J'ai réussi à le mettre en place à travers ton tuto, cependant impossible d'avoir des remontées de logs sur le serveur local (syslog). Sachant que j'a essayé avec la version graylog-server preview j'ai voulu essayer avec une version release. Elasticsearch est lancé, graylog également cependant impossible de se connecter à l'interface web. L'erreur est la suivante :
Check server connection ( None of the configured nodes could be reached )
Logs de /graylog2-server-0.20.0-rc.1-1 :
2014-01-30 18:28:46,769 INFO : org.graylog2.Main - Graylog2 0.20.0-rc.1-1 starting up. (JRE: Oracle Corporation 1.7.0_25 on Linux 3.2.0-4-686-pae)
2014-01-30 18:28:46,844 INFO : org.graylog2.plugin.system.NodeId - Node ID: d3a8b86c-d6ed-4793-9a70-6af00f5b49a1
2014-01-30 18:28:47,025 INFO : org.graylog2.buffers.ProcessBuffer - Initialized ProcessBuffer with ring size and wait strategy .
2014-01-30 18:28:47,035 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with ring size and wait strategy .
2014-01-30 18:28:47,322 INFO : org.elasticsearch.node - [graylog2-server] version[0.90.10], pid[2796], build[0a5781f/2014-01-10T10:18:37Z]
2014-01-30 18:28:47,322 INFO : org.elasticsearch.node - [graylog2-server] initializing …
2014-01-30 18:28:47,328 INFO : org.elasticsearch.plugins - [graylog2-server] loaded [], sites []
2014-01-30 18:28:48,770 INFO : org.elasticsearch.node - [graylog2-server] initialized
2014-01-30 18:28:48,770 INFO : org.elasticsearch.node - [graylog2-server] starting …
2014-01-30 18:28:48,841 INFO : org.elasticsearch.transport - [graylog2-server] bound_address {inet[/0:0:0:0:0:0:0:0:9350]}, publish_address {inet[/192.168.1.18:9350]}
2014-01-30 18:28:51,852 WARN : org.elasticsearch.discovery - [graylog2-server] waited for 3s and no initial state was set by the discovery
2014-01-30 18:28:51,852 INFO : org.elasticsearch.discovery - [graylog2-server] graylog2/LhsBArmVQ0mb6FY1m2DqiQ
2014-01-30 18:28:51,852 INFO : org.elasticsearch.node - [graylog2-server] started
2014-01-30 18:28:51,935 INFO : org.elasticsearch.cluster.service - [graylog2-server] detected_master [Captain Wings][9LuEB2vaS_uJAPeF3gzwWw][inet[/192.168.1.18:9300]]{master=true}, added {[Captain Wings][9LuEB2vaS_uJAPeF3gzwWw][inet[/19$
2014-01-30 18:28:51,978 INFO : org.graylog2.Core - Setting up deflector.
2014-01-30 18:28:51,982 INFO : org.graylog2.indexer.Deflector - Found deflector alias . Using it.
2014-01-30 18:28:51,985 INFO : org.graylog2.initializers.DroolsInitializer - Not using rules
2014-01-30 18:28:51,985 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,985 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,986 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,986 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,987 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,993 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,005 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,012 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,014 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,017 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,023 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,023 INFO : org.graylog2.outputs.OutputRegistry - Initialized output .
