I am new to GrayLog and I have encountered a problem. I have setup my GrayLog server as follows:
Now I am sending log data from all 3 hosts to RSYSLOG and then to GRAYLOG. On the GrayLog I can see logs from 1 host but if I try send logs from another host then it doesn’t show anything.
I ran a packet capture on the GrayLog and the packets are reaching GrayLog, I can see that in tcp dump.
But nothing comes up on the Web UI of GrayLog.
Anyone have any idea?
Hello and Welcome,
I would check the date/time of the devices sending and receiving logs is correct.
check the status of elasticsearch.
NOTE: change it to your correct ip address.
curl -XGET 'http://188.8.131.52:9200/_cluster/health?pretty=true'
What does the INPUT configuration look like? Did you try to use a global configuration?
Hope that helps
Hello. I checked the timezone and they were different. It worked for me. Thank you so much.
Just one question does graylog take UTC as default timezone. Because the server where I installed graylog has EDT but graylog itself has UTC and thats why I wasn’t seeing any message?
And also is there anyway I can change timezone of graylog to EDT?
Because in the admin profile I can’t change timezone on WEB UI
But I really appreciate for your help. Now I know what the issue is. Thanks again
EDIT - I have installed graylog using docker container
Thats great, I’m glad I could help.
About Docker, we dont get along very well, so my focus is in package handlers instead
But as for your other question.
I read some where in the forum that Graylog by default uses UTC, Im not 100% sure thou, but there are other setting you can configure.
That would be here.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
# The email address of the root user.
# Default is empty
#root_email = ""
# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC
# Set plugin directory here (relative or absolute)
plugin_dir = plugin
# REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
# When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
rest_listen_uri = http://127.0.0.1:9000/api/
# REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
As for Graylog 4, I do know that the user/s can set there own Time zone in there profile.
Hope that helps
Thank you for the help.
I found a parameter to add in the yaml file to set the timezone to EDT when we start the GrayLog docker
It is as follows:
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.