├── externalscript ├── check_graylog_node_creds.txt └── check_graylog_node ├── LICENSE.txt ├── README.md └── template └── graylog2_server_template.xml /externalscript/check_graylog_node_creds.txt: -------------------------------------------------------------------------------- 1 | USERNAME=monitoring 2 | PASSWORD=monitoring 3 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) [year] [fullname] 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # graylog2-zabbix 2 | > No longer actively maintained. 3 | 4 | Basic Zabbix monitoring for Graylog2 5 | 6 | Mainly written for my own use, please feel to fork/use and give feedback. 7 | 8 | ### Branch pre-2.1 - Graylog 2.1 and below 9 | 10 | Written using Zabbix 2.4 and Graylog 1.3. Lightly tested, but does no harm anyway. 11 | Confirmed to work on Zabbix 3.0 and Graylog 2.0.3 as well. 12 | 13 | ### Master branch - Graylog 2.1 and up 14 | 15 | Tested using Zabbix 3.2 and Graylog 2.1.1, 2.2.3. 16 | 17 | For specific Elasticsearch monitoring, please head over to Elastizabbix (https://github.com/mkhpalm/elastizabbix) 18 | 19 | ## Requirements 20 | * jq (https://github.com/stedolan/jq) 1.4+ 21 | * curl 22 | 23 | This doesn't require anything on the agent. It is an external script curl'ing to the Graylog2 API. 24 | 25 | Please note, if running by hand, that the `poll_data` item has to be run first. 26 | 27 | ## How to install 28 | * Create a Graylog2 user with the "reader" role 29 | * Enter the credentials in the check_graylog_node_creds.txt file. 30 | * Copy the 2 files to your zabbix's externalscripts directory. 31 | * Make sure your files permissions are adequate. 32 | * Import the XML template in Zabbix. 33 | * Add template to graylog server and subscribe your graylog server hosts to it. 34 | 35 | ## Usage 36 | 37 | Note: As of 2.1, the default API port is 9000; It used to be 12900. You can change it back to the old behavior with ```rest_listen_uri```, pass port 9000 to the zabbix items (tedious) or simply modify the script at the top to change the port. 38 | 39 | ``` 40 | check_graylog_node -H -a [-p ] [-h] [-d] 41 | 42 | Args: 43 | -H : Hostname or IP address of graylog server 44 | -a : Attribute to monitor. See list below. 45 | -p : Graylog API port (default: 12900) 46 | -d : Debug message to log file (default: false) 47 | -h : Displays help 48 | 49 | List of attributes: 50 | - node_id : returns graylog node_id 51 | - node_transport 52 | - node_is_master 53 | - node_cluster 54 | - node_type 55 | - node_throughput 56 | - lb_status 57 | - total_message_count 58 | - es_cluster_health 59 | - journal_size 60 | - journal_num_segments 61 | - journal_uncommitted_entries 62 | - journal_events_read 63 | - journal_events_append 64 | - buffer_input_utilization 65 | - buffer_output_utilization 66 | - buffer_input_utilization_percent 67 | - buffer_output_utilization_percent 68 | - poll_data 69 | - current_deflector (not yet supported, because not accessible via regular user) 70 | - system_lifecycle 71 | - system_isprocessing 72 | - system_tz 73 | - system_version 74 | - system_startedat 75 | - cluster_stream_count 76 | - cluster_stream_rule_count 77 | - cluster_user_count 78 | - cluster_output_count 79 | - cluster_dashboard_count 80 | - cluster_input_count 81 | - cluster_global_input_count 82 | - cluster_extractor_count 83 | - cluster_contentpack_count 84 | - cluster_alerts_count 85 | ``` 86 | -------------------------------------------------------------------------------- /externalscript/check_graylog_node: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Debug override -- uncomment to write to $LOG, silent otherwise. 