Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can #1

Open
tomabus opened this issue Jun 1, 2020 · 8 comments
Open

Can #1

tomabus opened this issue Jun 1, 2020 · 8 comments

Comments

@tomabus
Copy link

tomabus commented Jun 1, 2020
edited
Loading

Getting a 'error: cannot POST' message with the new release. I reverted to last week's version of the content pack and it's mostly fine (apart from the Pipeline bit, which is throwing the same error). Pretty awesome content pack otherwise! Thanks
@hackdefendr
Copy link
Owner

What version of graylog are you running? I created the content packs from graylog v3.3. Not sure about the POST error, let me run some tests and see what happens.

@hackdefendr
Copy link
Owner

I see the error, somehow when creating a new version it duplicated some of the content. I fixed that and uploaded a new version.

@tomabus
Copy link
Author

tomabus commented Jun 3, 2020

Hey, sorry for the late reply! Running v3.3. I'll try the new version of your pack and will let you know. Thanks for the hard work!

@tomabus
Copy link
Author

tomabus commented Jun 3, 2020

yeah that's working fine now, thanks! The new dashboard looks good. I can't get the map to show anything, eventhough i installed the mmdb and enable the geolocation processor, is there anything else required? Gonna let the inputs flow for a day and see how it goes, but this is a really nice project, especially as XG's own logs and viewer are pretty limited to say the least...

@hackdefendr
Copy link
Owner

Something I noticed is that the Geolocation data doesn't show right in the log data. You have to expand the log to view it in the logs. For the map, I remember it taking a couple of hours to build the geo cache.

Also make sure to edit the widgets and change the query string:

image

In the query string I excluded my internal subnet from the src_ip field since geolocation won't work on internal IP's.

@tomabus
Copy link
Author

tomabus commented Jun 3, 2020

Thanks, I'll have a look! Out of curiosity, to you use graylog for XG's email logs too? Wondering if there's a way to filter the results to only view mail logs. The mail logs view in XG is attrocious...

@hackdefendr
Copy link
Owner

Hey...sorry, busy week.

No I am not running email through my XG, but I included a Pipeline rule for XG SMTP Type that may be what you are after. It should be easy enough to create a stream in graylog for just SMTP Type logs.

@tomabus
Copy link
Author

tomabus commented Jun 9, 2020

Thanks, i hadn't seem that pipeline rule, i'll use that. Thanks for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hackdefendr @tomabus