8.html
- https://www.openssl.org/docs/manmaster/apps/x509.html
- https://www.madboa.com/geek/ope
Hi Thomas,
the list of message fields displayed by default can currently not be
configured in Graylog.
Cheers,
Jochen
On Monday, 9 May 2016 15:17:05 UTC+2, Thomas Stather wrote:
>
> Hi All
>
>
> I just installed the 2.0 version of the virtual appliance. Now i want the
> field "gl2_remote_ip" t
Hi,
please make sure that the other nodes of the Elasticsearch cluster are able
to communicate with the embedded ES node in Graylog. Currently, the
embedded ES node in Graylog is announcing 127.0.0.1 as its address, to
which the other ES nodes can't connect to.
You can change the address of th
Hi All
I just installed the 2.0 version of the virtual appliance. Now i want the
field "gl2_remote_ip" to be displayed per default for all search results.
I don't know how to do this, i have to click on "fields" on the left side
and check "gl2_remote_ip" on every search.
Is there a way to add
Hello,
Is there some documents talking about how to install graylog multi nodes,
how to install load balancer, what to replicate,
which log to put in which node, ...
I already red the official graylog document but it's very light on this
subject.
Regards.
--
You received this message becau
Hi,
1) how to add those non-master nodes to this master node.
>
Simply make sure that the non-master Graylog nodes are using the same
MongoDB database and the exact same password_secret configuration setting
as the master node and that they can communicate with each other on port
12900 (defa
Ok Thanks.
And the right procedure is?
On Monday, May 9, 2016 at 2:44:20 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Aldo,
>
> it looks like you've been storing a private key in
> /etc/pki/tls/certs/graylog.pem instead of an X.509 certificate.
>
> Additionally, you really shouldn't post your privat
Hi Dilip,
are there any other conflicting index templates/mappings in your
Elasticsearch cluster?
Other than that, the index mapping for graylog2_3 is looking fine and ES
should use the whitespace analyzer for messages indexed into this index.
Cheers,
Jochen
On Friday, 6 May 2016 22:01:42 UTC
Hi,
I have the following setup.
GRAY LOG SERVER(172.16.16.102) ---> ElasticSearch - node1 (172.16.16.100)
--> ElasticSearch -node2 (172.16.16.101)
Everything Seems to be normal if I run over normal HTTP transport. Things
break if I enable TLS on Graylog server and I am getting the error att
Hi Anirudh,
(arbitrary) aggregations over one message field are currently not possible
in Graylog but you might get along with the statistical values that Graylog
provides on a per-field basis (see field list on the search sidebar).
Cheers,
Jochen
On Wednesday, 4 May 2016 18:41:29 UTC+2, aniru
Hi Aldo,
it looks like you've been storing a private key in
/etc/pki/tls/certs/graylog.pem instead of an X.509 certificate.
Additionally, you really shouldn't post your private keys on a public
mailing list.
Cheers,
Jochen
On Wednesday, 4 May 2016 19:29:42 UTC+2, Aldo Pellini wrote:
>
> Hi,
>
Hi Iain,
you can check your Grok patterns against some messages using the Grok
debugger at https://grokdebug.herokuapp.com/.
Cheers,
Jochen
On Thursday, 5 May 2016 22:54:33 UTC+2, Iain wrote:
>
> Hi,
>
> I'm running Graylog 2.0.0 with an extractor to pull out SSH login names
> from failed logi
Hi Raj,
please make sure that the other nodes of the Elasticsearch cluster are able
to communicate with the embedded ES node in Graylog. Currently, the
embedded ES node in Graylog is announcing 127.0.0.1 as its address, to
which the other ES nodes can't connect to.
You can change the address o
Hi,
please read the documentation about configuring the web interface in
Graylog 2.0.0: http://docs.graylog.org/en/2.0/pages/configuring_webif.html
The Graylog REST API must be accessible by your web browser in order for
the web interface to work.
What exactly do you mean with "Graylog keeps c
Hi Umesh,
please take a look at the documentation chapter about sending messages into
Graylog: http://docs.graylog.org/en/2.0/pages/sending_data.html
In general, the virtual machine images are production-ready (for small
setups) and can receive log messages from other sources than itself.
Chee
Hi Anant,
it looks like the plugin is expecting some value in the payload to be a
boolean type but received a string.
Do you still have access to the raw message payload? The string "hi"
suggests that this was simply a test message.
Cheers,
Jochen
On Friday, 6 May 2016 13:02:38 UTC+2, Anant S
Hi
Since i haven't found a solution i decided to reinstall using the most
recent version of the virtual appliance (Greylog 2.0).
Am Dienstag, 5. April 2016 11:44:57 UTC+2 schrieb Thomas Stather:
>
> Hi
>
> I am new to this list and i'm experiencing problems with my graylog
> appliance (v1.3.4,
Hi Nathan,
are there any error messages in the JavaScript console of your web browser (
https://developers.google.com/web/tools/chrome-devtools/debug/console/) or
in the logs of your Graylog server node(s)?
Cheers,
Jochen
On Friday, 6 May 2016 23:57:01 UTC+2, Nathan Hicks wrote:
>
> Hi,
>
> I'v
Hi Mohana,
please take a look at the file input for the Graylog Collector and its
content-splitter and content-splitter-pattern configuration
settings: http://docs.graylog.org/en/2.0/pages/collector.html#file-input
In order for this to work, your stack traces should start with a unique
charact
Hi Darwin,
unfortunately migrating those messages to Graylog is not easily possible.
The simplest solution would probably be to re-index those messages using
logstash to read from Elasticsearch (
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-elasticsearch.html)
and send them
Hello,
After some hours trying to configure tls encripting without success, i come
here to ask for some help.
*Server configuration :*
Derbian 8
Graylog 2.0.0
Mongodb 2.4.10
Java 8u92+8u91
Elasticsearch 2.3.2
*Graylog tls options *:
rest_enable_tls = true
> rest_tls_cert_file = /etc/ssl/temp
43 matches
Mail list logo