From owner-svn-ports-all@freebsd.org Sat Dec 15 00:52:52 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A222A132769F; Sat, 15 Dec 2018 00:52:52 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 536A9736B8; Sat, 15 Dec 2018 00:52:52 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2D9867A2C; Sat, 15 Dec 2018 00:52:52 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wBF0qq1S023422; Sat, 15 Dec 2018 00:52:52 GMT (envelope-from joneum@FreeBSD.org) Received: (from joneum@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wBF0qpWt023416; Sat, 15 Dec 2018 00:52:51 GMT (envelope-from joneum@FreeBSD.org) Message-Id: <201812150052.wBF0qpWt023416@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: joneum set sender to joneum@FreeBSD.org using -f From: Jochen Neumeister Date: Sat, 15 Dec 2018 00:52:51 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r487477 - in head: . sysutils/graylog sysutils/graylog/files X-SVN-Group: ports-head X-SVN-Commit-Author: joneum X-SVN-Commit-Paths: in head: . sysutils/graylog sysutils/graylog/files X-SVN-Commit-Revision: 487477 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 536A9736B8 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.85 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.99)[-0.991,0]; NEURAL_HAM_SHORT(-0.98)[-0.984,0]; NEURAL_HAM_LONG(-0.87)[-0.873,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Dec 2018 00:52:53 -0000 Author: joneum Date: Sat Dec 15 00:52:50 2018 New Revision: 487477 URL: https://svnweb.freebsd.org/changeset/ports/487477 Log: sysutils/graylog: update to 2.4.6 - use templating to manage graylog_logging.xml config - update mentioned dependencies in pkg-message.in - update server.conf from 2.4.6 source extract - re-import FreeBSD ports variables into server.conf.in PR: 233181 Submitted by: dch Approved by: thomas@bartelmess.io (maintainer timeout) Sponsored by: Netzkommune GmbH Differential Revision: https://reviews.freebsd.org/D17965 Added: head/sysutils/graylog/files/graylog_logging.xml.in - copied, changed from r487468, head/sysutils/graylog/files/graylog_logging.xml Deleted: head/sysutils/graylog/files/graylog_logging.xml Modified: head/UPDATING head/sysutils/graylog/Makefile head/sysutils/graylog/distinfo head/sysutils/graylog/files/pkg-message.in head/sysutils/graylog/files/server.conf.in Modified: head/UPDATING ============================================================================== --- head/UPDATING Fri Dec 14 23:43:08 2018 (r487476) +++ head/UPDATING Sat Dec 15 00:52:50 2018 (r487477) @@ -5,6 +5,19 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20181215: + AFFECTS: users of sysutils/graylog + AUTHOR: dch@FreeBSD.org + + The dependent ports for ElasticSearch and MongoDB have both changed, + and upstream changes to the configuration file may require minor + changes to work correctly. Refer to the new sample files installed + alongside the port for reference: + + server.conf + log4j.xml + graylog_logging.xml + 20181213: AFFECTS: users of lang/perl5* AUTHOR: mat@FreeBSD.org Modified: head/sysutils/graylog/Makefile ============================================================================== --- head/sysutils/graylog/Makefile Fri Dec 14 23:43:08 2018 (r487476) +++ head/sysutils/graylog/Makefile Sat Dec 15 00:52:50 2018 (r487477) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= graylog -DISTVERSION= 2.4.3 +DISTVERSION= 2.4.6 CATEGORIES= sysutils java MASTER_SITES= https://packages.graylog2.org/releases/graylog/ \ http://packages.graylog2.org/releases/graylog/ @@ -15,14 +15,16 @@ LICENSE_FILE= ${WRKSRC}/COPYING USES= tar:tgz USE_JAVA= yes + JAVA_VERSION= 1.8+ JAVA_EXTRACT= yes JAVA_RUN= yes + NO_BUILD= yes NO_ARCH= yes USE_RC_SUBR= graylog -SUB_FILES= server.conf log4j2.xml pkg-message +SUB_FILES= server.conf log4j2.xml pkg-message graylog_logging.xml GRAYLOGUSER?= graylog GRAYLOGGROUP?= ${GRAYLOGUSER} Modified: head/sysutils/graylog/distinfo ============================================================================== --- head/sysutils/graylog/distinfo Fri Dec 14 23:43:08 2018 (r487476) +++ head/sysutils/graylog/distinfo Sat Dec 15 00:52:50 2018 (r487477) @@ -1,3 +1,3 @@ -TIMESTAMP = 1519368622 -SHA256 (graylog-2.4.3.tgz) = c6c2e029307abda5e55603375797bec1a4c44fbc2e99988527f4639d6a7a8f4f -SIZE (graylog-2.4.3.tgz) = 121918081 +TIMESTAMP = 1542056253 +SHA256 (graylog-2.4.6.tgz) = fcfaf44c3faea8297f340ddc6ed19e5b1fe8f3de3c1b2a1078119565fe2f751d +SIZE (graylog-2.4.6.tgz) = 122985232 Copied and modified: head/sysutils/graylog/files/graylog_logging.xml.in (from r487468, head/sysutils/graylog/files/graylog_logging.xml) ============================================================================== --- head/sysutils/graylog/files/graylog_logging.xml Fri Dec 14 20:28:19 2018 (r487468, copy source) +++ head/sysutils/graylog/files/graylog_logging.xml.in Sat Dec 15 00:52:50 2018 (r487477) @@ -4,8 +4,8 @@ - - + + Modified: head/sysutils/graylog/files/pkg-message.in ============================================================================== --- head/sysutils/graylog/files/pkg-message.in Fri Dec 14 23:43:08 2018 (r487476) +++ head/sysutils/graylog/files/pkg-message.in Sat Dec 15 00:52:50 2018 (r487477) @@ -1,6 +1,7 @@ ====================================================================== -Please see %%ETCDIR%% for sample versions of server.conf and log4j2.xml +Please see %%ETCDIR%% for sample versions of server.conf, log4j.xml, and +graylog_logging.xml, and adjust them for your configuration. For GeoIP support you need to install the net/GeoIP port and configure the path to the GeoIP databases in the Graylog Web Interface. @@ -9,8 +10,8 @@ When running graylog in a jail, you need to set enforc For a single-node installation, install: -- databases/mongodb -- textproc/elasticsearch2 +- databases/mongodb36 +- textproc/elasticsearch5 And ensure that the elasticsearch cluster name matches that used by graylog. ====================================================================== Modified: head/sysutils/graylog/files/server.conf.in ============================================================================== --- head/sysutils/graylog/files/server.conf.in Fri Dec 14 23:43:08 2018 (r487476) +++ head/sysutils/graylog/files/server.conf.in Sat Dec 15 00:52:50 2018 (r487477) @@ -1,10 +1,54 @@ -# If you are running more than one instances of graylog2-server you have to select one of these +############################ +# GRAYLOG CONFIGURATION FILE +############################ +# +# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding. +# Characters that cannot be directly represented in this encoding can be written using Unicode escapes +# as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix. +# For example, \u002c. +# +# * Entries are generally expected to be a single line of the form, one of the following: +# +# propertyName=propertyValue +# propertyName:propertyValue +# +# * White space that appears between the property name and property value is ignored, +# so the following are equivalent: +# +# name=Stephen +# name = Stephen +# +# * White space at the beginning of the line is also ignored. +# +# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored. +# +# * The property value is generally terminated by the end of the line. White space following the +# property value is not ignored, and is treated as part of the property value. +# +# * A property value can span several lines if each line is terminated by a backslash (‘\’) character. +# For example: +# +# targetCities=\ +# Detroit,\ +# Chicago,\ +# Los Angeles +# +# This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored). +# +# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively. +# +# * The backslash character must be escaped as a double backslash. For example: +# +# path=c:\\docs\\doc1 +# + +# If you are running more than one instances of Graylog server you have to select one of these # instances as master. The master will perform some periodical tasks that non-masters won't perform. is_master = true # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea -# to use an absolute file path here if you are starting graylog2-server from init scripts or similar. -node_id_file = /var/graylog/server/node-id +# to use an absolute file path here if you are starting Graylog server from init scripts or similar. +node_id_file = %%GRAYLOG_DATA_DIR%%/node-id # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. # Generate one by using for example: pwgen -N 1 -s 96 @@ -25,82 +69,189 @@ root_password_sha2 = # Default is empty #root_email = "" -# The time zone setting of the root user. +# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones. # Default is UTC #root_timezone = UTC # Set plugin directory here (relative or absolute) plugin_dir = %%DATADIR%%/plugin -# REST API listen URI. Must be reachable by other graylog2-server nodes if you run a cluster. -rest_listen_uri = http://127.0.0.1:12900/ +# REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster. +# When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors. +rest_listen_uri = http://127.0.0.1:9000/api/ # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. -# If set, his will be promoted in the cluster discovery APIs, so other nodes may try to connect on +# If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri) # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting # the scheme, host name or URI. -#rest_transport_uri = http://192.168.1.1:12900/ +# This must not contain a wildcard address (0.0.0.0). +#rest_transport_uri = http://192.168.1.1:9000/api/ # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly. # If these are disabled, modern browsers will not be able to retrieve resources from the server. -# This is disabled by default. Uncomment the next line to enable it. -#rest_enable_cors = true +# This is enabled by default. Uncomment the next line to disable it. +#rest_enable_cors = false # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce -# overall round trip times. This is disabled by default. Uncomment the next line to enable it. -#rest_enable_gzip = true +# overall round trip times. This is enabled by default. Uncomment the next line to disable it. +#rest_enable_gzip = false # Enable HTTPS support for the REST API. This secures the communication with the REST API with # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the # next line to enable it. #rest_enable_tls = true -# The X.509 certificate file to use for securing the REST API. -#rest_tls_cert_file = /path/to/graylog2.crt +# The X.509 certificate chain file in PEM format to use for securing the REST API. +#rest_tls_cert_file = /path/to/graylog.crt -# The private key to use for securing the REST API. -#rest_tls_key_file = /path/to/graylog2.key +# The PKCS#8 private key file in PEM format to use for securing the REST API. +#rest_tls_key_file = /path/to/graylog.key # The password to unlock the private key used for securing the REST API. #rest_tls_key_password = secret -# The maximum size of a single HTTP chunk in bytes. -#rest_max_chunk_size = 8192 - # The maximum size of the HTTP request headers in bytes. #rest_max_header_size = 8192 -# The maximal length of the initial HTTP/1.1 line in bytes. -#rest_max_initial_line_length = 4096 - -# The size of the execution handler thread pool used exclusively for serving the REST API. +# The size of the thread pool used exclusively for serving the REST API. #rest_thread_pool_size = 16 -# The size of the worker thread pool used exclusively for serving the REST API. -#rest_worker_threads_max_pool_size = 16 +# Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For +# header. May be subnets, or hosts. +#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128 -# Embedded Elasticsearch configuration file -# pay attention to the working directory of the server, maybe use an absolute path here -#elasticsearch_config_file = /usr/local/etc/graylog/server/elasticsearch.yml +# Enable the embedded Graylog web interface. +# Default: true +#web_enable = false +# Web interface listen URI. +# Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement +# for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface. +#web_listen_uri = http://127.0.0.1:9000/ + +# Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header. +# Default: $rest_transport_uri +#web_endpoint_uri = + +# Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly. +# If these are disabled, modern browsers will not be able to retrieve resources from the server. +#web_enable_cors = false + +# Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce +# overall round trip times. This is enabled by default. Uncomment the next line to disable it. +#web_enable_gzip = false + +# Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface +# using TLS to prevent request forgery and eavesdropping. +# This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings. +#web_enable_tls = true + +# The X.509 certificate chain file in PEM format to use for securing the web interface. +#web_tls_cert_file = /path/to/graylog-web.crt + +# The PKCS#8 private key file in PEM format to use for securing the web interface. +#web_tls_key_file = /path/to/graylog-web.key + +# The password to unlock the private key used for securing the web interface. +#web_tls_key_password = secret + +# The maximum size of the HTTP request headers in bytes. +#web_max_header_size = 8192 + +# The size of the thread pool used exclusively for serving the web interface. +#web_thread_pool_size = 16 + +# List of Elasticsearch hosts Graylog should connect to. +# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes. +# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that +# requires authentication. +# +# Default: http://127.0.0.1:9200 +#elasticsearch_hosts = http://node1:9200,http://user:password@node2:19200 + +# Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port. +# +# Default: 10 Seconds +#elasticsearch_connect_timeout = 10s + +# Maximum amount of time to wait for reading back a response from an Elasticsearch server. +# +# Default: 60 seconds +#elasticsearch_socket_timeout = 60s + +# Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will +# be tore down. +# +# Default: inf +#elasticsearch_idle_timeout = -1s + +# Maximum number of total connections to Elasticsearch. +# +# Default: 20 +#elasticsearch_max_total_connections = 20 + +# Maximum number of total connections per Elasticsearch route (normally this means per +# elasticsearch server). +# +# Default: 2 +#elasticsearch_max_total_connections_per_route = 2 + +# Maximum number of times Graylog will retry failed requests to Elasticsearch. +# +# Default: 2 +#elasticsearch_max_retries = 2 + +# Enable automatic Elasticsearch node discovery through Nodes Info, +# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html +# +# WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield. +# +# Default: false +#elasticsearch_discovery_enabled = true + +# Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes, +# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes +# +# Default: empty +#elasticsearch_discovery_filter = rack:42 + +# Frequency of the Elasticsearch node discovery. +# +# Default: 30s +# elasticsearch_discovery_frequency = 30s + +# Enable payload compression for Elasticsearch requests. +# +# Default: false +#elasticsearch_compression_enabled = true + # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine # when to rotate the currently active write index. # It supports multiple rotation strategies: # - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure # - "size" per index, use elasticsearch_max_size_per_index below to configure # valid values are "count", "size" and "time", default is "count" +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! rotation_strategy = count # (Approximate) maximum number of documents in an Elasticsearch index before a new index # is being created, also see no_retention and elasticsearch_max_number_of_indices. # Configure this if you used 'rotation_strategy = count' above. