Connection between Graylog and Riemann is established but no event are forwarded

[schildeinp]

Hi, I am using the 1.1.2 plugin with Graylog 2.0.3 and configured it to communicate with riemann on another server over tcp/5555. I see the established connection (nestat and tcpdump) but no events are forwarded. I can't see any events in the riemann log. I also tried UDP with the same outcome. Any sugestions? Thank you very much in advance.

[mariussturm]

Hi, do you have any messages in the stream that is associated to the output?

[schildeinp]

Hi, of course. A stream with all events which arrive at the graylog.

[mariussturm]

Without any error message it's then hard to say if this is a bug or a missconfiguration. Do you see anything in the Graylog server log or in Riemann?

[schildeinp]

Nothing at all. In the graylog log I see the start of the plugin, as mentioned I can observe the connection establishment but after that nothing more happens ...

[igoros777]

I'm seeing a similar behavior. The graylog2 server log shows plugin is loaded: Loaded plugin: Riemann Output Plugin 1.1.2 [org.graylog2.outputs.riemann.RiemannOutput]

It functions fine in Web UI. The stream has messages. Connection between riemann and graylog is established on port 5555.

root@graylog:/var/log/graylog# netstat -tunap | grep 5555 tcp6 0 0 0.0.0.0:5555 :::* LISTEN 11646/java tcp6 0 0 127.0.0.1:5555 127.0.0.1:58950 ESTABLISHED 11646/java tcp6 0 0 127.0.0.1:58950 127.0.0.1:5555 ESTABLISHED 15215/java udp6 0 0 :::5555 :::* 11646/java

riemann 11646 1 0 15:16 ? 00:00:11 java -cp :/usr/share/riemann/riemann.jar riemann.bin start /etc/riemann/riemann.config

root 15215 839 74 15:29 ? 00:04:46 /opt/graylog/embedded/jre/bin/java -Xms1g -Xmx1500m -XX:NewRatio=1 -server -XX:+ResizeTLAB

But I see nothing in either riemann log or the riemann-dash. Both work with other inputs, such as riemann-health.

[mf-collinhayden]

I see the same as these guys, it doesn't work. I used netstat to verify the handshake and see the ESTABLISHED connection. I also see the plugin start up in the graylog server.log. I used tcpdump and see the handshake, but after that nothing is coming across the wire. We created the output and mapped it to a stream... we tried both udp and tcp and nothing.

here are the versions we are using: dpkg -l | grep graylog ii graylog-server 2.0.3-1 all Graylog server

/etc/graylog/server$ ls -al /usr/share/graylog-server/plugin/ | grep riemann -rw-r--r-- 1 root root 135371 Aug 20 2015 graylog-plugin-output-riemann-1.1.3-SNAPSHOT.jar

[mariussturm]

I have updated the Riemann Java client in v1.1.3, UDP and TCP is working on my machine. When you see an established TCP connection without events on the Riemann server side, keep in mind that this plugin is working in batches. It waits until there are enough messages for a batch and sends them together. With a batch size of 1 you can see the events immediately but it comes with a performance degradation: https://github.com/Graylog2/graylog-plugin-riemann/releases/tag/v1.1.3