cannot Install the Content pack

[bendcunha]

Dears I have the below

GrayLog server ( graylog-enterprise-5.2.4-1.x86_64 ) and i am installing the below content pack

Content_pack.json 1.6.4-rev24

but i am not able to install as it gives the below error

---

nstalling content pack failed with status: FetchError: There was an error fetching a resource: Internal Server Error. Additional information: Failed to install content pack <85f976d9-4d2d-45f9-922d-25d2d9c11f87/25>. Could not install content pack with ID: 85f976d9-4d2d-45f9-922d-25d2d9c11f87

---

Also the server.log has the below

Stream with title FortiGate Syslog does not exist!

Dear sean I do apprecite your help and advice

Regards

simon

[Houtek]

Hello, Did you create the index set first? I installed the content pack yesterday on a fresh Graylog Open installation.

[bendcunha]

Dear Houtek, Really appreciate your reply and sorry for the delay. Actually, I had not created the index set. I did create the index set but still I have the same problem that installing the pack fails ContentPackException: Stream with title does not exist! Now I did create a stream with the title FortiGate Syslog and I could install the stream but there were no meesages in that stream and also dashboard there was an error also without above stream I could install the graylog syslog pipeline Now as I begin to understand maybe I am wrong the stream with Fortigate Title should be created automatically under streams tab and with the rule devid Appreciate if you can advise me what I am missing. I followed the below link https://seanthegeek.net/1270/how-to-create-a-single-node-graylog-instance-and-analyze-fortigate-logs/

Thanks and Apprecite

regards

simon

[ddistler]

I had the same issue on a fresh docker install. I created the index, then tried to install the content pack and got the same error message.

I ended up installing rev 14 successfully. I tried to install rev 25 but it failed. I then installed rev 20 successfully, and then rev 25 successfully.

When I install the pipeline content pack, I have the same issue and have not been able to get it to work.

[bendcunha]

Thanks ddistler

Really appreciate your quick reply. can you please help me with the links of rev 14 n 20 I could only find reversion 21 but could not install it

Thanks and Appreciate

regards

simon

[ddistler]

I can give you the links, but I haven't confirmed it worked because I have issues with the pipeline content pack.

The best way to get older versions is from the main page, click releases. On the left side of each release is the date, author, rev number, and branch. Click on the branch link then you can the diff. you can then browse branch and download the file.

[bendcunha]

OH ok Thank you and appecite .. will check it out

regards

simon

[seanthegeek]

I just fixed this in 1.6.5-rev25. It installs correctly on a fresh install of Graylog. I have also released 1.0.5-rev7 of the FortiGate syslog pipeline content pack, which will install correctly after this content pack ins installed on a fresh Graylog install. For more information on the pipeline install, see https://github.com/seanthegeek/graylog-fortigate-syslog-pipeline/issues/1.

[bendcunha]

Dear ddistler Sorry for the delay in reply just got stuck with some issues Btw just to inform you as per you email 2 days back i uninstalled the rev 25 and installed rev 20 n upgraded to rev 25 without uninstalling the previously installed pipeline content pack. After that everything went fine and I could see that messages from the default stream were routed to the Fortigate Syslog stream. But also I found that the dashboard tabs DNS Filter was blank and I was not able to understand forward traffic and SSL inspection dashboard. Anyway many many thanks to sean whos been doing a marvelous Job and has shared his newer revision yesterday

will try his new release and check it out

Thanks and regards

simon