[graylog2] Graylog is not processing Messages from one input anymore

Hey my Graylog just stoped processing messages from one input. But the other Input is still working. Everything looks finde for me: I rebooted the Linux machine, Start Stop of the Input and so on. But without success. root@ATLOG001:/var/log/graylog-server# top top - 08:14:49 up 16 min, 1 user,

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

Thanks Marius - I'll give that a go today. Thanks for sense checking my config and confirming I've not done anything silly! On Thursday, 7 July 2016 22:30:29 UTC+1, Marius Sturm wrote: > > Yeah, sounds possible to me. All configurations look correct. So some > Windows firewall might be the root

[graylog2] Re: Graylog search and sum fields

Or if you have multiple message like this: Actionnum 0 Content_Length 1436 Content_Type application/x-compress Destination_IP 104.96.91.41 facility local4 level 4 message 1467954342 1 10.244.130.157 104.96.91.41 application/x-compress 10.244.130.157 http://update.nai.com/Products/CommonUpdater/C

[graylog2] When is Graylog 2.1 releasing?

When will I be able to use Graylog 2.1? I'm waiting for the TCP TLS Graylog Collector Sidecar support which is included with it. Also, what new features will be included? Is there a release notes page covering 2.1 yet? -- You received this message because you are subscribed to the Google

[graylog2] Re: Has any one successfully set up SSL on Graylog 2.0?

Jochen, I just got SSL all working recently as well. You should not have to put the password in quotes. I didn't have to on my setup. Also, I'm fairly certain your cert or key aren't in the right formats. I struggled for quite a while to get my cert into the right format but once I did it

Re: [graylog2] Re: debugging pipelines is... difficult

On Wed, Jul 6, 2016 at 9:50 PM, Jochen Schalanda wrote: > there's something coming up in Graylog 2.1.0 which will vastly simplify > testing pipeline rules. > That's great to hear. Any suggestions as to what's wrong with my rule? Thanks -- Cheers Jason Haar Information Security Manager, Trim

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

Yeah, sounds possible to me. All configurations look correct. So some Windows firewall might be the root cause. Maybe you can try with a test host with all firewalls disabled. On 7 July 2016 at 20:38, Kev Johnson wrote: > >

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

Does this help? Given that we're getting nothing but the Sidecar checking traffic back from the servers I'm still leaning toward thi

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

The generated config looks fine, maybe a screenshot of the Graylog input puts some light on this? On 7 July 2016 at 19:50, Kev Johnson wrote: > Thanks Marius - I've double checked the input port (and that it's > running!), but even if it were a mismatch I'd expect tcpdump to show the > packets h

[graylog2] Re: Has any one successfully set up SSL on Graylog 2.0?

Jochen, I ran the openssl command and it returned a single line with the text: RSA key ok I did have some errors prior to the current ones with Graylog not being able to access the key file. Those turned out to the an incorrect formatting in the server.conf file, I had to put the password in

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

Thanks Marius - I've double checked the input port (and that it's running!), but even if it were a mismatch I'd expect tcpdump to show the packets hitting the interface. I suspect that this has to be down to the generated config, so I'm pasting the contents of one of the servers' configs below

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

Hi, you could check if the Gelf port on the Graylog side is exactly the same as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input should have a green badge 'running') verify the port number with the one you configured for nxlog in the collector configuration. Another thing, W

[graylog2] Graylog Collector Sidecar - no logs being shipped

Firstly: I love the idea of being able to push out updated configuration files to my collectors. That said: I'm having issues getting logs to my Graylog box (deployed from the OVA) Steps taken so far are as follows - Installed NXlogCE - Uninstalled the NXlog service - Installed the Gr

[graylog2] Graylog search and sum fields

Hey, if I have multiple logs like this: type=FWD|proto=TCP|srcIF=port7.101|srcIP=10.244.130.102|srcPort=54610|srcMAC=00:00:00:00:00:00|dstIP=104.96.151.235|dstPort=80|dstService=|dstIF=port7.910|rule=|info=Normal Operation|srcNAT=80.120.142.196|dstNAT=104.96.151.235|duration=0|count=1|receivedB

Re: [graylog2] Graylog goes enterprise, but not for elastic/shield?

Am Mittwoch, 6. Juli 2016 11:53:33 UTC+2 schrieb Jochen Schalanda: > > Graylog currently hosts an embedded Elasticsearch instance which joins the > Elasticsearch cluster as a client node (i. e. no data is stored and it's > not master-eligible). Due to some kind of "sanity check" (the JarHell > c

[graylog2] Re: Stream rules with two gl2_source_input values

Post related : https://groups.google.com/forum/?hl=en#!searchin/graylog2/collector-sidecar/graylog2/X6f7BuxI__w/-v1foWIDBAAJ El jueves, 7 de julio de 2016, 12:37:05 (UTC+2), Eduardo Ferreiro escribió: > > Hi, > > Excuse my poor english, i use google translate... > > I want to know if there is any

[graylog2] Stream rules with two gl2_source_input values

Hi, Excuse my poor english, i use google translate... I want to know if there is any way to configure two possible values in stream rule to be evaluated with the OR operator instead of the AND operator. I need it because my inputs were TCP and the collector-Sidecar change to work with UDP. Th

Re: [graylog2] Nessus vulnerability scanner and Graylog

Usually you need the web port and the api port but on the OVAs both are mapped to HTTPS so that should be fine then. On 4 July 2016 at 21:17, wrote: > Thank you Marius, I implemented the suggestions listed under: > http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-re

[graylog2] Re: can not start service

Hi, is there any error message in the log file of the Collector Sidecar (check the log_path setting in the configuration file, http://docs.graylog.org/en/2.0/pages/collector_sidecar.html#configuration). Cheers, Jochen On Thursday, 7 July 2016 08:37:14 UTC+2, ชีระวิทย์ ภูริเดชชัยพัฒน์ wrote: >

[graylog2] Re: Graylog Error ( invalid distance too far back)

Hi Yiannis, those messages mean that there were some corrupt GELF messages received by your GELF UDP input. This can have many causes, like corrupt UDP packets on the network, sudden connection drops (which also lead to corrupt UDP packets), or simply a broken GELF client. Cheers, Jochen On W

[graylog2] Re: Where to configure the elasticsearch cluster, server.conf or elasticsearch.yml?

Hi Tom, you need to configure the Elasticsearch cluster name, the network host, and a list of Elasticsearch nodes in your Graylog configuration, see http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#configuration . Additionally, you need to configure (at least) the cluster n

[graylog2] Re: Has any one successfully set up SSL on Graylog 2.0?

Hi Dave, the error message looks like the private key is in an incompatible or invalid format which Graylog can't process. Could you please share your Graylog configuration (the rest_* and web_* settings should be sufficient) and the output of the following OpenSSL command: openssl rsa -noout