Home

Partylog2

A Graylog2 Appliance based on TurnKey Linux (TurnKey Core 12)

What is Graylog2:

Graylog2 enables you to unleash the power that lays inside your logs. Use it to run analytics, alerting, monitoring and powerful searches over your whole log base. Need to debug a failing request? Just run a quick filter search to find it and see what errors it produced. Want to see all messages a certain API consumer is consuming in real time? Create streams for every consumer and have them always only one click away.

What is Partylog2:

Partylog2 is a Graylog2 appliance ready to install or boot in LiveCD mode. Its based in TurnKey Linux (TurnKey Core 12) which is based in Debian 6.

The Graylog2 Web Interface runs on ruby thin webserver on top of nginx

Features of Partylog2:

• Graylog2 Server (v0.9.6p1-RC2)
• Graylog2 Web Interface (v0.9.6p1-RC2)

How to use Partylog2:

Like any other appliance.

If that doesnt answer your question, you can install the appliance in Virtualbox, Proxmox or your favorite virtualization solution or install it in a spare machine at your office.

[Jose Franca]

Thanks for trying.

Already Working on that.

[Jeremy Davis]

Hey Jose,

I just randomly came across this in my online travels and it looks great! My name is Jeremy and I'm a jnr dev at TKL and would like to personally invite you to start a thread over on the TKL Forums for your appliance. If you were happy to share your dev notes (or better still, create a TKLPatch) then hopefully the core devs would include your work as an official TKL appliance in the next release (which will be based on Ubuntu 12.04).

Some of the reasons why I suggest this:

• Be great to consolidate efforts. Have us all working together! :)

• Increased exposure for your work - TKL consistently returns high ranking in google searches. Even prior to official release just having a forum thread on TKL will get you more hits I'm sure! (eg: top google search result for "linux appliance' as of today).

• Once released officially, your appliance would be available in a variety of formats like VM image(s), OVZ template and Amazon AMI.

• As well as getting a bigger audience, there is already an existing request for an appliance just like this! (Where I am just about to post that I found your appliance!)

Even if you weren't that interested in making a patch or sharing code, you could still start a forum thread and link back here to your SF page. Although IMO it'd be be most awesome if you were willing to release notes (or build a TKLPatch) because then it would have increased chance of becoming official and will avoid someone in our community 'reinventing the wheel' (to create something similar to fulfill the request)...

If you are keen to have a crack at a TKLPatch then you will find the docs useful and there are plenty already posted that you can pull apart to get further ideas (try using the 'tklpatch' tag in the forums).

Hope to hear from you soon over at TKL! :)

Regards,
Jeremy

PS Regardless of what you choose to do, if you are planning on updating your appliance, it may pay to rebase off TKL v11.3. It's the same as v11.1 just with all the package updates pre-applied.

[Anonymous]

Hmm, i installed this to replace my previous version. But this still is version 0.9.5p2 instead of 9.6

[Raj]

Hiya,

I been trying to install it on ESXI 4.1 and I just get a kernel panic.

I burned the same iso and installed it on a box it installed well.

Is it not compatibel with VMWARE pls?

Cheers,

Raj

[Jose Franca]

Raj, sorry for the late reply. Read two comments below, it seems to fix your problem. Thanks.

[Anonymous]

I instaled the latest version and all seem working. But when I try to send syslog to it nothing shows up in the parlog2 web interface. I'm I doing anything wrong? I have tried to re-install twice.

[Anonymous]

Jose,

To install 0.9.6_r1 onto VMware ESXi 4.1.0, I had to disable 'acceleration' in the VM advanced properties (Edit Settings > Options > Advanced > General) or it would kernel panic shortly after selecting the install option.

[Anonymous]

It's a known bug in the interaction between recent versions of ESXi and the Ubuntu kernel included in Turnkey Linux. Have a search on the Turnkey Linux forums and you should find the workaround.

