Comments (11)
mrlesmithjr
commented on July 27, 2024
I believe you have some of your versions incorrect here? Did you use install script to get these versions? Or other?
Elasticsearch from script is .90.10
graylog2-server from script is 0.20.3
graylog2-web-interface from script is 0.20.3
from graylog2.
Ramasudhastv
commented on July 27, 2024
Thanks ,
I have installed the below packages and Now am able to login to the web interface . but the problem Now I am facing is logs are not redirecting to graylog2 . I have attached my /etc/rsyslog.conf am using centos 6.2
Elasticsearch from script is .90.10
graylog2-server from script is 0.20.3
graylog2-web-interface from script is 0.20.3
cat /etc/rsyslog.conf|grep -v ^$|grep -v ^#
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
$ModLoad imudp.so
$UDPServerRun 514
$ModLoad imtcp.so
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv. /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
.emerg *
uucp,news.crit /var/log/spooler
local7. /var/log/boot.log
from graylog2.
mrlesmithjr
commented on July 27, 2024
you did not use the centos install script it appears? However here is what you need...
sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
echo '$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
echo '$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf
echo '$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf
echo '$PreserveFQDN on' | tee -a /etc/rsyslog.d/32-graylog2.conf
echo '. @localhost:10514;GRAYLOG2-2' | tee -a /etc/rsyslog.d/32-graylog2.conf
from graylog2.
Ramasudhastv
commented on July 27, 2024
I have run the script and restarted rsyslogd service and created below input in the graylog2webinterface , but still no luck .
syslog (Syslog UDP) running
cat 32-graylog2.conf
$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"
$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"
$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
$PreserveFQDN on
. @localhost:10514;GRAYLOG2-2
cat /etc/rsyslog.conf|grep -v ^$|grep -v ^#
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
$ModLoad imudp.so
$UDPServerRun 514
$ModLoad imtcp.so
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv. /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
.emerg *
uucp,news.crit /var/log/spooler
local7. /var/log/boot.log
from graylog2.
mrlesmithjr
commented on July 27, 2024
If I were you I would start over with a fresh new install and run the script and let it do everything for you. Then follow the instructions on the blog to configure Graylog2 once it is working. The script works flawless. Just tested once more myself to confirm.
make sure to use this script install_graylog2_20_centos.sh
from graylog2.
Ramasudhastv
commented on July 27, 2024
Thanks a lot , I have used script to re install and now logs are redirecting .When I am clicking on the Sources I can see the below servers, .
Can I redirect application logs as well to graylog2 ? From where can i get tutorial for creating streams ,Dash boards and setting alerts .
Source name Message count
Server1 531
Server2 8
Server3 5
from graylog2.
Ramasudhastv
commented on July 27, 2024
Can some one please help me here to solve my below problems ..
a) How to redirect application logs to graylog2
b) how to create steams and rules and alerts
c) Setting up Dashboards
from graylog2.
nilesh2590
commented on July 27, 2024
I am facing same issue but my OS for graylog is ubuntu.
I am not able to see server list under source tab..
from graylog2.
jheck88
commented on July 27, 2024
Would appreciate if this wasn't closed. This isn't an isolated issue and the documentation doesn't have a very good troubleshooting section. I'm on ubuntu as well and I'm having the same issues
from graylog2.
mrlesmithjr
commented on July 27, 2024
I will be glad to leave this open if anyone else is interested in taking over on this. I am no longer doing any development on this and all of my efforts are now focused on Ansible installations.
from graylog2.
mrlesmithjr
commented on July 27, 2024
https://github.com/mrlesmithjr/ansible-graylog
from graylog2.
Related Issues (20)
- Script fails at line 317 on Ubuntu. HOT 3
- error when search
- Non root
- Graylog2-server will not launch after first reboot (CentOS only) HOT 1
- Is it possible to redirect application logs to the graylog2 server ? If yes please let me know how to do that . HOT 1
- Error! ×Unable to send dummy alert, check server log for details: API call failed GET http://@127.0.0.1:12900/streams/53cca74084aefa1a7846c480/alerts/sendDummyAlert returned 500 Internal Server Error body: Sending the email to the following server failed : 127.0.0.1:25
- Removing undesired hosts
- Update for 0.90.0 HOT 10
- logging directory isn't created HOT 2
- connect to localhost port 12900 (tcp) failed: Connection refused HOT 2
- Cannot open web interface from browsers HOT 1
- Missing binary 'nc' HOT 1
- nc: connect to localhost port 12900 (tcp) failed: Connection refused problem HOT 1
- syslog Structured Data parsing does not parse 2 datas with the same header HOT 2
- No Graylog servers available. Cannot log in. HOT 2
- graylog interface not showing up HOT 2
- install_graylog2_90_ubuntu.sh worked nice but... HOT 1
- default sshd keys exist in OVA image of appliance HOT 4
- where are the RPMs for installations not from the internet HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graylog2.