search

cvtienhoven / graylog-plugin-aggregates

Aggregates plugin for Graylog
https://marketplace.graylog.org
GNU General Public License v3.0
53 stars 12 forks source link

Fetching aggregate rules failed #8

Closed Vebryn closed 6 years ago

Vebryn commented 7 years ago

Hello,

Your plugin looks amazing. Graylog hopelessly doesn't provide this kind of aggregation.

When I click on Aggregate, following error is displayed : 

Fetching aggregate rules failed with status: Error: cannot GET https://vanaheim.fr/graylog/api/graylog/plugins/org.graylog.plugins.aggregates/rules (404)

When I create a rule, following error is displayed : 

Creating rule failed with status: cannot PUT https://vanaheim.fr/graylog/api/graylog/plugins/org.graylog.plugins.aggregates/rules (404)

Some warning when Graylog is starting :

2017-03-13T19:20:19.604+01:00 INFO  [CmdLineTool] Loaded plugin: Aggregates 0.0.14 [org.graylog.plugins.aggregates.AggregatesPlugin]
...
2017-03-13T19:20:37.369+01:00 INFO  [Aggregates] constructor
...
2017-03-13T19:20:37.826+01:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.Aggregates] periodical in [0s], polling every [60s].
2017-03-13T19:20:37.829+01:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.report.AggregatesReport] periodical in [0s], polling every [60s].
2017-03-13T19:20:37.834+01:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance] periodical in [0s], polling every [60s].
2017-03-13T19:20:37.876+01:00 INFO  [AggregatesMaintenance] removed 0 history items
...
2017-03-13T19:20:47.179+01:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail:    PUT /graylog/api/plugins/org.graylog.plugins.aggregates/rules
2017-03-13T19:20:47.179+01:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail:   POST /graylog/api/plugins/org.graylog.plugins.aggregates/rules/{name}
2017-03-13T19:20:47.180+01:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail: DELETE /graylog/api/plugins/org.graylog.plugins.aggregates/rules/{name}

I'm using Graylog 2.2.0.

Best regards.

cvtienhoven commented 7 years ago

Hi @Vebryn, thanks for using the plugin and the effort to post an issue. It seems like the plugin is loaded correctly because of the periodicals being started correctly. Could you try to create a rule via the api-browser and check the response?

Btw, do you have admin privileges? If that's not the case, you should make sure you have the following permissions granted (only configurable via API calls):

aggregate_rules:read aggregate_rules:create aggregate_rules:update aggregate_rules:delete

cvtienhoven commented 7 years ago

Hi @Vebryn, is there any chance you could do a re-test of this issue, and perhaps with the latest version of the plugin (1.0.1)?

Vebryn commented 7 years ago

Hello, just tried 1.0.1 with Graylog 2.2.3.

Aggregate menu :

Could not retrieve schedules
Fetching schedules failed with status: Error: cannot GET https://.../plugins/org.graylog.plugins.aggregates/schedules (404)
Could not retrieve rules
Fetching aggregate rules failed with status: Error: cannot GET https://.../plugins/org.graylog.plugins.aggregates/rules (404)

Starting logs :

2017-05-11T20:25:04.759+02:00 INFO  [CmdLineTool] Loaded plugin: Aggregates 1.0.1 [org.graylog.plugins.aggregates.AggregatesPlugin]
2017-05-11T20:25:04.763+02:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.2.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2017-05-11T20:25:04.766+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.2.3 [org.graylog.plugins.collector.CollectorPlugin]
2017-05-11T20:25:04.768+02:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.2.3 [org.graylog.plugins.map.MapWidgetPlugin]
2017-05-11T20:25:04.778+02:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.2.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
...
2017-05-11T20:25:22.391+02:00 INFO  [ServerBootstrap] Graylog server 2.2.3+7adc951 starting up
2017-05-11T20:25:22.394+02:00 INFO  [ServerBootstrap] JRE: Oracle Corporation 1.8.0_121 on Linux 3.16.0-4-amd64
2017-05-11T20:25:22.397+02:00 INFO  [ServerBootstrap] Deployment: deb
2017-05-11T20:25:22.398+02:00 INFO  [ServerBootstrap] OS: Debian GNU/Linux 8 (jessie) (debian)
2017-05-11T20:25:22.398+02:00 INFO  [ServerBootstrap] Arch: amd64
2017-05-11T20:25:22.406+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2017-05-11T20:25:22.439+02:00 INFO  [PeriodicalsService] Starting 27 periodicals ...
...
2017-05-11T20:25:22.588+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.Aggregates] periodical in [0s], polling every [60s].
2017-05-11T20:25:22.589+02:00 WARN  [Aggregates] Indexer is not running, not checking any rules this run.
2017-05-11T20:25:22.590+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.report.AggregatesReport] periodical in [0s], polling every [60s].
2017-05-11T20:25:22.598+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.aggregates.maintenance.AggregatesMaintenance] periodical in [0s], polling every [60s].
2017-05-11T20:25:22.619+02:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2017-05-11T20:25:22.662+02:00 INFO  [AggregatesMaintenance] removed 0 history items
...
2017-05-11T20:25:31.587+02:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail:    PUT /plugins/org.graylog.plugins.aggregates/schedules
2017-05-11T20:25:31.587+02:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail:   POST /plugins/org.graylog.plugins.aggregates/schedules/{name}
2017-05-11T20:25:31.590+02:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail: DELETE /plugins/org.graylog.plugins.aggregates/schedules/{id}
2017-05-11T20:25:31.595+02:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail:    PUT /plugins/org.graylog.plugins.aggregates/rules
2017-05-11T20:25:31.596+02:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail:   POST /plugins/org.graylog.plugins.aggregates/rules/{name}
2017-05-11T20:25:31.596+02:00 WARN  [AuditEventModelProcessor] REST endpoint not included in audit trail: DELETE /plugins/org.graylog.plugins.aggregates/rules/{name}
...
cvtienhoven commented 7 years ago

Hi @Vebryn, looking again at your first post I see that you're using HTTPS. Are you using something like Nginx or Apache or something to facilitate this? Anyway, I see that the API call is being made to the URI /graylog/api/graylog/plugins/org.graylog.plugins.aggregates/rules. However, the correct URI should be /graylog/api/plugins/org.graylog.plugins.aggregates/rules. I think there is something not entirely correct in the configuration of Graylog or a proxying service in front of it.

cvtienhoven commented 6 years ago

Hi @Vebryn, I'm going to close this issue because we haven't discussed it for quite a while now, I guess you resolved it. If you have any other problem, feel free to add another issue.