search

mrlesmithjr / graylog2

GNU General Public License v2.0
118 stars 57 forks source link

Graylog2 Web Interface is disconnected. #23

Closed Ramasudhastv closed 9 years ago

Ramasudhastv commented 10 years ago

I have installed elastic search elasticsearch-0.20.6 , mongodb , graylog2-server-0.12.0 and graylog2-web-interface-0.20.3 .java version "1.7.0_51"

When am trying to access Graylog2 interface am getting the below error

No Graylog2 servers available. Cannot log in

"The web interface was unable to connect to any Graylog2 node in the cluster so far. Please check that the configured nodes shown on the left hand side are correct and that the servers are reachable. "

mrlesmithjr commented 10 years ago

I believe you have some of your versions incorrect here? Did you use install script to get these versions? Or other? Elasticsearch from script is .90.10 graylog2-server from script is 0.20.3 graylog2-web-interface from script is 0.20.3

Ramasudhastv commented 10 years ago

Thanks , I have installed the below packages and Now am able to login to the web interface . but the problem Now I am facing is logs are not redirecting to graylog2 . I have attached my /etc/rsyslog.conf am using centos 6.2

Elasticsearch from script is .90.10 graylog2-server from script is 0.20.3 graylog2-web-interface from script is 0.20.3

cat /etc/rsyslog.conf|grep -v ^$|grep -v ^# $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) $ModLoad imudp.so $UDPServerRun 514 $ModLoad imtcp.so $InputTCPServerRun 514 $ActionFileDefaultTemplate RSYSLOGTraditionalFileFormat .info;mail.none;authpriv.none;cron.none /var/log/messages authpriv. /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron .emerg * uucp,news.crit /var/log/spooler local7._ /var/log/boot.log

mrlesmithjr commented 10 years ago

you did not use the centos install script it appears? However here is what you need...

sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf echo '$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf echo '$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf echo '$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf echo '$PreserveFQDN on' | tee -a /etc/rsyslog.d/32-graylog2.conf echo '. @localhost:10514;GRAYLOG2-2' | tee -a /etc/rsyslog.d/32-graylog2.conf

Ramasudhastv commented 10 years ago

I have run the script and restarted rsyslogd service and created below input in the graylog2webinterface , but still no luck .

syslog (Syslog UDP) running

cat 32-graylog2.conf $template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n" $template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n" $template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n" $PreserveFQDN on . @localhost:10514;GRAYLOG2-2

cat /etc/rsyslog.conf|grep -v ^$|grep -v ^# $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) $ModLoad imudp.so $UDPServerRun 514 $ModLoad imtcp.so $InputTCPServerRun 514 $ActionFileDefaultTemplate RSYSLOGTraditionalFileFormat .info;mail.none;authpriv.none;cron.none /var/log/messages authpriv. /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron .emerg * uucp,news.crit /var/log/spooler local7._ /var/log/boot.log

mrlesmithjr commented 10 years ago

If I were you I would start over with a fresh new install and run the script and let it do everything for you. Then follow the instructions on the blog to configure Graylog2 once it is working. The script works flawless. Just tested once more myself to confirm. make sure to use this script install_graylog2_20_centos.sh

Ramasudhastv commented 10 years ago

Thanks a lot , I have used script to re install and now logs are redirecting .When I am clicking on the Sources I can see the below servers, .

Can I redirect application logs as well to graylog2 ? From where can i get tutorial for creating streams ,Dash boards and setting alerts .

Source name Message count Server1 531 Server2 8 Server3 5

Ramasudhastv commented 10 years ago

Can some one please help me here to solve my below problems .. a) How to redirect application logs to graylog2 b) how to create steams and rules and alerts c) Setting up Dashboards

nilesh2590 commented 9 years ago

I am facing same issue but my OS for graylog is ubuntu. I am not able to see server list under source tab..

jheck88 commented 9 years ago

Would appreciate if this wasn't closed. This isn't an isolated issue and the documentation doesn't have a very good troubleshooting section. I'm on ubuntu as well and I'm having the same issues

mrlesmithjr commented 9 years ago

I will be glad to leave this open if anyone else is interested in taking over on this. I am no longer doing any development on this and all of my efforts are now focused on Ansible installations.

mrlesmithjr commented 9 years ago

https://github.com/mrlesmithjr/ansible-graylog