[graylog2] Re: geolocation

Did you do every steps of the documentation about this ? Is there a pfsense_filter_sourceip_geolocation field in your list of fields ? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails

[graylog2] Re: How to use pipeline

Hi Ajay, Even I'm worried about this feature. If we cannot pass variables between different rules or pipelines we cannot achieve correlation. We should have feature to create global variables which can communicate between different rules or pipelines. This marks major difference between

[graylog2] Winlogbeat not starting

server_url: https://graylog.domain.com/api/ update_interval: 10 tls_skip_verify: false send_status: true list_log_files: node_id: hostname collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id log_path: C:\Program Files\graylog\collector-sidecar log_rotation_time: 86400

[graylog2] GROK patterns for comma deliminted messages with lots of spaces

Has anyone seen any good examples of how to parse messages that come in like this? It is comma delimited, and has spaces all over the place. Thanks! Event Type: ScriptControl, Event Name: Alert, Device Name: USXXMON01, File Path: c:\programdata\pview3\administrator\pviewagent-748.mdb,

[graylog2] Re: Global input bind_address

That worked...thank you! On Tuesday, October 18, 2016 at 6:12:45 AM UTC-4, Jochen Schalanda wrote: > > Hi, > > you can set the listen address to 0.0.0.0 for global inputs. This way, the > global inputs will bind to all available network interfaces on the Graylog > nodes. > > Cheers, > Jochen >

[graylog2] Internal message queue for graylog2?

Hi All, I would like to understand how Graylog is trying to send message without additional configuration with kafka or RabbitMQ. I am currently using Graylog collector sidebar to configure filebeat to send the tail of application log messages to Graylog server, and I am not sure if there is

[graylog2] Re: Graylog 2.1.1 (Cluster) - Problem with automatic cycling deflectors

i have played with some configurations. it seems that i had to increase the CPU on the DMZ-node, too. i also increased the config to: "custom_attributes": { "graylog-server": { "memory": "2500m" }, "elasticsearch": { "memory": "3000m" } } now i am waiting if the

[graylog2] Re: graylog2 timestamp not from application log message

Hi Wayne, On Tuesday, 18 October 2016 17:04:34 UTC+2, Wayne wrote: > > The converted timestamp: 2016-10-18 15:01:34.559 > and the real timestamp from application log is: 2016-10-18 11:01:34:559 > > There is a four hour difference (when the timezone is configured as either > "Toronto" or "GMT+4"

[graylog2] Re: Upgrade from 2.0.3 to 2.1.1 does not work miraculously ...

Hi Joe, make sure to remove the old graylog-2.0-repository package from your system. Cheers, Jochen On Tuesday, 18 October 2016 16:40:35 UTC+2, Joe Rady wrote: > > running on debian 8 > > I have done this: > > wget > https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.deb

[graylog2] Re: graylog2 timestamp not from application log message

Hi Jochen, I tried again. It looks like the timezone field needs to be filled in. if left blank, no messages will be shipped to graylog server. However, I tried "Toronto", "GMT+4". Both did not fix the timezone issue with timestamp having correct minutes/seconds/milliseconds, but not hours.

[graylog2] Re: Upgrading to 2.1 (package install)

I found that if this didn't work on the first try, I had to do a "yum clean all" after installing the updated RPM for the graylog repository. On Monday, September 5, 2016 at 10:32:53 PM UTC-4, T.J. Yang wrote: > > > > On Monday, September 5, 2016 at 6:59:44 AM UTC-5, Aykisn wrote: >> >> I did

[graylog2] Upgrade from 2.0.3 to 2.1.1 does not work miraculously ...

running on debian 8 I have done this: wget https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.deb sudo graylog-ctl stop sudo dpkg -i graylog-2.1-repository_latest.deb sudo apt-get update sudo apt-get install graylog-server i get: "graylog-server is already the newest

[graylog2] Re: graylog2 timestamp not from application log message

Hi Jochen, It is tricky. Now I found out the extractor to overwrite the timestamp actually stopped the messages to come to graylog server. Once I delete it or rename the "store as field" to names other than timestamp, the messages come into graylog server again, but then I could not overwrite

[graylog2] Re: geolocation

Hi, please provide a complete example message and attach the configuration of the GeoIP resolver you're using. Cheers, Jochen On Tuesday, 18 October 2016 13:08:02 UTC+2, mani...@qrsolutions.in wrote: > > > Hi Jochen, > > what kind of data do you want to show on the map? > > *I want to see the

[graylog2] Re: Does Graylog stores all the logs in elasticsearch?

