Re: [graylog2] [UpdateRegistration] Failed to report collector status to server:

Hi, the Graylog api is typically listening on port 9000, so the server_url is most likely: http://my.fqdn.hostname:9000/api/ Cheers, Marius On 20 February 2017 at 14:18, NeefRoel wrote: > Hi, > > I've installed the graylog server version 2.2.0-11 on one server and the >

Re: [graylog2] Re: Oracle JDK or OpenJDK ?

There is no noticeable difference, pick whatever you prefer. Cheers, Marius On 20 January 2017 at 17:53, Axen wrote: > What is the situation about this issue now? (almost 2.5 years later) > > The current documentation seems to slightly recommend OpenJDK over Oracle. > At

Re: [graylog2] problems connecting to the Graylog server with OVA

As you can see in the error your desktop machine needs access to port 9000: ' http://172.16.124.48:9000/api/' If that doesn't work the login will fail. Cheers, Marius On 5 January 2017 at 16:54, wrote: > I also started from scratch. did reboot after configuring IP.

Re: [graylog2] problems connecting to the Graylog server with OVA

Victor, can you check if port 9000 is blocked by your firewall? It should be open from your desktop machine to the Graylog VM. Cheers, Marius On 5 January 2017 at 16:42, wrote: > Same here. > > sun@dev01 # md5sum graylog-2.1.2-1.ova > 05d501b5fbc303a3f3b534985c8f069a

Re: [graylog2] Graylog2 , filebeat multiline pattern

Hi, you can stop the sidecar at any time and execute filebeat directly for debugging. The last configuration is still in the /generated directory and can be used with filebeat -c .../generated/filebeat.yml Cheers, Marius On 16 December 2016 at 15:35, mytempledarkstar

Re: [graylog2] Re: winlogbeat loop on "starting then crashing" steps - exec by graylog_collector_sidecar

Could you please open an issue for this here: https://github.com/Graylog2/collector-sidecar/issues Will take a look into it. Cheers, Marius On 15 December 2016 at 11:21, C G <csm...@gmail.com> wrote: > Version is 0.1.0 (3880fd) [go1.7.4/amd64] > > > Le 15 déc. 2016 10:39, &

Re: [graylog2] Re: winlogbeat loop on "starting then crashing" steps - exec by graylog_collector_sidecar

Hi, which sidecar version is this? Could please stop all those winlogbeat precesses and try the same with 0.1.0-beta.2 Cheers, Marius On 15 December 2016 at 08:17, CSG wrote: > > If i stop the graylog_collector_sidecar service and then run manually > winlogbeat -c

Re: [graylog2] winlogbeat loop on "starting then crashing" steps - exec by graylog_collector_sidecar

Hi, you can try to figure out why winlogbeat is crashing by calling it the same cmd window. With '.\winlogbeat.exe -c generated\winlogbeat.yml' it should tell you what the problem is. Maybe also posting the generated config file could help to debug this. Cheers, Marius On 14 December 2016 at

Re: [graylog2] Re: New to Graylog and Elasticsearch; have some questions

Hi Joshua, on the appliances MongoDB runs without a configuration file. Settings are given by command line options. If you want to change something you can add or delete options in the start script of MongoDB: /opt/graylog/service/mongodb/run Afterwards restart the service. I think your

Re: [graylog2] Single or double quotes in json messages for configuration via api

Hi, the right syntax is to use single quotes, but this is problematic with curl because the json string itself is usually put in single quotes. So your call looks like this: curl -X POST -d '{some json}' now you can't simply put another single quote in the json string like -d '{some' json}' that

Re: [graylog2] Re: Remove/disable elasticsearch rol from graylog-server OVA

Hi, did you install the Elasticsearch hosts by hand or also with the OVA? If they are manually installed you also need to take care of the Graylog installation manually. Otherwise multi VM setups are described here: http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html#multi-vm-setup

Re: [graylog2] Graylog Collector Sidecar Analysis

Hi Marvin, the tags are used to define which configuration should be applied to a host. So it's up to you to add the tag to the collector_sidecar.yml file. Afterwards it should detect the change in the web interface. If you want to distinguish between the two inputs at search time you can use the