2014-01-30 18:28:54,865 INFO : org.glassfish.jersey.server.ApplicationHandler - Initiating Jersey application, version Jersey: 2.5 2013-12-18 14:27:29…
2014-01-30 18:28:55,956 INFO : org.graylog2.Core - Started REST API at http://127.0.0.1:12910/
Logs de graylog2-web-interface-0.20.0-preview.8 :
2014-01-30 18:29:56,981 - [INFO] - from play in main
Application started (Prod)
2014-01-30 18:29:57,053 - [INFO] - from play in main
Listening for HTTP on /0:0:0:0:0:0:0:0:9000
Logs de elasticsearch (la version est la bonne 0.90.1) :
[2014-01-30 18:26:26,864][WARN ][bootstrap ] jvm uses the client vm, make sure to run java with the server vm for best performance by adding -server to the command line
[2014-01-30 18:26:27,114][INFO ][node ] [Marrow] version[0.90.10], pid[2592], build[0a5781f/2014-01-10T10:18:37Z]
[2014-01-30 18:26:27,115][INFO ][node ] [Marrow] initializing …
[2014-01-30 18:26:27,121][INFO ][plugins ] [Marrow] loaded [], sites []
[2014-01-30 18:26:33,458][INFO ][node ] [Marrow] initialized
[2014-01-30 18:26:33,459][INFO ][node ] [Marrow] starting …
[2014-01-30 18:26:33,911][INFO ][transport ] [Marrow] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.1.18:9300]}
[2014-01-30 18:26:37,023][INFO ][cluster.service ] [Marrow] new_master [Marrow][vWBWWUjsRsqBGPG7gh4_YQ][inet[/192.168.1.18:9300]]{master=true}, reason: zen-disco-join (elected_as_master)
[2014-01-30 18:26:37,050][INFO ][discovery ] [Marrow] graylog2/vWBWWUjsRsqBGPG7gh4_YQ
[2014-01-30 18:26:37,072][INFO ][http ] [Marrow] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.1.18:9200]}
[2014-01-30 18:26:37,072][INFO ][node ] [Marrow] started
[2014-01-30 18:26:37,518][INFO ][gateway ] [Marrow] recovered [1] indices into cluster_state
[2014-01-30 18:27:38,597][INFO ][node ] [Marrow] stopping …
[2014-01-30 18:27:38,730][INFO ][node ] [Marrow] stopped
[2014-01-30 18:27:38,731][INFO ][node ] [Marrow] closing …
[2014-01-30 18:27:38,736][INFO ][node ] [Marrow] closed
[2014-01-30 18:28:07,659][WARN ][bootstrap ] jvm uses the client vm, make sure to run java with the server vm for best performance by adding -server to the command line
[2014-01-30 18:28:07,737][INFO ][node ] [Captain Wings] version[0.90.10], pid[2619], build[0a5781f/2014-01-10T10:18:37Z]
[2014-01-30 18:28:07,737][INFO ][node ] [Captain Wings] initializing …
[2014-01-30 18:28:07,743][INFO ][plugins ] [Captain Wings] loaded [], sites []
[2014-01-30 18:28:09,797][INFO ][node ] [Captain Wings] initialized
[2014-01-30 18:28:09,797][INFO ][node ] [Captain Wings] starting …
[2014-01-30 18:28:09,914][INFO ][transport ] [Captain Wings] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.1.18:9300]}
[2014-01-30 18:28:12,954][INFO ][cluster.service ] [Captain Wings] new_master [Captain Wings][9LuEB2vaS_uJAPeF3gzwWw][inet[/192.168.1.18:9300]]{master=true}, reason: zen-disco-join (elected_as_master)
[2014-01-30 18:28:12,980][INFO ][discovery ] [Captain Wings] graylog2/9LuEB2vaS_uJAPeF3gzwWw
[2014-01-30 18:28:13,002][INFO ][http ] [Captain Wings] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.1.18:9200]}
[2014-01-30 18:28:13,002][INFO ][node ] [Captain Wings] started
[2014-01-30 18:28:13,455][INFO ][gateway ] [Captain Wings] recovered [1] indices into cluster_state
[2014-01-30 18:28:51,921][INFO ][cluster.service ] [Captain Wings] added {[graylog2-server][LhsBArmVQ0mb6FY1m2DqiQ][inet[/192.168.1.18:9350]]{client=true, data=false, master=false},}, reason: zen-disco-receive(join from node[[g$
J'utilise la dernière version de graylog2 (0.20). Je vais suivre ton tuto, il est a jour et parait simple. Je vous donnerai mon retour sur l'installation sur wheezy.
J'ai d'autres questions. Une concerne le partitionnement : faut il déplacer le stockage de graylog sur une partition dédiée ? Si oui laquelle : /var ou /opt ?. L'autre concerne la remontée de log de Windows : utilisation de nxlog est elle possible ?
# Test
Posté par Jikaz . En réponse au message Demande de conseils / procédures récentes pour Graylog2. Évalué à 1.