Hi Anant, On Tuesday, 18 October 2016 14:10:45 UTC+2, Anant Sawant wrote: > > Q1. Does Graylog stores all the logs pointed to it in elasticsearch? > Yes. > If we have sent 1gb of logs from x.x.x.x to y.y.y.y, does it mean that 1gb > of the same logs are also stored onto the y.y.y.y

[graylog2] Eventlog from windows

i have installed graylog 2.0 open source, will i get a result in dashboard ? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[graylog2] Re: error on sudo graylog-ctl reconfigure after upgrade

Hi Nathaniel, what exactly (step-by-step) did you do to upgrade Graylog? FWIW, port 4001 is etcd and it seems like it didn't start properly. Cheers, Jochen On Tuesday, 18 October 2016 12:33:02 UTC+2, Nathaniel Brassington wrote: > > sudo graylog-ctl reconfigure > Starting Chef Client, version

[graylog2] Re: Shortened Xml in message field

Hi, On Tuesday, 18 October 2016 12:27:45 UTC+2, 4BRobby wrote: > > Configuraiton: There is no transformation for the message processing, all > to default. > That's not what I've asked for. Please provide the requested information, otherwise we might not be able to help you. Cheers, Jochen

[graylog2] error on sudo graylog-ctl reconfigure after upgrade

sudo graylog-ctl reconfigure Starting Chef Client, version 12.6.0 Compiling Cookbooks... Recipe: graylog::default * directory[/etc/graylog] action create (up to date) Converging 103 resources Recipe: apt::default * file[/var/lib/apt/periodic/update-success-stamp] action nothing (skipped

[graylog2] Re: Shortened Xml in message field

This is the complete message above (first one)... It is shortened by my code and ".." appended and then the XML is malformed / autocompleted by elasticsearch (my guess). Configuraiton: There is no transformation for the message processing, all to default. Am Dienstag, 18. Oktober 2016 12:20:04

[graylog2] Re: Shortened Xml in message field

Hi, please post the complete message and the configuration of your Graylog node and the input you're using to ingest these messages. Cheers, Jochen On Tuesday, 18 October 2016 11:17:00 UTC+2, 4BRobby wrote: > > Hey guys, > > Maybe someone has noticed this before. It seems like Elasticsearch

[graylog2] Re: geolocation

Hi, what kind of data do you want to show on the map? What's the exact content of the message field you're using? Also see http://docs.graylog.org/en/2.1/pages/geolocation.html for more details. Cheers, Jochen On Tuesday, 18 October 2016 10:29:20 UTC+2, mani...@qrsolutions.in wrote: > > Hi

[graylog2] Re: Creating an input as root

Hi, you can use authbind (also see https://debian-administration.org/article/386/Running_network_services_as_a_non-root_user. and https://github.com/Graylog2/fpm-recipes/blob/2.0/recipes/graylog-server/files/environment#L10-L12) to allow the Java

[graylog2] Re: Graylog doesn't process messages

Hi, please check the logs of your Graylog and Elasticsearch nodes. You can find the locations of these in this document: http://docs.graylog.org/en/2.1/pages/configuration/file_location.html Cheers, Jochen On Tuesday, 18 October 2016 07:33:44 UTC+2, Пётр wrote: > > >

[graylog2] Re: Global input bind_address

Hi, you can set the listen address to 0.0.0.0 for global inputs. This way, the global inputs will bind to all available network interfaces on the Graylog nodes. Cheers, Jochen On Monday, 17 October 2016 23:14:57 UTC+2, imper...@gmail.com wrote: > > What is the best practice for the

[graylog2] Re: Graylog 2.1 lost saved searches

Hi Tommy, how exactly did you upgrade? Did you configure Graylog to use the old MongoDB instance or copied the old MongoDB database into your new MongoDB server? The saved searches are stored in MongoDB in the saved_searches collection. Cheers, Jochen On Monday, 17 October 2016 19:31:01

[graylog2] Shortened Xml in message field

Hey guys, Maybe someone has noticed this before. It seems like Elasticsearch (out of the box) is applying an XML filter to the fields. Input-Example for full_message field: Success DoSomething 8 0 Success DoSomething 8

[graylog2] geolocation

Hi Folks, I need some help regarding geolocation (world map ) in graylog by using the Pfsense logs. While I am trying to create a map it shows the error that (Map widget is only available for fields containing geo data). Thanks and Regards, Manimaran Cell: +919962626220 --

[graylog2] Creating an input as root

Hello, I need to launch an UDP input on graylog on port 514 (*can't *use another one), and I found that I needed to be root to do that. However, I haven't found how to actually do that. Any insights ? Thanks and regards. -- You received this message because you are subscribed to the Google

[graylog2] Re: Graylog 1.3 UDP input "Error starting this input on node 572c0419 / Unknown: Permission denied."

Hi, I solved the issue, i change udp more than the 1024. On Tuesday, October 18, 2016 at 10:21:20 AM UTC+8, Mac Gyver wrote: > > Hi guys, my environments is Graylog 1.3, use the UDP input but show "Error > starting this input on node 572c0419 / Unknown: Permission denied.". I have > disable