Re: [graylog2] How to configure an nxlog input which was automatically generated by graylog

lt;https://lh3.googleusercontent.com/-jv3FEaKHs30/WDRS2ySkhTI/AI0/HuN87WebUlcClvyNuMJsColp1tvmtj8KgCLcB/s1600/2016-11-22%2B16_14_25-Graylog%2BWeb%2BInterface.png> > > > On Tuesday, November 22, 2016 at 2:40:22 PM UTC+2, Marius Sturm wrote: >> >> Hi, >> click on edit to

Re: [graylog2] How to configure an nxlog input which was automatically generated by graylog

Hi, click on edit to open the input configuration and add the snippet at the bottom in the 'Verbatim configuration' field. Cheers, Marius On 22 November 2016 at 13:03, husayn arrah wrote: > Hello > > I have setup a sidecar collector config on graylog using the default nxlog

Re: [graylog2] Graylog is restarting...

Hi Tomasz, you noticed correctly that your server ran out of disk space. Please make sure that you have enough disk available for storing the configured log volume. Cheers, Marius On 14 November 2016 at 14:15, Tomasz Wielechowski wrote: > Hi > > I'm part of the

Re: [graylog2] Re: Upgraded ES from version 1.3.4 to 1.7.2 now I can't register any new Graylog server nodes

If there would be an easy work around, Graylog would be compatible. So no there is nothing you can do other than updating the server. Cheers, Marius On 4 November 2016 at 17:56, Steven Cherry wrote: > Is there nothing I can do?? Can I not register the Graylog node with

Re: [graylog2] we are not able to install agent due to conflict of previous version

Hi, could you please post the error message you get and the exact steps you did? To give us an idea what might went wrong. Cheers, Marius On 1 November 2016 at 07:57, Rajesh Basa wrote: > Hi Team, > > We are done with configuring graylog to our weblogic test Instance

Re: [graylog2] proxy issue with Graylog AWS image v2.1

ne of these >> configs work. >> >> >> >> ServerName logserver.socialpatrol.net >> ServerAlias logserver >> ProxyRequests off >> ProxyPreserveHost On >> >> RequestHeader set X-Graylog-Server-URL "http://10.1.80.7:9000/api/; &g

Re: [graylog2] proxy issue with Graylog AWS image v2.1

Hi Andrew, when you add a second proxy to the chain, it looks like Graylog would be reachable from another IP. Your web browser tries to connect back to the Graylog REST api based on the value of web_endpoint_uri _or_ the X-Graylog-Server-URL header. Set one of those to the IP that is reachable

Re: [graylog2] Error - the server returned: 404 - cannot POST graylog

Hi Himanshu, you configured Graylog to use port 12900 for the REST API. The API needs to be directly accessable by your browser. To do so you can use either the web_endpoint_uri _or_ the X-Graylog-Server-URL in your proxy config. You set both but with two different url's. Use just the one in the

Re: [graylog2] Issue getting collector-sidecar to work

Hi Justin, did you create any configuration for that host under 'System->Collectors->Manage configurations'? Also make sure that the configuration actually is tagged by 'linux' and/or Cheers, Marius On 6 October 2016 at 19:11, Justin Bell wrote: > I'm running into an

Re: [graylog2] Grayllog collector port 12900 or 9000 ???!!

Hi Sangh, the Sidecar needs a connection to the Graylog REST API. The _default_ port for the api changed in Graylog 2.1 from 12900 to 9000/api. But you can still use the old settings with newer Graylog versions. Only make sure that the Sidecar can talk to the api. Cheers, Marius On 27 September

Re: [graylog2] Do I have to uninstall filebeat for collector-sidecar installation?

Hi, you dont have to, it's included in the Sidecar package for ease of installation but you can point in the configurtion file to the executable you want to use. Cheers, Marius On 22 September 2016 at 20:04, Evgueni Gordienko wrote: > Hi All, > > I have filebeat running

Re: [graylog2] Filebeats collector only one output

llector-sidecar > service to run separate instance of filebeat for each output get around the > limitations of filebeat? > > On Thursday, September 22, 2016 at 11:45:09 AM UTC-4, Marius Sturm wrote: >> >> Hi Steve, >> Filebeat currently doesn't support

Re: [graylog2] Re: Graylog configuration of filebeat and graylog collector sidecar