4 | DEBUG=0 5 | 6 | ## Defaults ## 7 | CREDS_FILE=$(dirname $BASH_SOURCE)/check_graylog_node_creds.txt 8 | source $CREDS_FILE 9 | WORKDIR=/tmp 10 | LOG=${WORKDIR}/$(basename $0).log 11 | APIPORT=12900 12 | ## End defaults ## 13 | 14 | 15 | usage() { 16 | cat < -a [-p ] [-h] [-d] 18 | 19 | Args: 20 | -H : Hostname or IP address of graylog server 21 | -a : Attribute to monitor. See list below. 22 | -p : Graylog API port (default: 12900) 23 | -d : Debug message to log file (default: false) 24 | -h : Displays help 25 | 26 | List of attributes: 27 | - node_id : returns graylog node_id 28 | - node_transport 29 | - node_is_master 30 | - node_cluster 31 | - node_type 32 | - node_throughput 33 | - lb_status 34 | - total_message_count 35 | - es_cluster_health 36 | - journal_size 37 | - journal_num_segments 38 | - journal_uncommitted_entries 39 | - journal_events_read 40 | - journal_events_append 41 | - poll_data 42 | - current_deflector (not yet supported, because not accessible via regular user) 43 | - system_lifecycle 44 | - system_isprocessing 45 | - system_tz 46 | - system_version 47 | - system_startedat 48 | - cluster_stream_count 49 | - cluster_stream_rule_count 50 | - cluster_user_count 51 | - cluster_output_count 52 | - cluster_dashboard_count 53 | - cluster_input_count 54 | - cluster_global_input_count 55 | - cluster_extractor_count 56 | - cluster_contentpack_count 57 | - cluster_alerts_count 58 | EOF 59 | } 60 | 61 | while getopts hH:a:p::l:d opts; do 62 | case $opts in 63 | H) HOSTNAME=$OPTARG 64 | ;; 65 | a) ATTR=$OPTARG 66 | ;; 67 | p) APIPORT=$OPTARG 68 | ;; 69 | h) usage; exit 0 70 | ;; 71 | d) DEBUG=1 72 | ;; 73 | :) echo "Option -$OPTARG requires an argument." 74 | exit 1 75 | ;; 76 | *) echo "Invalid option -${OPTARG}." 77 | exit 1 78 | ;; 79 | esac 80 | done 81 | if [ "$DEBUG" == 1 ]; then 82 | exec > >(tee -a $LOG) 83 | exec 2>&1 84 | #set -x 85 | fi 86 | 87 | # exit if less than 2 attributes are passed in 88 | [[ $OPTIND -lt 4 ]] && usage && exit 1 89 | 90 | ##### BEGIN FLOCK CONVENIENCE FUNCTION DEFINITIONS ##### 91 | ### HEADER ### 92 | LOCKFILE="${WORKDIR}/$(basename $0)-${HOSTNAME}.lock" 93 | LOCKFD=99 94 | 95 | # PRIVATE 96 | _lock() { flock -$1 $LOCKFD; } 97 | _no_more_locking() { _lock u; _lock xn && rm -f $LOCKFILE; } 98 | _prepare_locking() { eval "exec $LOCKFD>\"$LOCKFILE\""; trap _no_more_locking EXIT; } 99 | 100 | # ON START 101 | _prepare_locking 102 | 103 | # PUBLIC 104 | exlock_now() { _lock xn; } # obtain an exclusive lock immediately or fail 105 | exlock() { _lock x; } # obtain an exclusive lock 106 | shlock() { _lock s; } # obtain a shared lock 107 | unlock() { _lock u; } # drop a lock 108 | ##### END FLOCK CONVENIENCE FUNCTION DEFINITIONS ##### 109 | 110 | #CURL_BASE_CMD="curl -u ${USERNAME}:${PASSWORD} -D /dev/fd/4 -sS http://${HOSTNAME}:${APIPORT}" 111 | CURL_BASE_CMD="curl -u '${USERNAME}':'${PASSWORD}' -sS http://${HOSTNAME}:${APIPORT}/api" 112 | 113 | get_json_info() { 114 | # $1 = URI -- $2 filename 115 | debug "[$FUNCNAME] [$(basename $2)] Pulling json data" 116 | starttime=`date +%s%3N` 117 | #HEADERS_DEBUG=/dev/null 118 | #if [ "$DEBUG" == 1 ]; then 119 | # HEADERS_DEBUG=$LOG 120 | #fi 121 | #exec 4> >(tee -a $HEADERS_DEBUG >/dev/null) 122 | #set -x 123 | ${CURL_BASE_CMD}${1} | jq '.' > $2 124 | #set +x 125 | endtime=`date +%s%3N` 126 | let runtime=${endtime}-${starttime} 127 | debug "[$FUNCNAME] [$(basename $2)] --> $runtime ms" 128 | } 129 | 130 | # Node related information -- /system/cluster/node 131 | NODE_INFO_FILE=${WORKDIR}/${HOSTNAME}-node.json 132 | get_node_info() { get_json_info "/system/cluster/node" $NODE_INFO_FILE; } 133 | get_node_id() { debug "[$FUNCNAME] Executing"; jq -e -r '.node_id' $NODE_INFO_FILE; } 134 | get_node_transport_addr() { debug "[$FUNCNAME] Executing"; jq -e -r '.transport_address' $NODE_INFO_FILE; } 135 | get_node_is_master() { debug "[$FUNCNAME] Executing"; jq -e -r '.is_master' $NODE_INFO_FILE; } 136 | get_node_cluster() { debug "[$FUNCNAME] Executing"; jq -e -r '.cluster_id' $NODE_INFO_FILE; } 137 | get_node_type() { debug "[$FUNCNAME] Executing"; jq -e -r '.type' $NODE_INFO_FILE; } 138 | 139 | 140 | # Journal related information -- /system/journal 141 | JOURNAL_INFO_FILE=${WORKDIR}/${HOSTNAME}-journal.json 142 | get_system_journal_info() { get_json_info "/system/journal" $JOURNAL_INFO_FILE; } 143 | get_system_journal_events_read() { debug "[$FUNCNAME] Executing"; jq -e -r '.read_events_per_second' $JOURNAL_INFO_FILE; } 144 | get_system_journal_events_append() { debug "[$FUNCNAME] Executing"; jq -e -r '.append_events_per_second' $JOURNAL_INFO_FILE; } 145 | get_system_journal_size() { debug "[$FUNCNAME] Executing"; jq -e -r '.journal_size' $JOURNAL_INFO_FILE; } 146 | get_system_journal_num_segments() { debug "[$FUNCNAME] Executing"; jq -e -r '.number_of_segments' $JOURNAL_INFO_FILE; } 147 | get_system_journal_uncommitted_entries() { debug "[$FUNCNAME] Executing"; jq -e -r '.uncommitted_journal_entries' $JOURNAL_INFO_FILE; } 148 | 149 | # System overview 150 | SYSTEM_INFO_FILE=${WORKDIR}/${HOSTNAME}-system.json 151 | get_system_system_info() { get_json_info "/system" $SYSTEM_INFO_FILE; } 152 | get_system_lb_status() { debug "[$FUNCNAME] Executing"; jq -e -r '.lb_status' $SYSTEM_INFO_FILE; } 153 | get_system_lifecycle() { debug "[$FUNCNAME] Executing"; jq -e -r '.lifecycle' $SYSTEM_INFO_FILE; } 154 | get_system_isprocessing() { debug "[$FUNCNAME] Executing"; jq -e -r '.is_processing' $SYSTEM_INFO_FILE; } 155 | get_system_tz() { debug "[$FUNCNAME] Executing"; jq -e -r '.timezone' $SYSTEM_INFO_FILE; } 156 | get_system_version() { debug "[$FUNCNAME] Executing"; jq -e -r '.version' $SYSTEM_INFO_FILE; } 157 | get_system_startedat() { debug "[$FUNCNAME] Executing"; jq -e -r '.started_at' $SYSTEM_INFO_FILE; } 158 | 159 | # Cluster overview 160 | CLUSTER_INFO_FILE=${WORKDIR}/${HOSTNAME}-cluster.json 161 | get_cluster_info() { get_json_info "/system/cluster/stats" $CLUSTER_INFO_FILE; } 162 | get_cluster_stream_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.stream_count' $CLUSTER_INFO_FILE; } 163 | get_cluster_stream_rules_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.stream_rule_count' $CLUSTER_INFO_FILE; } 164 | get_cluster_user_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.user_count' $CLUSTER_INFO_FILE; } 165 | get_cluster_output_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.output_count' $CLUSTER_INFO_FILE; } 166 | get_cluster_dashboard_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.dashboard_count' $CLUSTER_INFO_FILE; } 167 | get_cluster_input_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.input_count' $CLUSTER_INFO_FILE; } 168 | get_cluster_global_input_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.global_input_count' $CLUSTER_INFO_FILE; } 169 | get_cluster_extractor_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.extractor_count' $CLUSTER_INFO_FILE; } 170 | get_cluster_contentpack_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.content_pack_count' $CLUSTER_INFO_FILE; } 171 | get_cluster_alerts_count() { debug "[$FUNCNAME] Executing"; jq -e -r '.alarm_stats.alert_count' $CLUSTER_INFO_FILE; } 172 | get_cluster_es_state() { debug "[$FUNCNAME] Executing"; jq -e -r '.elasticsearch.status' $CLUSTER_INFO_FILE; } 173 | 174 | # Various ungrouped checks 175 | get_total_message_count() { debug "[$FUNCNAME] Executing"; ${CURL_BASE_CMD}/count/total | jq -e -r .events ; } 176 | get_node_throughput() { debug "[$FUNCNAME] Executing"; ${CURL_BASE_CMD}/system/throughput | jq -e -r .throughput ; } 177 | get_current_deflector() { debug "[$FUNCNAME] Executing"; ${CURL_BASE_CMD}/system/deflector | jq -e -r .current_target ; } 178 | 179 | poll_data() { 180 | 181 | debug "[$FUNCNAME] [$(basename $NODE_INFO_FILE)] Getting node info"; get_node_info & 182 | debug "[$FUNCNAME] [$(basename $JOURNAL_INFO_FILE)] Getting journal info"; get_system_journal_info & 183 | debug "[$FUNCNAME] [$(basename $SYSTEM_INFO_FILE)] Getting system info"; get_system_system_info & 184 | debug "[$FUNCNAME] [$(basename $CLUSTER_INFO_FILE)] Getting cluster info"; get_cluster_info & 185 | 186 | wait 187 | 188 | [[ -s $NODE_INFO_FILE ]] && `cat $JOURNAL_INFO_FILE |jq -e '.' >/dev/null` || fail "[$FUNCNAME] FAIL. Could not retrieve JSON for node info" 189 | [[ -s $JOURNAL_INFO_FILE ]] && `cat $NODE_INFO_FILE |jq -e '.' >/dev/null` || fail "[$FUNCNAME] FAIL. Could not retrieve JSON for journal info" 190 | [[ -s $SYSTEM_INFO_FILE ]] && `cat $SYSTEM_INFO_FILE |jq -e '.' >/dev/null` || fail "[$FUNCNAME] FAIL. Could not retrieve JSON for system info" 191 | [[ -s $CLUSTER_INFO_FILE ]] && `cat $CLUSTER_INFO_FILE |jq -e '.' >/dev/null` || fail "[$FUNCNAME] FAIL. Could not retrieve JSON for cluster info" 192 | 193 | sync 194 | } 195 | 196 | fail() { 197 | # PPID should be the zabbix poller process and $$ the shell process 198 | echo -e "$(date '+%Y%m%d %H:%M:%S.%3N') {$PPID} [$$] $@" >> $LOG 199 | } 200 | 201 | debug() { 202 | if [ "$DEBUG" == "1" ]; then 203 | # PPID should be the zabbix poller process and $$ the shell process 204 | echo -e "$(date '+%Y%m%d %H:%M:%S.%3N') {$PPID} [$$] $@" 205 | fi 206 | } 207 | 208 | case $ATTR in 209 | total_message_count) get_total_message_count ;; 210 | node_throughput) get_node_throughput ;; 211 | current_deflector) get_current_deflector ;; 212 | 213 | poll_data) exlock; poll_data ;; 214 | 215 | node_id) shlock; get_node_id ;; 216 | node_transport) shlock; get_node_transport_addr ;; 217 | node_is_master) shlock; get_node_is_master ;; 218 | node_cluster) shlock; get_node_cluster ;; 219 | node_type) shlock; get_node_type ;; 220 | journal_events_read) shlock; get_system_journal_events_read ;; 221 | journal_events_append) shlock; get_system_journal_events_append ;; 222 | journal_size) shlock; get_system_journal_size ;; 223 | journal_num_segments) shlock; get_system_journal_num_segments ;; 224 | journal_uncommitted_entries) shlock; get_system_journal_uncommitted_entries ;; 225 | lb_status) shlock; get_system_lb_status ;; 226 | es_cluster_health) shlock; get_cluster_es_state ;; 227 | system_lifecycle) shlock; get_system_lifecycle ;; 228 | system_isprocessing) shlock; get_system_isprocessing ;; 229 | system_tz) shlock; get_system_tz ;; 230 | system_version) shlock; get_system_version ;; 231 | system_startedat) shlock; get_system_startedat ;; 232 | cluster_stream_count) shlock; get_cluster_stream_count ;; 233 | cluster_stream_rule_count) shlock; get_cluster_stream_rules_count ;; 234 | cluster_user_count) shlock; get_cluster_user_count ;; 235 | cluster_output_count) shlock; get_cluster_output_count ;; 236 | cluster_dashboard_count) shlock; get_cluster_dashboard_count ;; 237 | cluster_input_count) shlock; get_cluster_input_count ;; 238 | cluster_global_input_count) shlock; get_cluster_global_input_count ;; 239 | cluster_extractor_count) shlock; get_cluster_extractor_count ;; 240 | cluster_contentpack_count) shlock; get_cluster_contentpack_count ;; 241 | cluster_alerts_count) shlock; get_cluster_alerts_count ;; 242 | 243 | *) fail "[Attribute FAIL] Unknown attribute to monitor." && echo "Unknown attribute to monitor" ;; 244 | esac 245 | 246 | -------------------------------------------------------------------------------- /template/graylog2_server_template.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 2.0 4 | 2015-12-28T06:02:39Z 5 | 6 | 7 | Templates 8 | 9 | 10 | 11 | 1367 | 1368 | 1369 | 1370 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1371 | API port is DOWN 1372 | 1373 | 0 1374 | 4 1375 | 1376 | 0 1377 | 1378 | 1379 | 1380 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","es_cluster_health"].str(RED)}=1 1381 | ES cluster health is RED 1382 | 1383 | 0 1384 | 4 1385 | 1386 | 0 1387 | 1388 | 1389 | API port is DOWN 1390 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1391 | 1392 | 1393 | 1394 | 1395 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","es_cluster_health"].str(YELLOW)}=1 1396 | ES cluster health is YELLOW 1397 | 1398 | 0 1399 | 2 1400 | 1401 | 0 1402 | 1403 | 1404 | API port is DOWN 1405 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1406 | 1407 | 1408 | 1409 | 1410 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","poll_data"].str(FAIL)}=1 1411 | Fail to poll data 1412 | 1413 | 0 1414 | 3 1415 | 1416 | 0 1417 | 1418 | 1419 | API port is DOWN 1420 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1421 | 1422 | 1423 | 1424 | 1425 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","journal_events_append"].avg(300)}>1000 1426 | Journal append events stacking up 1427 | 1428 | 1 1429 | 3 1430 | 1431 | 0 1432 | 1433 | 1434 | API port is DOWN 1435 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1436 | 1437 | 1438 | 1439 | 1440 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","journal_events_read"].avg(300)}>1000 1441 | Journal read events stacking up 1442 | 1443 | 1 1444 | 2 1445 | 1446 | 0 1447 | 1448 | 1449 | API port is DOWN 1450 