Unable to get the logs shows consistent error


(Blason) #1

Hi Guys,

I set up graylog virtual image and trying to get the DNS queries as I have setup sinkhole. However when I am going to set up dashboard it consistently shows error as IP address already in use and unable to see any data on dashboard as connector does not start.
Even then I tried building from scratch on CentOS 7 and its the same issue.

Not sure why this happening, Can someone pls help?


(Jan Doberstein) #2

dear @blason

  • how did you get DNS queries into Graylog?
  • What error did you get exact and what was the action before?
  • What Dashboard did you build?
  • did you follow any guide? If yes - which (include URL)

you need to elaborate on every single problem you have that someone is able to help you.


(Blason) #3

Hi there,

My apologies for delay in response, we have a community based DNS Sink hole appliance and they have built their own plugins to import the data into Graylog but somehow I am still getting error as specified above, It says IP address is already assigned. I tried multiple desktops, multiple variants but one thing is I have tried on vmware workstation since I do not have physical machine.

Could that be the issue?


(Jan Doberstein) #4

hej

I do not understand your problem - did your VM tried to use one IP that is used by another computer?

That is nothing we can support and you should get some local help to sort out your networking issues first.

Jan


(Blason) #5

Hi there,

Nope …I am network expert and I am 200% sure that I have not configured ip address which is already used.
This is showing the same error with Virtual appliance as well as when installed on CentOS 7.

Let me share you snapshot for the same.


(Blason) #6

BTW just off this chat. Can I use Graylog for SIEM kind of a fucntion? That means collect logs from firewall, syslog, IDS, OSSEC correlate and present it into good dashboard? Or is it just a log management solution?


(Jan Doberstein) #7

Hej @blason

perfect if you are the network expert, you will be able to find the reason why you have the same IP configured in more than one server.

And yes - you can use Graylog for some kind of SIEM work.


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.