Kunal, please read the Sidecar documentation first. You have to create a configuration in the Graylog web interface and tag it with the same tag like you started the Sidecar instance. There is a step-by-step guide even with screenshots here:

Re: [graylog2] NXLOG

Hi Tony, nxlog is not included in the collector-sidecar package, so if you want to use the nxlog backend you have to install it along with sidecar. Cheers, Maris On 9 September 2016 at 13:04, Tony wrote: > Hi Guys, > I have a question. Is it necessary nxlog installation

Re: [graylog2] Re: Looking for a configuration example of filebeat + graylog collector use

Hi, no you dont have to use Logstash. Filebeat is sending data directly to Graylog's Beats input. So you have to start a beats input first on the Graylog server and then you have to configure the server IP/Port in the Output section of the Sidecar configuration. Cheers, Marius On 8 September

Re: [graylog2] Issue with winlogbeat and TLS connections

Hi, could you please open an issue for this here: https://github.com/Graylog2/collector-sidecar Should be easy to fix. Cheers, Marius On 7 September 2016 at 11:48, Michael Anthon wrote: > Hi All, > I have just attempted to set up filebeat and winlogbeat to see

Re: [graylog2] Sidecar permission denied error

We plan some performance improvements for the next release, so if you see too much load on the server side at the moment, this will be improved in 2.2. Maybe not relevant for 50 nodes but for 500. On 7 September 2016 at 11:36, Werner van der Merwe wrote: > Thanks

Re: [graylog2] Sidecar permission denied error

alling onto a Windows trial of 22-25 servers. > > Have a Centos puppet manifest (crudely) managing the Centos servers, > Ubuntu and Windows mostly manual initially. > > I'll make the change to adm and report back! > > Thanks for a great product! > > > On Wednesday, 7 Sept

Re: [graylog2] Re: Sidecar permission denied error

Hi Werner, right the nxlog user needs access to the files you want to read, ususally thats the 'adm' group on ubuntu and the 'root' group on centos/redhat machines. Out of curiosity, how many sidecars are you running in parallel? Cheers, Marius On 7 September 2016 at 06:08, Werner van der Merwe

Re: [graylog2] Re: Cannot Configure Collector Inputs

The input should listen on 0.0.0.0, right. On 30 August 2016 at 13:17, Ciprian wrote: > I have also changed 514 to 12201. In system>inputs I need to have a GELF > UDP input with the ip 0.0.0.0 right? Or the IP of the sidecar server? > > -- > You received this message because

Re: [graylog2] Re: Cannot Configure Collector Inputs

Additionally port 514 indicates that you are sending gelf messages to a syslog receiver. Both protocols are not compatible, you need a gelf sender (nxlog) and a gelf receiver (graylog server with started gelf input). \Marius On 30 August 2016 at 12:48, Marius Sturm <mar...@graylog.com>

Re: [graylog2] Re: Cannot Configure Collector Inputs

o any help would be much appreciated. > Thank you. > > On Tuesday, August 30, 2016 at 11:51:20 AM UTC+2, Marius Sturm wrote: >> >> Hi Ciprian, >> you dont need to install anything on the server side, the Graylog >> collector plugin, that is needed for the Sidecar

Re: [graylog2] Re: Cannot Configure Collector Inputs

Hi Ciprian, you dont need to install anything on the server side, the Graylog collector plugin, that is needed for the Sidecar to work, is already included in the standard installation. When the Sidecar is registered under System->Collectors the only thing you have to do is to click on 'Manage

Re: [graylog2] graylog-ctl enforce-ssl - how can I set custom certificate and key path?

Hi Joe, the steps to use a custom certificate are documented here: http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#install-custom-ssl-certificates Cheers, Marius On 29 August 2016 at 19:55, Joe K wrote: > Hello, > > After enabling with > *graylog-ctl

Re: [graylog2] Collector-sidecar make an alert

Hi seko, currently it's not possible to send an alert but with the upcoming 2.1 release the sidecar is sending a status signal back to Graylog. So when you enable the 'send_status' option you can see on the collector web page which collector has a broken configuration or just crashed. Cheers,

Re: [graylog2] Sidecar vs nxlog only?

