Re: [mod-security-users] Reading Concurrent Logs into Graylog
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Reading Concurrent Logs into Graylog
|
From: Jose P. V. L. <pab...@gm...> - 2016-10-19 21:34:48
|
Could that json file be corrupted when you enable concurrency? https://github.com/msiemens/tinydb/issues/91 Are you able to open that json logs when concurrency is enabled with any other json editor or checker? Could you send us your nxlog and graylog versions? What are the debugging level you have in nxlog? Could you send us some logs debugging hidding sensitive data? Regards El mié., 19 de octubre de 2016 23:24, Robert Paprocki < rpa...@fe...> escribió: > Have you validated that this JSON is correct, valid JSON? Perhaps try > comparing a line of serial JSON from a line of concurrent JSON and compare > the two? > > On Wed, Oct 19, 2016 at 1:49 PM, Jason Mull <jm...@te...> wrote: > > For the sake of testing, I’ve given all users full access. NXLog and > Graylog are running under their own service accounts. As I mentioned > previously, I’m not thinking it’s a permissions issue as I can copy a line > of JSON from a serial log file on another server and insert it into a new > file in the concurrent logging structure and it works fine. If I copy a > line of JSON generated since I enabled concurrent logging and paste it into > a new file within the logging structure, that file will not read. > > > > *From:* Jose Pablo Valcárcel Lázaro [mailto:pab...@gm...] > > *Sent:* Wednesday, October 19, 2016 2:39 PM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] Reading Concurrent Logs into Graylog > > > > Hi. Have you checked if directory where nxlog send files has x permission? > Under what user is running nxlog and graylog? In some applications you can > map users from one server to another like I think nfs service does. > > Kind regards > > > > El mié., 19 de octubre de 2016 21:25, Jason Mull <jm...@te...> > escribió: > > Hello, I’m hoping someone can assist me with this issue. I’m using > Graylog to take in all of my log data, including Modsecurity. I was > initially using nxlog to send serial logs in JSON format to Graylog and > everything worked great until I started running into performance issues > running modsecurity on a server running multiple websites and was informed > that concurrent logging was better for my needs. I switched to concurrent > logging, and the data is not reading into Graylog now. I feel confident > that I do not have a permissions issue as I do not see permission denied > errors in the nxlog error logs. Furthermore, if I copy a line of JSON logs > from the serial log on another server, it reads in just fine. The issue > appears to me to be with how the JSON is generated in concurrent mode. Has > anyone else run into any issues similar to this? > > > > Jason > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