Re,
J'ai réussi à le mettre en place à travers ton tuto, cependant impossible d'avoir des remontées de logs sur le serveur local (syslog). Sachant que j'a essayé avec la version graylog-server preview j'ai voulu essayer avec une version release. Elasticsearch est lancé, graylog également cependant impossible de se connecter à l'interface web. L'erreur est la suivante :
Check server connection ( None of the configured nodes could be reached )
Logs de /graylog2-server-0.20.0-rc.1-1 :
2014-01-30 18:28:46,769 INFO : org.graylog2.Main - Graylog2 0.20.0-rc.1-1 starting up. (JRE: Oracle Corporation 1.7.0_25 on Linux 3.2.0-4-686-pae)
2014-01-30 18:28:46,844 INFO : org.graylog2.plugin.system.NodeId - Node ID: d3a8b86c-d6ed-4793-9a70-6af00f5b49a1
2014-01-30 18:28:47,025 INFO : org.graylog2.buffers.ProcessBuffer - Initialized ProcessBuffer with ring size and wait strategy .
2014-01-30 18:28:47,035 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with ring size and wait strategy .
2014-01-30 18:28:47,322 INFO : org.elasticsearch.node - [graylog2-server] version[0.90.10], pid[2796], build[0a5781f/2014-01-10T10:18:37Z]
2014-01-30 18:28:47,322 INFO : org.elasticsearch.node - [graylog2-server] initializing …
2014-01-30 18:28:47,328 INFO : org.elasticsearch.plugins - [graylog2-server] loaded [], sites []
2014-01-30 18:28:48,770 INFO : org.elasticsearch.node - [graylog2-server] initialized
2014-01-30 18:28:48,770 INFO : org.elasticsearch.node - [graylog2-server] starting …
2014-01-30 18:28:48,841 INFO : org.elasticsearch.transport - [graylog2-server] bound_address {inet[/0:0:0:0:0:0:0:0:9350]}, publish_address {inet[/192.168.1.18:9350]}
2014-01-30 18:28:51,852 WARN : org.elasticsearch.discovery - [graylog2-server] waited for 3s and no initial state was set by the discovery
2014-01-30 18:28:51,852 INFO : org.elasticsearch.discovery - [graylog2-server] graylog2/LhsBArmVQ0mb6FY1m2DqiQ
2014-01-30 18:28:51,852 INFO : org.elasticsearch.node - [graylog2-server] started
2014-01-30 18:28:51,935 INFO : org.elasticsearch.cluster.service - [graylog2-server] detected_master [Captain Wings][9LuEB2vaS_uJAPeF3gzwWw][inet[/192.168.1.18:9300]]{master=true}, added {[Captain Wings][9LuEB2vaS_uJAPeF3gzwWw][inet[/19$
2014-01-30 18:28:51,978 INFO : org.graylog2.Core - Setting up deflector.
2014-01-30 18:28:51,982 INFO : org.graylog2.indexer.Deflector - Found deflector alias . Using it.
2014-01-30 18:28:51,985 INFO : org.graylog2.initializers.DroolsInitializer - Not using rules
2014-01-30 18:28:51,985 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,985 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,986 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,986 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,987 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:51,993 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,005 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,012 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,014 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,017 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,023 INFO : org.graylog2.initializers.Initializers - Initialized initializer .
2014-01-30 18:28:52,023 INFO : org.graylog2.outputs.OutputRegistry - Initialized output .