Hi Nathan, it's basically a configuration layer. With Sidecar in between you can control nxlog from within the Graylog web ui. Cheers, Marius On 24 August 2016 at 16:07, Nathan Mace wrote: > I'm starting to roll out nxlog / Sidecar to replace our Splunk install. >

Re: [graylog2] Re: Graylog2 sidecar and SSL

should I be putting comments back against the issue in github? > > Thanks, > Michael > > On Monday, 15 August 2016 20:45:51 UTC+10, Marius Sturm wrote: >> >> Hi Michael, >> this was done here: https://github.com/Graylog2/gr >> aylog-plugin-collect

Re: [graylog2] Changing memory sizes in OVA

Hi Jamie, you have to make these changes on every node. Cheers, Marius On 16 August 2016 at 20:56, Jamie P wrote: > Hello. I was wondering, if I had a cluster setup where graylog and > mongodb is running on one ova, and elasticsearch is running on two other > boxes, do

Re: [graylog2] Re: Graylog2 sidecar and SSL

hose 3 lines from the config > and running nxlog manually and this definitely works, it connects and sends > messages to graylog. > > If those 3 fields could be made optional and not add those entries to the > generated nxlog.conf then I think this would work perfectly. > > Cheer

Re: [graylog2] Re: Graylog2 sidecar and SSL

Ah ja ok, we shipped the SSL feature recently. So you will see it in the next Graylog release or you test the beta version. Cheers, Marius On 11 August 2016 at 17:34, Michael Anthon wrote: > Oh yeah, I should have mentioned that sorry ! > > >- Graylog 2.0.3

Re: [graylog2] Graylog2 sidecar and SSL

Hi, which Graylog and Sidecar version are you using? In the current beta (Graylog and Sidecar) you can enable SSL for NXlog and Beats outputs with paths to a certificate file. Cheers, Marius On 11 August 2016 at 16:55, Michael Anthon wrote: > Hi All, > Is there

Re: [graylog2] Re: NXLog verbatim addition in beta 1, bug? Feature?

Hi, thanks for the feedback, would you mind openeing an issue for that here: https://github.com/Graylog2/graylog-plugin-collector I think we can fix it pretty quickly, it's just hard to track bug reports on the mailing list. Thanks, Marius On 8 August 2016 at 03:01, Linwood Ferguson

Re: [graylog2] UDP Debugging

t; Isn't there a way how I can verify, that graylog would receive an UDP > message from localhost (within the container) to systematically isolate the > failure? > > Best, David > > On Wednesday, August 3, 2016 at 2:17:52 AM UTC-5, Marius Sturm wrote: >> >> Hi, >&g

Re: [graylog2] UDP Debugging

Hi, your 'gelf-address' looks odd. To get the Docker logging driver working start a UDP GELF input on the server side and use a address like udp:// 192.168.0.9:12201 on the container. Something like /gelf only exist in a HTTP context what is not used in this case. Cheers, Marius On 3 August

Re: [graylog2] Graylog Sidecar reports "unable to map property tags"

t; > Cheers, Pete > > On Monday, 18 July 2016 23:15:31 UTC+10, Jeremy Farr wrote: >> >> Done. https://github.com/Graylog2/collector-sidecar/issues/39 >> >> On Monday, July 18, 2016 at 3:35:36 AM UTC-5, Marius Sturm wrote: >>> >>> Hi, &g

Re: [graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

t; * Natively on Windows: not officially supported > * Inside VirtualBox: doesn't work and the BIOS option is not available > * Docker Toolbox: ditto (uses VirtualBox) > * Docker for Windows: only available for Windows 10+ > > What am I left with? Vagrant?? > > -- > Dmitriy Koro

Re: [graylog2] Re: How to run background Graylog collector on windows

installer > that was automated for some people like myself who are lazy and want to > push out a client to all servers with Group Policy and not have to > configure each Server individually afterwards. > > > On Fri, Jul 29, 2016 at 10:25 AM, Marius Sturm <mar...@graylog.com> wrote: > >

Re: [graylog2] Re: How to run background Graylog collector on windows

that but I have tried the same client on a 32bit server 2003 and >> I get the same results. >> >> On Fri, Jul 29, 2016 at 9:38 AM, Marius Sturm <mar...@graylog.com> wrote: >> >>> I think thats the problem, the 32bit binary looks into C:\Program >>> F