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! elasticsearch_max_docs_per_index = 20000000 # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see # no_retention and elasticsearch_max_number_of_indices. Default is 1GB. # Configure this if you used 'rotation_strategy = size' above. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! #elasticsearch_max_size_per_index = 1073741824 # (Approximate) maximum time before a new Elasticsearch index is being created, also see @@ -113,6 +264,9 @@ elasticsearch_max_docs_per_index = 20000000 # 1d = 1 day # 12h = 12 hours # Permitted suffixes are: d for day, h for hour, m for minute, s for second. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! #elasticsearch_max_time_per_index = 1d # Disable checking the version of Elasticsearch for being compatible with this Graylog release. @@ -123,73 +277,75 @@ elasticsearch_max_docs_per_index = 20000000 #no_retention = false # How many indices do you want to keep? +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! elasticsearch_max_number_of_indices = 20 # Decide what happens with the oldest indices when the maximum number of indices is reached. # The following strategies are availble: # - delete # Deletes the index completely (Default) # - close # Closes the index and hides it from the system. Can be re-opened later. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! retention_strategy = delete # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices. +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! elasticsearch_shards = 4 elasticsearch_replicas = 0 # Prefix for all Elasticsearch indices and index aliases managed by Graylog. -elasticsearch_index_prefix = graylog2 +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! +elasticsearch_index_prefix = graylog +# Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping. +# Default: graylog-internal +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! +#elasticsearch_template_name = graylog-internal + # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only -# be enabled with care. See also: https://www.graylog.org/documentation/general/queries/ +# be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html allow_leading_wildcard_searches = false # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and # should only be enabled after making sure your Elasticsearch cluster has enough memory. allow_highlighting = false -# settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file) -# all these -# this must be the same as for your Elasticsearch cluster -#elasticsearch_cluster_name = graylog2 - -# you could also leave this out, but makes it easier to identify the graylog2 client instance -#elasticsearch_node_name = graylog2-server - -# we don't want the graylog2 server to store any data, or be master node -#elasticsearch_node_master = false -#elasticsearch_node_data = false - -# use a different port if you run multiple Elasticsearch nodes on one machine -#elasticsearch_transport_tcp_port = 9350 - -# we don't need to run the embedded HTTP server here -#elasticsearch_http_enabled = false - -#elasticsearch_discovery_zen_ping_multicast_enabled = false -#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300 - -# Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery. -# The setting is specified in milliseconds, the default is 5000ms (5 seconds). -#elasticsearch_cluster_discovery_timeout = 5000 - -# the following settings allow to change the bind addresses for the Elasticsearch client in graylog2 -# these settings are empty by default, letting Elasticsearch choose automatically, -# override them here or in the 'elasticsearch_config_file' if you need to bind to a special address -# refer to http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-network.html -# for special values here -#elasticsearch_network_host = -#elasticsearch_network_bind_host = -#elasticsearch_network_publish_host = - -# The total amount of time discovery will look for other Elasticsearch nodes in the cluster -# before giving up and declaring the current node master. -#elasticsearch_discovery_initial_state_timeout = 3s - # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea. # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom -# Elasticsearch documentation: http://www.elasticsearch.org/guide/reference/index-modules/analysis/ +# Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html # Note that this setting only takes effect on newly created indices. +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! elasticsearch_analyzer = standard +# Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range +# calculations) based on a best-effort to restrict the runtime of Elasticsearch operations. +# Default: 1m +#elasticsearch_request_timeout = 1m + +# Global timeout for index