[Anonymous]

Hi, Any idea when 0.9.6p1 will be included in the build?, 0.9.6 fails to parse syslog messages correctly (Syslog message is missing date or could not be parsed. Not further handling). 0.9.6p1 allows the 'allow_override_syslog_date' setting to be used in graylog2.conf to workaround the problem.

[Jose Franca]

Uploading New Version right now with p1-RC2 versions.

[Anonymous]

yep, 0.9.6_r1 is very broken.
Don't have time to fiddle, that's why i'm trying the suse gallery image

[Jose Franca]

Sorry for the late reply. I hope you can give Partylog2 0.9.6_r2 a try.

[Anonymous]

Could you please moderate the quarantined posts so that we can get a feel for current areas of concern?

Thanks.

[Jose Franca]

Doing that right now. Thanks.

[Anonymous]

If anyone else is having trouble with broken pipes and connection resets using the web interface for greylog2 while throwing over 25,000 messages/minute at it, check out this thread: https://groups.google.com/forum/#!topic/graylog2/-Wr2XsGqJMA
It turns out to be a max open files limit with eleasticsearch.

What you need to do is edit the startup script for elasticsearch.
-Add: ulimit -n 65535 after the Des.path.home= line.
-insert "eval" inbetween "if" and "start-stop-daemon".
-Save.
-Restart elasticsearch.
This seemed to work perfectly for me.

[Jose Franca]

Thanks for the info.

Do you know if there is a problem passing this parameter (ulimit -n 65535) in the default install?

Im asking to make this the default in the next update.

[bitcore]

(I'm the O.P.) I checked into it, and the eval is not required.
You may want to globally increase the ulimit so other pieces of graylog2 don't run into this problem, or maybe not. I'm not exactly sure what the best practice is for ulimit.
My log server seems to have ceased receiving logs now. Web interface works fine: "Currently containing 12.625.644 messages. Oldest message is from 02.06.2012 - 19:59:48. Stored 0 messages in the last 1 minutes."
In /var/log/graylog2.log I have: "2012-06-03 20:50:43,759 FATAL: org.graylog2.Main - Could not start syslog server core thread. Do you have permissions to listen on port 514?"
Looks like the service crapped out and a port isn't being released?
Service restarts did not help.
Full reboot brought it back into functionality, though I'm not sure what happened. Any ideas?

[bitcore]

(I'm the O.P.) I checked into it, and the eval is not required.
You may want to globally increase the ulimit so other pieces of graylog2 don't run into this problem, or maybe not. I'm not exactly sure what the best practice is for ulimit.

My log server seems to have ceased receiving logs now. Web interface works fine: "Currently containing 12.625.644 messages. Oldest message is from 02.06.2012 - 19:59:48. Stored 0 messages in the last 1 minutes."
In /var/log/graylog2.log I have: "2012-06-03 20:50:43,759 FATAL: org.graylog2.Main - Could not start syslog server core thread. Do you have permissions to listen on port 514?"
Looks like the service crapped out and a port isn't being released?

[Anonymous]

Thank you!!!

[bitcore]

There's no chance of a 64 bit version of this is there? I'm constantly running at the limit.

[eripahle]

partylog2 include..

Graylog2 Server (v0.9.6p1-RC2)
Graylog2 Web Interface (v0.9.6p1-RC2)

partylog2 can't install plugins graylog v. 0.10.0
http://support.torch.sh/help/kb/graylog2-server/installing-plugins

are partylog2 with graylogv0.9.6 can install plugin?
when partylog releas v0.10.0 of graylog..??

thnks before.

[Anonymous]

Hi, Any plans for including 0.10.0 in your release?
Thanks!

[Anonymous]

I'd also love it if Graylog2 v0.10.0 could be supported :)

Thank you for this appliance!

[Anonymous]

Great work!
Hope to see Graylog2 v0.10.0 soon :)

[Anonymous]

0.10.0 would be great :)