Re: [graylog2] Re: Unable to start graylog-2.0.0-1.ova using oracle vm box in windows server 2008 R2 standard

s immediately > > Boy, do I wish Graylog would support running on Windows natively. Write > Once, Run Anywhere is a great idea! > > On Friday, April 29, 2016 at 2:21:44 PM UTC-4, Marius Sturm wrote: >> >> Hi Nikhil, >> looks like you didn't enable hardware v

Re: [graylog2] Re: How to run background Graylog collector on windows

have any log files that I can see. I am running the 32bit client > on a 64 bit server 2012 R2. It seems like it doesn't even try to start. > > > [image: Inline image 1] > > [image: Inline image 2] > > On Fri, Jul 29, 2016 at 2:04 AM, Marius Sturm <mar...@graylog.com>

Re: [graylog2] graylog-sidecar on Windows Server 2008R2

idecar.exe" -version > Graylog Collector Sidecar version 0.0.9 (amd64) > > > On Friday, 29 July 2016 12:47:16 UTC+1, Marius Sturm wrote: >> >> Which version of the Sidecar is this? There should be a little bit more >> in the output actually... >> >&g

Re: [graylog2] graylog-sidecar on Windows Server 2008R2

=info msg="Fetching configurations > taggedby: [windows]" > time="2016-07-29T12:35:57+01:00" level=info msg="Starting collector > supervisor" > > > > On Friday, 29 July 2016 12:29:06 UTC+1, Marius Sturm wrote: >> >> Hi Phil, >> could

Re: [graylog2] graylog-sidecar on Windows Server 2008R2

Hi Phil, could you try to start the Sidecar in foreground mode. Just open a shell and go to the installation directory. Start the Sidecar with graylog-collector-sidecar. Post the output you see here, maybe we can see some problems. Cheers, Marius On 29 July 2016 at 13:16, Phil Sumner

Re: [graylog2] Re: How to run background Graylog collector on windows

HI, ah sorry I misread the error, could you please look into log files in C:\Program Files(x64)\graylog\collector-sidecar and check if there are any errors to see? Thanks, Marius On 29 July 2016 at 08:53, Marius Sturm <mar...@graylog.com> wrote: > Hi Joe, > this looks like a netw

Re: [graylog2] Re: How to run background Graylog collector on windows

Hi Joe, this looks like a networking issue. Please double check your firewall configuration and make sure that you can reach port 12900 from a remote node. Cheers, Marius On 28 July 2016 at 22:07, Joe Young wrote: > I have exactly the same problem while installing the

Re: [graylog2] Re: Collectors not showing up in Web interface

Hi, you should not copy nxlog.conf files around. The sidecar is fully generating a configuration for nxlog and don't need any manual editing (thats the one in C:\Program Files (x86)\graylog\collector-sidecar\generated) every other config file is not used. >From the screenshot you can see that the

Re: [graylog2] Collectors not showing up in Web interface

Hi, the Sidecar is writing a log file in C:\Program Files (x86)\graylog\collector-sidecar, do you see any errors in there regarding failed registration requests? Cheers, Marius On 27 July 2016 at 18:03, Jamie P wrote: > Hello, > > I installed the sidecar and nxlog on a

Re: [graylog2] Re: Cannot Configure Collector Inputs

Hi Tony, the collector option is implemented as a plugin. So please check in your server configuration the plugin_dir directive and that the collector plugin is actually located in that directory. Cheers, Marius On 26 July 2016 at 18:32, Tony wrote: > Hi Marius, > sorry

Re: [graylog2] graylog-collector-sidecar issue

Dont forget to set the 'apache' tag on the top of the page and press 'Update tags' On 25 July 2016 at 17:15, Marius Sturm <mar...@graylog.com> wrote: > The defaults are pretty fine for a first test. Create a NXLog Gelf output > with the IP and port of your Graylog's Gelf Inpu

Re: [graylog2] graylog-collector-sidecar issue

path to the Apache log file. That should be it. Marius On 25 July 2016 at 17:09, Tony <anesp...@gmail.com> wrote: > Thank you Marius, as I am very newbie on the system can you please, write > me the correct GUI entries to configure it? > Thanks a lot > > Tony > > 2016-0