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1451 | 1452 | 1453 | 1454 | 1455 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","journal_uncommitted_entries"].avg(300)}>1000 1456 | Journal uncommitted entries are stacking up 1457 | 1458 | 1 1459 | 3 1460 | 1461 | 0 1462 | 1463 | 1464 | API port is DOWN 1465 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1466 | 1467 | 1468 | 1469 | 1470 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","node_cluster"].change(0)}<0 1471 | Node cluster ID changed 1472 | 1473 | 0 1474 | 1 1475 | 1476 | 0 1477 | 1478 | 1479 | API port is DOWN 1480 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1481 | 1482 | 1483 | 1484 | 1485 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","node_id"].change(0)}<0 1486 | Node ID changed 1487 | 1488 | 0 1489 | 1 1490 | 1491 | 0 1492 | 1493 | 1494 | API port is DOWN 1495 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1496 | 1497 | 1498 | 1499 | 1500 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","lb_status"].str(alive)}=0 1501 | Node is marked as DOWN 1502 | 1503 | 0 1504 | 2 1505 | 1506 | 0 1507 | 1508 | 1509 | API port is DOWN 1510 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1511 | 1512 | 1513 | 1514 | 1515 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","system_isprocessing"].str(false)}=1 1516 | Node is not processing 1517 | 1518 | 0 1519 | 3 1520 | 1521 | 0 1522 | 1523 | 1524 | API port is DOWN 1525 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1526 | 1527 | 1528 | 1529 | 1530 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","system_lifecycle"].str(running)}=0 1531 | Node is not running 1532 | 1533 | 0 1534 | 3 1535 | 1536 | 0 1537 | 1538 | 1539 | API port is DOWN 1540 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1541 | 1542 | 1543 | 1544 | 1545 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","node_is_master"].change(0)}<0 1546 | Node master status changed 1547 | 1548 | 0 1549 | 1 1550 | 1551 | 0 1552 | 1553 | 1554 | API port is DOWN 1555 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1556 | 1557 | 1558 | 1559 | 1560 | {Template graylog2 server:check_graylog_node["-H",{HOST.CONN},"-a","node_transport"].change(0)}<0 1561 | Node transport info changed 1562 | 1563 | 0 1564 | 1 1565 | 1566 | 0 1567 | 1568 | 1569 | API port is DOWN 1570 | {Template graylog2 server:net.tcp.service[http,{HOST.CONN},12900].last()}=0 1571 | 1572 | 1573 | 1574 | 1575 | 1576 | 1577 | Journal stack graph 1578 | 900 1579 | 200 1580 | 0.0000 1581 | 100.0000 1582 | 1 1583 | 1 1584 | 1 1585 | 1 1586 | 0 1587 | 0.0000 1588 | 0.0000 1589 | 0 1590 | 0 1591 | 0 1592 | 0 1593 | 1594 | 1595 | 0 1596 | 0 1597 | 00C800 1598 | 0 1599 | 2 1600 | 0 1601 | 1602 | Template graylog2 server 1603 | check_graylog_node["-H",{HOST.CONN},"-a","journal_events_append"] 1604 | 1605 | 1606 | 1607 | 1 1608 | 0 1609 | C80000 1610 | 0 1611 | 2 1612 | 0 1613 | 1614 | Template graylog2 server 1615 | check_graylog_node["-H",{HOST.CONN},"-a","journal_events_read"] 1616 | 1617 | 1618 | 1619 | 2 1620 | 0 1621 | 0000C8 1622 | 0 1623 | 2 1624 | 0 1625 | 1626 | Template graylog2 server 1627 | check_graylog_node["-H",{HOST.CONN},"-a","journal_uncommitted_entries"] 1628 | 1629 | 1630 | 1631 | 1632 | 1633 | 1634 | --------------------------------------------------------------------------------