optimization (force merge) requests. +# Default: 1h +#elasticsearch_index_optimization_timeout = 1h + +# Maximum number of concurrently running index optimization (force merge) jobs. +# If you are using lots of different index sets, you might want to increase that number. +# Default: 20 +#elasticsearch_index_optimization_jobs = 20 + +# Time interval for index range information cleanups. This setting defines how often stale index range information +# is being purged from the database. +# Default: 1h +#index_ranges_cleanup_interval = 1h + # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember @@ -213,8 +369,20 @@ output_fault_penalty_seconds = 30 processbuffer_processors = 5 outputbuffer_processors = 3 +# The following settings (outputbuffer_processor_*) configure the thread pools backing each output buffer processor. +# See https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadPoolExecutor.html for technical details + +# When the number of threads is greater than the core (see outputbuffer_processor_threads_core_pool_size), +# this is the maximum time in milliseconds that excess idle threads will wait for new tasks before terminating. +# Default: 5000 #outputbuffer_processor_keep_alive_time = 5000 + +# The number of threads to keep in the pool, even if they are idle, unless allowCoreThreadTimeOut is set +# Default: 3 #outputbuffer_processor_threads_core_pool_size = 3 + +# The maximum number of threads to allow in the pool +# Default: 30 #outputbuffer_processor_threads_max_pool_size = 30 # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput). @@ -234,7 +402,6 @@ processor_wait_strategy = blocking # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore. # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache. -# Start server with --statistics flag to see buffer utilization. # Must be a power of 2. (512, 1024, 2048, ...) ring_size = 65536 @@ -247,6 +414,11 @@ message_journal_enabled = true # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and # must not contain any other files than the ones created by Graylog itself. +# +# ATTENTION: +# If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found' +# in the root directory, you need to create a sub directory for your journal. +# Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start. message_journal_dir = %%GRAYLOG_DATA_DIR%%/journal # Journal hold messages before they could be written to Elasticsearch. @@ -263,18 +435,14 @@ message_journal_dir = %%GRAYLOG_DATA_DIR%%/journal # Number of threads used exclusively for dispatching internal events. Default is 2. #async_eventbus_processors = 2 -# EXPERIMENTAL: Dead Letters -# Every failed indexing attempt is logged by default and made visible in the web-interface. You can enable -# the experimental dead letters feature to write every message that was not successfully indexed into the -# MongoDB "dead_letters" collection to make sure that you never lose a message. The actual writing of dead -# letter should work fine already but it is not heavily tested yet and will get more features in future -# releases. -dead_letters_enabled = false - # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual # shutdown process. Set to 0 if you have no status checking load balancers in front. lb_recognition_period_seconds = 3 +# Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is +# disabled if not set. +#lb_throttle_threshold_percentage = 95 + # Every message is matched against the configured streams and it can happen that a stream contains rules which # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking. # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other @@ -289,7 +457,7 @@ lb_recognition_period_seconds = 3 # and alarms are being sent. #alert_check_interval = 60 -# Since 0.21 the graylog2 server supports pluggable output modules. This means a single message can be written to multiple +# Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple # outputs. The next setting defines the timeout for a single output module, including the default output module where all # messages end up. # @@ -302,26 +470,29 @@ lb_recognition_period_seconds = 3 # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown. #shutdown_timeout = 30000 -# MongoDB Configuration -mongodb_useauth = false -#mongodb_user = grayloguser -#mongodb_password = 123 -mongodb_host = 127.0.0.1 -#mongodb_replica_set = localhost:27017,localhost:27018,localhost:27019 -mongodb_database = graylog2 -mongodb_port = 27017 +# MongoDB connection string +# See https://docs.mongodb.com/manual/reference/connection-string/ for details +mongodb_uri = mongodb://localhost/graylog -# Raise this according to the maximum connections your MongoDB server can handle if you encounter MongoDB connection problems. -mongodb_max_connections = 100 +# Authenticate against the MongoDB server +#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog +# Use a replica set instead of a single host +#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog + +# Increase this value according to the maximum connections your MongoDB server can handle from a single client +# if you encounter MongoDB connection problems. +mongodb_max_connections = 1000 + # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5 -# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, then 500 threads can block. More than that and an exception will be thrown. -# http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier +# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, +# then 500 threads can block. More than that and an exception will be thrown. +# http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier mongodb_threads_allowed_to_block_multiplier = 5 # Drools Rule File (Use to rewrite incoming log messages) -# See: https://www.graylog.org/documentation/general/rewriting/ -#rules_file = /usr/local/etc/graylog/server/rules.drl +# See: http://docs.graylog.org/en/2.1/pages/drools.html +#rules_file = /etc/graylog/server/rules.drl # Email transport #transport_email_enabled = false @@ -332,31 +503,59 @@ mongodb_threads_allowed_to_block_multiplier = 5 #transport_email_use_ssl = true #transport_email_auth_username = you@example.com #transport_email_auth_password = secret -#transport_email_subject_prefix = [graylog2] -#transport_email_from_email = graylog2@example.com +#transport_email_subject_prefix = [graylog] +#transport_email_from_email = graylog@example.com # Specify and uncomment this if you want to include links to the stream in your stream alert mails. # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users. -#transport_email_web_interface_url = https://graylog2.example.com +#transport_email_web_interface_url = https://graylog.example.com -# HTTP proxy for outgoing HTTP calls +# The default connect timeout for outgoing HTTP connections. +# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). +# Default: 5s +#http_connect_timeout = 5s + +# The default read timeout for outgoing HTTP connections. +# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). +# Default: 10s +#http_read_timeout = 10s + +# The default write timeout for outgoing HTTP connections. +# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). +# Default: 10s +#http_write_timeout = 10s + +# HTTP proxy for outgoing HTTP connections +# ATTENTION: If you configure a proxy, make sure to also configure the "http_non_proxy_hosts" option so internal +# HTTP connections with other nodes does not go through the proxy. +# Examples: +# - http://proxy.example.com:8123 +# - http://username:password@proxy.example.com:8123 #http_proxy_uri = +# A list of hosts that should be reached directly, bypassing the configured proxy server. +# This is a list of patterns separated by ",". The patterns may start or end with a "*" for wildcards. +# Any host matching one of these patterns will be reached through a direct connection instead of through a proxy. +# Examples: +# - localhost,127.0.0.1 +# - 10.0.*,*.example.com +#http_non_proxy_hosts = + # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize # cycled indices. +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! #disable_index_optimization = true # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch # on heavily used systems with large indices, but it will decrease search performance. The default is 1. +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! #index_optimization_max_num_segments = 1 -# Disable the index range calculation on all open/available indices and only calculate the range for the latest -# index. This may speed up index cycling on systems with large indices but it might lead to wrong search results -# in regard to the time range of the messages (i. e. messages within a certain range may not be found). The default -# is to calculate the time range on all open/available indices. -#disable_index_range_calculation = true - # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification # will be generated to warn the administrator about possible problems with the system. Default is 1 second. #gc_warning_threshold = 1s @@ -364,13 +563,24 @@ mongodb_threads_allowed_to_block_multiplier = 5 # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds. #ldap_connection_timeout = 2000 -# https://github.com/bazhenov/groovy-shell-server -#groovy_shell_enable = false -#groovy_shell_port = 6789 +# Disable the use of SIGAR for collecting system stats +#disable_sigar = false -# Enable collection of Graylog-related metrics into MongoDB -#enable_metrics_collection = false +# The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second) +#dashboard_widget_default_cache_time = 10s -# Disable the use of SIGAR for collecting system stats -disable_sigar = true +# Automatically load content packs in "content_packs_dir" on the first start of Graylog. +#content_packs_loader_enabled = true +# The directory which contains content packs which should be loaded on the first start of Graylog. +#content_packs_dir = data/contentpacks + +# A comma-separated list of content packs (files in "content_packs_dir") which should be applied on +# the first start of Graylog. +# Default: empty +content_packs_auto_load = grok-patterns.json + +# For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number +# of threads available for this. Increase it, if '/cluster/*' requests take long to complete. +# Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users. +proxied_requests_thread_pool_size = 32