Re: [graylog2] graylog-collector-sidecar issue

Hi Tony, you have to create a configuration for the sidecar first. Go to 'Manage configurations' on the collectors page and set up the needed inputs and outputs of your nxlog instance. Cheers, Marius On 25 July 2016 at 15:56, Tony wrote: > Hello everybody, > I would like

Re: [graylog2] How to remove Graylog set-external-ip

HI, you can reset the setting by deleting the line `external_rest_uri...` in /etc/graylog/graylog-settings.json. Afterwards run graylog-ctl reconfigure. Cheers, Marius On 25 July 2016 at 09:41, Arief Hydayat wrote: > Hi everyone, > > Need your help. As I saw in the

Re: [graylog2] Sidecar: When would you need more than one tag in a configuration?

Hi, thanks for the feedback, that's very helpful for us. Otherwise we never know if the concepts are understood by the users or not. The current implementation is merging all configurations that are fetched throug the provided tags. So let's say that your sidecar starts with three tags, internally

Re: [graylog2] Graylog Sidecar reports "unable to map property tags"

Hi, could you please create an issue for that over here: https://github.com/Graylog2/collector-sidecar/issues Please add your collector_sidecar.yml file to the ticket. Thanks, Marius On 15 July 2016 at 20:25, Jeremy Farr wrote: > So I'm using nxlog and I've installed the

Re: [graylog2] Sidecar: When would you need more than one tag in a configuration?

Hi, this depends on your tagging schema, let's say you have three classes of machines 'database', 'application' and 'web_server' and you want to apply a general configuration to all of them. E.g. a file input for /var/log/messages, then you can create a configuration for that and use all three

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

s fine. > > On Thursday, 7 July 2016 19:27:47 UTC+1, Marius Sturm wrote: >> >> The generated config looks fine, maybe a screenshot of the Graylog input >> puts some light on this? >> >> On 7 July 2016 at 19:50, Kev Johnson <k...@drunkmonkey.co.uk> w

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

>> >> Exec $short_message = $raw_event; # Avoids truncation of the >>> short_message field. >> >> Exec $gl2_source_collector = '28a3c8c7-bc02-44e0-98a5-e93e52b057e5'; >> >> Exec $Hostname = hostname_fqdn(); >> >> >> >> >>> >>>

Re: [graylog2] Graylog Collector Sidecar - no logs being shipped

Hi, you could check if the Gelf port on the Graylog side is exactly the same as on the Nxlog sender side, usually 12201. Go to System->Inputs (the input should have a green badge 'running') verify the port number with the one you configured for nxlog in the collector configuration. Another thing,

Re: [graylog2] Nessus vulnerability scanner and Graylog

raylog is) so that only SSH is available (that is > easy), but we also need to view the web page. Which ports must be > accessible (HTTPS anything else)? > > > Dne sreda, 29. junij 2016 21.14.17 UTC+2 je oseba Marius Sturm napisala: > >> Hi, >> the OVAs in general are made fo

Re: [graylog2] Re: Server currently unavailable

Hi, why do change all the IP settings in the first place? When you spin-up a fresh OVA and just run 'graylog-ctl reconfigure' the scripts try to detect everything automatically. Cheers, Marius On 29 June 2016 at 20:39, Lionel Valero wrote: > Here is the chrome console

Re: [graylog2] Nessus vulnerability scanner and Graylog

Hi, the OVAs in general are made for ease of setup and a quick getting started experience with Graylog. The trade-off of this that some services need to be less restricted as in a setup that is optimized for security. Elasticsearch and MongoDB should always placed in a seperate network as

Re: [graylog2] docker,input fine, no result in search. timezone

not sending any log data? On 29 June 2016 at 11:38, wrote: > I'm using docker. > > the input seems fine. > > but there isn't any result in search. > > seems the data not in es. > > why? > > > -- > You received this message because you are subscribed to the Google Groups >

Re: [graylog2] Re: Anyone use Image in real world application? Graylog 2.0 image fails after few days. Is this Image problem or Graylog in general?

ta=false, >>> master=false},{graylog-2a34-d1ba-4f21-a9df-f45901d845b7}{BiWe2Zy2Syaojr9ek0AlJQ}{172.25.232.35}{ >>> 172.25.232.35:9350}{client=true, data=false, master=false},}, reason: >>> zen-disco-join(elected_as_master, [0] joins received) >>> 2016-06-26_

Re: [graylog2] Need some help disabling ciphers and algorithms

@Ragnar do you try to disable the cipher algorithms for the web interface or for an log input? Because the web interface on the appliances is TLS terminated by the Nginx that is also installed. The inputs are served directly by Graylog's java process, that whould be a differnet setting. On 27

Re: [graylog2] Re: Anyone use Image in real world application? Graylog 2.0 image fails after few days. Is this Image problem or Graylog in general?