2014-01-30 18:28:54,865 INFO : org.glassfish.jersey.server.ApplicationHandler - Initiating Jersey application, version Jersey: 2.5 2013-12-18 14:27:29…
2014-01-30 18:28:55,956 INFO : org.graylog2.Core - Started REST API at http://127.0.0.1:12910/
Logs de graylog2-web-interface-0.20.0-preview.8 :
2014-01-30 18:29:56,981 - [INFO] - from play in main
Application started (Prod)
2014-01-30 18:29:57,053 - [INFO] - from play in main
Listening for HTTP on /0:0:0:0:0:0:0:0:9000
Logs de elasticsearch (la version est la bonne 0.90.1) :
[2014-01-30 18:26:26,864][WARN ][bootstrap ] jvm uses the client vm, make sure to run
javawith the server vm for best performance by adding-serverto the command line[2014-01-30 18:26:27,114][INFO ][node ] [Marrow] version[0.90.10], pid[2592], build[0a5781f/2014-01-10T10:18:37Z]
[2014-01-30 18:26:27,115][INFO ][node ] [Marrow] initializing …
[2014-01-30 18:26:27,121][INFO ][plugins ] [Marrow] loaded [], sites []
[2014-01-30 18:26:33,458][INFO ][node ] [Marrow] initialized
[2014-01-30 18:26:33,459][INFO ][node ] [Marrow] starting …
[2014-01-30 18:26:33,911][INFO ][transport ] [Marrow] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.1.18:9300]}
[2014-01-30 18:26:37,023][INFO ][cluster.service ] [Marrow] new_master [Marrow][vWBWWUjsRsqBGPG7gh4_YQ][inet[/192.168.1.18:9300]]{master=true}, reason: zen-disco-join (elected_as_master)
[2014-01-30 18:26:37,050][INFO ][discovery ] [Marrow] graylog2/vWBWWUjsRsqBGPG7gh4_YQ
[2014-01-30 18:26:37,072][INFO ][http ] [Marrow] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.1.18:9200]}
[2014-01-30 18:26:37,072][INFO ][node ] [Marrow] started
[2014-01-30 18:26:37,518][INFO ][gateway ] [Marrow] recovered [1] indices into cluster_state
[2014-01-30 18:27:38,597][INFO ][node ] [Marrow] stopping …
[2014-01-30 18:27:38,730][INFO ][node ] [Marrow] stopped
[2014-01-30 18:27:38,731][INFO ][node ] [Marrow] closing …
[2014-01-30 18:27:38,736][INFO ][node ] [Marrow] closed
[2014-01-30 18:28:07,659][WARN ][bootstrap ] jvm uses the client vm, make sure to run
javawith the server vm for best performance by adding-serverto the command line[2014-01-30 18:28:07,737][INFO ][node ] [Captain Wings] version[0.90.10], pid[2619], build[0a5781f/2014-01-10T10:18:37Z]
[2014-01-30 18:28:07,737][INFO ][node ] [Captain Wings] initializing …
[2014-01-30 18:28:07,743][INFO ][plugins ] [Captain Wings] loaded [], sites []
[2014-01-30 18:28:09,797][INFO ][node ] [Captain Wings] initialized
[2014-01-30 18:28:09,797][INFO ][node ] [Captain Wings] starting …
[2014-01-30 18:28:09,914][INFO ][transport ] [Captain Wings] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.1.18:9300]}
[2014-01-30 18:28:12,954][INFO ][cluster.service ] [Captain Wings] new_master [Captain Wings][9LuEB2vaS_uJAPeF3gzwWw][inet[/192.168.1.18:9300]]{master=true}, reason: zen-disco-join (elected_as_master)
[2014-01-30 18:28:12,980][INFO ][discovery ] [Captain Wings] graylog2/9LuEB2vaS_uJAPeF3gzwWw
[2014-01-30 18:28:13,002][INFO ][http ] [Captain Wings] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.1.18:9200]}
[2014-01-30 18:28:13,002][INFO ][node ] [Captain Wings] started
[2014-01-30 18:28:13,455][INFO ][gateway ] [Captain Wings] recovered [1] indices into cluster_state
[2014-01-30 18:28:51,921][INFO ][cluster.service ] [Captain Wings] added {[graylog2-server][LhsBArmVQ0mb6FY1m2DqiQ][inet[/192.168.1.18:9350]]{client=true, data=false, master=false},}, reason: zen-disco-receive(join from node[[g$
# Version et Tutoriel
Posté par Jikaz . En réponse au message Demande de conseils / procédures récentes pour Graylog2. Évalué à 1.
J'utilise la dernière version de graylog2 (0.20). Je vais suivre ton tuto, il est a jour et parait simple. Je vous donnerai mon retour sur l'installation sur wheezy.
J'ai d'autres questions. Une concerne le partitionnement : faut il déplacer le stockage de graylog sur une partition dédiée ? Si oui laquelle : /var ou /opt ?. L'autre concerne la remontée de log de Windows : utilisation de nxlog est elle possible ?
Je vous tiens au courant, merci