[graylog2] My experience with collector-sidecar in Windows

I got collector-sidecar to work on my windows systems and here are some tips. I'm using the latest graylog in Docker. - Update your graylog configuration to use GRAYLOG_WEB_ENDPOINT_URI if you haven't already, since this URI can now be under the same port as the web interface. - Be

[graylog2] Re: graylog with cisco don't show the source ip correctly !!!!!!

Enable full message logging to be sure, but it looks like the Cisco isn't sending its host or IP in the message. I have this same problem with some cheap APs that have no way to identify them based on the syslog message. You may have the option to configure the syslog service to send the IP or

Re: [graylog2] Syslog input: Add source IP field to messages from devices with poor syslog formatting?

I currently have one input per AP at one site, but I have another site with 60 of the APs and I wasn't looking forward to configuring 60 different inputs and port forwards. Unfortunately, there is no other identifying information in the syslog line. The first field after the timestamp is the se

[graylog2] Syslog input: Add source IP field to messages from devices with poor syslog formatting?

I have several cheap Cisco access points that do not add their hostname or IP into the syslog lines when they send messages to a remote server. The only opportunity to log the source of the message is to use the source IP when the Syslog UDP input receives it. I can use rsyslog to modify the me

Re: [graylog2] Elasticsearch 5?

http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html On Wednesday, July 27, 2016 at 3:24:58 AM UTC-4, Jan Doberstein wrote: > > Hej Michael, > > > The docs say Elasticsearch 2.1 or greater is required. Does that mean > Elasticsearch 5 is supported now? > > can you please point to

[graylog2] Elasticsearch 5?

The docs say Elasticsearch 2.1 or greater is required. Does that mean Elasticsearch 5 is supported now? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog

[graylog2] Re: Graylog collector side car

I think collector_sidecar.yml installs with a Linux path for the configuration even in Windows. Fix the path and make sure the user running collector-sidecar has rights to write in the folder. Mine looks like this: server_url: http://:12900 node_id: collector_id: file:C:\Program Files (x86)\g

[graylog2] Re: Graylog collector side car

On Thursday, May 19, 2016 at 9:26:40 AM UTC-4, sangh wrote: > > Hi, > i am trying to install the collector side car. i have an error " ERRO[] > [nxlog] Collector exits immediately, this should not happen! Please check > your collector configuration! > > " the error seemes to be with with

[graylog2] Re: installing graylog collector sidecar in windows 10 64bit not working nxlog.exe not create in generted folder

Are you thinking of nxlog.conf? nxlog.exe comes from installing nxlog separately. The sidecar creates nxlog.conf and runs the nxlog service using it. On Thursday, May 19, 2016 at 9:20:06 AM UTC-4, rvb n wrote: > > installing graylog collector sidecar in windows 10 64bit not working > nxlog.exe

[graylog2] Sidecar collector is now a plugin?

I see that the newest version of the sidecar says it needs the graylog-plugin-collector. Is this how the collector functionality will work going forward? The base installation still has a collector page under System/Collectors, is that page going to go away or stop working without the plugin in

[graylog2] Plugins with Docker

Do you guys recommend a way to install plugins with the Docker image? I was going to link the container's plugins directory to a directory on the host like this: docker run -t \ *ports and stuff* -v /graylog2/server/plugins:/usr/share/graylog/plugins \ *other stuff* graylog2/server:2.0.

[graylog2] Re: GELF TCP option for collectors

course you can always configure nxlog manually to use GELF via TCP > instead of using the collector sidecar. But filing that feature request > surely won't hurt. ;-) > > Cheers, > Jochen > > On Tuesday, 26 April 2016 22:00:28 UTC+2, Michael Taylor wrote: >> >> I t

[graylog2] Re: Sending only Errors and warning from the log files using Collector

Drools can work for this purpose, but you should seriously consider nxlog for Windows: it's a tiny service with fully configurable behavior and no Java dependency. On Monday, April 25, 2016 at 9:16:11 AM UTC-4, Shailesh Singh wrote: > > Thanks Jochen for getting back to me. > > I am going to use

[graylog2] GELF TCP option for collectors

I try to use TCP with GELF on all my nxlog collectors on my Windows servers, so that if Graylog goes down the servers know the connection is gone and they hold their messages until they can connect to it again. Then they dump all their backlogged messages to Graylog and I don't lose any message

[graylog2] Re: web interface with v2.0 appears to require direct REST access?

Yes it's required to connect to TCP 12900. That's also where the sidecar and collectors connect. I think the reasoning was that you ought to have the ability to open the firewall to the server since you're already using a bunch of ports to send it the log data it needs. The web interface isn't

[graylog2] How I set up Graylog 2 beta 2 in Docker

This is just a quick write up of how I have Graylog 2 running in Docker. I'm using Ubuntu 15.10 and the official Docker repository, and I added my user to the docker group. I put all my Graylog data on the /graylog2 directory on the host, so each container has volumes mapped there. These are m

Re: [graylog2] Docker 2.0.0-beta.1-1 is telling my browser the wrong REST URL

Thank you. Is there an updated list of all the Docker variables for 2.0 somewhere? Also my host wants to set that IP dynamically when the container is created. Is there a way for the container to find out that IP after it's running? On Fri, Apr 1, 2016 at 10:40 AM, Michael Taylor

[graylog2] Docker 2.0.0-beta.1-1 is telling my browser the wrong REST URL

Client browsers now need to connect to the REST interface on port 12900, and the Docker image now needs that port to be forwarded when the container is started. The web

[graylog2] Thousands of Java errors per second but Graylog is otherwise working

This looks like a bug to me but what do you think? It's the Graylog 1.3 Docker image, running with this command: docker run -t \ --rm \ -p 9000:9000\ -p 1514:1514/udp\ -p 12201:12201 \ -e GRAYLOG_TIMEZONE=EST5EDT \

Re: [graylog2] Re: graylog-ctl is parsing --time incorrectly

Thursday, 3 December 2015 17:13:09 UTC+1, Michael Taylor wrote: >> >> Fresh install of the Vagrant box. Somehow it's putting the options in >> there as "ime" instead of "time" which looks like a misinterpretation of >> the double-dash options. >

[graylog2] Elasticsearch keeps hanging in current VM/Docker images

I've been trying to get Graylog running stable for a couple weeks now, using Ubuntu Trusty and the latest Vagrant, Virtualbox and Docker on different hardware and all have the same problem. The first symptom is that eventually the login page says it failed with error 500 as in Joseph John's thr

[graylog2] graylog-ctl is parsing --time incorrectly

Fresh install of the Vagrant box. Somehow it's putting the options in there as "ime" instead of "time" which looks like a misinterpretation of the double-dash options. 2015-12-03_15:58:14.94821 ERROR [CmdLineTool] Invalid configuration 2015-12-03_15:58:14.94823 com.github.joschi.jadconfig.Parame