Hi, this all boils down to an unstable Elasticsearch instance. When Graylog is not able to forward log messages to ES it buffers them on disk and tries to send them later. This is called journal. So when your ES service is not running properly the journal fills up with messages. Please take a look

Re: [graylog2] Re: server not running even though graylog-ctl says it is

Thanks for investigating in this, please open a new issue here: https://github.com/Graylog2/omnibus-graylog2 This is not a server issue per se. Thanks, Marius On 23 June 2016 at 16:06, 123Dev wrote: > Found the offending code. > > /opt/graylog/service/graylog-server/run

[graylog2] Re: RPM update from 2.0.2 to 2.0.3 breaks Graylog

Hi, looks like your receiving some binary data on a plain text Gelf input. Did you switch to TLS encryption or soemthing like that after the update? Could you please post the generated configuration of NXlog? Cheers, Marius On Wednesday, 22 June 2016 16:27:41 UTC+2, Shon Nixon wrote: > > Built

Re: [graylog2] How to configure mail alert

Hi Sangh, please take a look here for persisting email configuration on the appliances: http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#graylog-ctl The sub-command you need is `set-email-config`. Cheers, Marius On 16 June 2016 at 11:03, sangh wrote:

Re: [graylog2] About graylog side car

Hi Sangh, currently you have to use the Snippets for that but feel free to create a feature request with examples here: https://github.com/Graylog2/collector-sidecar/issues Thanks, Marius On 14 June 2016 at 14:53, sangh wrote: > hi, > > It is not possible to use a

Re: [graylog2] How to use filebeats with collector-sidecar

Hi, Beats support will be released with Graylog 2.1.0 Cheers, Marius On 10 June 2016 at 19:53, Terry Lee wrote: > I cannot seem to to find docs on how to use filebeats with > collector-sidecar. Can someone point me in the right direction? > > -- > You received this message

Re: [graylog2] Cannot Configure Collector Inputs

9, 2016 at 2:56:13 PM UTC+1, Marius Sturm wrote: >> >> Thats the default location the Sidecar tries to write the config file for >> the nxlog collector. Guess the path doesn't exists on your system? >> >> -- > You received this message because you are subscribed to

Re: [graylog2] Cannot Configure Collector Inputs

Thursday, June 9, 2016 at 2:38:04 PM UTC+1, Marius Sturm wrote: >> >> You have to create an output before and choose it in the 'Fowrard to' >> field. Otherwise the input is doing nothing. Thats why GL denies to create >> it. >> >> >> -- > You receiv

Re: [graylog2] Cannot Configure Collector Inputs

[NXLog file input] or [NXLog] UDP syslog listener or any other. None > of them work. > > Thanks > > > On Thursday, June 9, 2016 at 2:29:48 PM UTC+1, Marius Sturm wrote: >> >> Hi, >> could you please provide the data you used for the input. So that I can

Re: [graylog2] Cannot Configure Collector Inputs

Hi, could you please provide the data you used for the input. So that I can try to reproduce the issue? Thanks, Marius On 9 June 2016 at 15:25, Marko Lerota wrote: > Hi I am trying to configure collector sidecar but without success. Graylog > is failing to create inputs. > I

Re: [graylog2] Re: gracefull shutdown

Hi, depends on the operating system you use, e.g. on a Ubuntu system a 'sudo service graylog-server start' should be enough. Cheers, Marius On 1 June 2016 at 11:30, wrote: > Hi > version 1.3 > > I used a recipe in chef :https://supermarket.chef.io/users/chr4 {{ > install

Re: [graylog2] Can't get Graylog Appliance 2.0.2 to work with SSL and external IP address.

