search

cvtienhoven / graylog-plugin-aggregates

Aggregates plugin for Graylog
https://marketplace.graylog.org
GNU General Public License v3.0
53 stars 12 forks source link

Plugin does not load (Graylog 2.4) #31

Closed nukulaar closed 6 years ago

nukulaar commented 6 years ago

I just updated graylog to 2.4 and the plugin does not seem to load at all. Is it already compatible with 2.4?

jebucha commented 6 years ago

It loads and functions for me, Graylog 2.4, Aggregates plugin version 2.2.0. Anything useful in your Graylog server.log?

nukulaar commented 6 years ago

Hm thats strange. I do not receive any errors in the startup process. The plugin is just not listed. I tried the 2.2.0-SNAPSHOT version and the 2.1.1 Release. The jar is dropped in the same directory as the other plugins.

2018-01-11T11:15:27.628+01:00 INFO  [LogManager] Shutting down.
2018-01-11T11:15:27.863+01:00 INFO  [LogManager] Shutdown complete.
2018-01-11T11:15:28.949+01:00 INFO  [NetworkListener] Stopped listener bound to [<hostname>:9000]
2018-01-11T11:15:28.950+01:00 INFO  [ServiceManagerListener] Services are now stopped.
2018-01-11T11:15:36.722+01:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.0 [org.graylog.aws.plugin.AWSPlugin]
2018-01-11T11:15:36.725+01:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.0 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-01-11T11:15:36.726+01:00 INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.0 [org.graylog.plugins.cef.CEFInputPlugin]
2018-01-11T11:15:36.728+01:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.4.0 [org.graylog.plugins.collector.CollectorPlugin]
2018-01-11T11:15:36.728+01:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.0 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-01-11T11:15:36.729+01:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.0 [org.graylog.plugins.map.MapWidgetPlugin]
2018-01-11T11:15:36.731+01:00 INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.0 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-01-11T11:15:36.740+01:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.0 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-01-11T11:15:36.741+01:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.0 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-01-11T11:15:37.435+01:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms4g -Xmx4g -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClass
UnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
GTownson commented 6 years ago

Have you checked the permissions of the plugin.jar file?

nukulaar commented 6 years ago

Yes, all are the same. Also did not find any SELINUX messages.

drwxr-xr-x. 1 root root  714 10. Jan 12:38 .
drwxr-xr-x. 1 root root  114 10. Jan 11:29 ..
-rw-r--r--. 1 root root  634 10. Jan 12:38 graylog-plugin-aggregates-2.2.0-SNAPSHOT.jar
-rw-r--r--. 1 root root  14M 22. Dez 13:29 graylog-plugin-aws-2.4.0.jar
-rw-r--r--. 1 root root  27K 22. Dez 13:29 graylog-plugin-beats-2.4.0.jar
-rw-r--r--. 1 root root  59K 22. Dez 13:29 graylog-plugin-cef-2.4.0.jar
-rw-r--r--. 1 root root 2,9M 22. Dez 13:29 graylog-plugin-collector-2.4.0.jar
-rw-r--r--. 1 root root 4,1M 22. Dez 13:29 graylog-plugin-enterprise-integration-2.4.0.jar
-rw-r--r--. 1 root root 6,4M 22. Dez 13:29 graylog-plugin-map-widget-2.4.0.jar
-rw-r--r--. 1 root root 690K 22. Dez 13:29 graylog-plugin-netflow-2.4.0.jar
-rw-r--r--. 1 root root 5,4M 22. Dez 13:29 graylog-plugin-pipeline-processor-2.4.0.jar
-rw-r--r--. 1 root root 4,4M 22. Dez 13:29 graylog-plugin-threatintel-2.4.0.jar
GTownson commented 6 years ago

So it seems that you plugin.jar file is smaller than it should be. I have just downloaded it into my Graylog plugin folder and it's coming up as 7.4mb. I suggest deleting and re-downloading the file. What link did you download the Jar from? I used: https://github.com/cvtienhoven/graylog-plugin-aggregates/releases/download/2.2.0-SNAPSHOT/graylog-plugin-aggregates-2.2.0-SNAPSHOT.jar

nukulaar commented 6 years ago

Great finding. I downloaded it with "curl -O" right into the plugin folder. There seemed to be something wrong with the downloaded file. After redownloading the file it works. Thanks for you help!

GTownson commented 6 years ago

Glad I could help :)