Hi Pasqual, the easiest way of setting this up is to just use the 'enforce-ssl' command. This will put the web interface and the rest api on port 443. This should work on the internal and the external IP address. Once you use the 'set-external-ip' command you basically tell graylog-ctl that you

Re: [graylog2] Re: Graylog Error Logging and Disk Space

Hi, could you put all the informations in a ticket please: https://github.com/Graylog2/omnibus-graylog2/issues I have to review that later. Thanks, Marius On 31 May 2016 at 15:09, David Gerdeman wrote: > I had to wait for it to fail again. It looks like it failed on

[graylog2] Re: Where does Chef keep the Web-Interface URI list?

Hi, the list of involved hosts in the cluster is stored and distributed via Etcd. It's organized like a directory tree, so you can do: '/opt/graylog/emvedded/bin/etcdctl ls' or '/opt/graylog/emvedded/bin/etcdctl ls servers' to see all graylog servers. To delete an entry use the rm command:

Re: [graylog2] collector side car + nxlog doesnt forward firewall log

Hi Sanhegi, do you see any errors in the nxlog_stdout/stderr files under /var/log/graylog/collector-sidecar? It could be that you started nxlog on port 514 and there is another syslog already listening or something like that? Are you sure that the firewall syslog messages can be processed by

Re: [graylog2] Graylog Appliance Issue: "Your appliance came up without a configured IP address."

Hi Trisha, normally the ip of the appliance comes from the dhcp server in your network. So I would start there and see why it is not providing an ip to the appliance. There could be many reasons, e.g. wrong vswitch settings or some firewall rules or whatever. Maybe some local admin could provide

Re: [graylog2] Unable to change the IP address from DHCP to Static

Hi Adam, I guess you are referring to the Graylog appliance. We have some documentation on how to change from dhcp to static ip over here: http://docs.graylog.org/en/2.0/pages/installation/graylog_ctl.html#assign-a-static-ip Usually you can use sudo (not su, thats another command) password-less on

Re: [graylog2] Re: node_id in collector_sidecar.yml

Thanks, should be fixed soon. On 25 May 2016 at 16:42, Leittechnik SUN wrote: > Hi Marius > if node_id is not set (empty, or "", or '') the sidecar service will not > start :-( > i think i create an issue .. > > Am Mittwoch, 25. Mai 2016 15:03:09 UTC+2 schrieb Leittechnik

Re: [graylog2] Re: Graylog Error Logging and Disk Space

The Runit service that is the supervisor for all daemon processes on the appliance should already rotate the standard logs. It's configured through these parameters: https://github.com/Graylog2/omnibus-graylog2/blob/2.0/files/graylog-cookbooks/graylog/attributes/default.rb#L95 Which file exactly

Re: [graylog2] Re: How to send log from private windows IP to AWS AMI graylog server.

You want to configure your network security and not install another collector. Nxlog alone is sufficient. On 24 May 2016 at 16:38, rvb n wrote: > do i want to install graylog collector? or is nxlog alone enough? > > > On Tuesday, 24 May 2016 19:59:13 UTC+5:30, rvb

Re: [graylog2] Re: howto Upgrade from OVA Image (1.3.3) to Graylog 2.0.0

Hi Wolfgang, looks like the file /etc/graylog/graylog-secrets.json is not a valid json file anymore. Could you please verify the file for obvious errors like a missing comma or unclosed quotation marks? In doubt you could try to re-generate that file with "sudo graylog-ctl set-admin-username

Re: [graylog2] Re: How to send log from private windows IP to AWS AMI graylog server.

On AWS network ports are usually not accessable from the outside, please read about network security and how to configure it here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html On 24 May 2016 at 16:29, rvb n wrote: > Sir , > > I have

Re: [graylog2] How to send log from private windows IP to AWS AMI graylog server.

19:20:45 UTC+5:30, Marius Sturm wrote: >> >> NXlog is telling you already what the problem is: ERROR Service is >> already running >> There is another nxlog instance running, stop that process before >> starting a new one. >> >> On 24 May 2016 at 15:41, rvb n

Re: [graylog2] How to send log from private windows IP to AWS AMI graylog server.

> > still i have not received any log. can you please ask some question like > cross check so that can correct my mistake. pls sorry again > > On Tuesday, 24 May 2016 18:47:18 UTC+5:30, Marius Sturm wrote: >> >> With Graylog it's easier to use Gelf instead of syslog. Re

  1   2   >