Attachment 203911 Details for Bug 237485 – v1 patch

[patch] v1 patch

D20021.diff (text/plain), 37.01 KB, created by Dave Cottlehuber on 2019-04-23 07:46:26 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Dave Cottlehuber

Created: 2019-04-23 07:46:26 UTC

Size: 37.01 KB

patch

obsolete

>Index: UPDATING
>===================================================================
>--- UPDATING
>+++ UPDATING
>@@ -5,6 +5,25 @@
> You should get into the habit of checking this file for changes each time
> you update your ports collection, before attempting any port upgrades.
> 
>+20190423:
>+  AFFECTS: users of sysutils/graylog
>+  AUTHOR: dch@FreeBSD.org
>+
>+  The port has been updated to the latest stable version 3.0.1, which
>+  includes more plugins by default, but also requires manual changes to
>+  graylog's configuration files, possibly port and URL changes, such as
>+  X-Graylog-Server-URL settings, and elasticsearch must be >= 5.
>+
>+  The location of configuration files has been amended to align with the
>+  official distribution files and locations.
>+
>+  After upgrading, manually review and merge changes from your
>+  /usr/local/etc/graylog/server/server.conf into
>+  /usr/local/etc/graylog/graylog.confa
>+
>+  Consult https://www.graylog.org/post/announcing-graylog-v3-0-ga for
>+  further details.
>+
> 20190422:
>   AFFECTS: users of security/libressl
>   AUTHOR: brnrd@FreeBSD.org
>Index: sysutils/graylog/Makefile
>===================================================================
>--- sysutils/graylog/Makefile
>+++ sysutils/graylog/Makefile
>@@ -2,7 +2,8 @@
> # $FreeBSD$
> 
> PORTNAME=	graylog
>-DISTVERSION=	2.4.6
>+DISTVERSION=	3.0.1
>+
> CATEGORIES=	sysutils java
> MASTER_SITES=	https://packages.graylog2.org/releases/graylog/ \
> 		http://packages.graylog2.org/releases/graylog/
>@@ -24,7 +25,7 @@
> NO_ARCH=	yes
> 
> USE_RC_SUBR=	graylog
>-SUB_FILES=	server.conf log4j2.xml pkg-message graylog_logging.xml
>+SUB_FILES=	log4j2.xml pkg-message
> 
> GRAYLOGUSER?=	graylog
> GRAYLOGGROUP?=	${GRAYLOGUSER}
>@@ -38,20 +39,21 @@
> 		GRAYLOG_LOGS_DIR=${GRAYLOG_LOGS_DIR} \
> 		GRAYLOG_DATA_DIR=${GRAYLOG_DATA_DIR}
> 
>-PLIST_SUB=	GRAYLOG_DATA_DIR=${GRAYLOG_DATA_DIR} \
>+PLIST_SUB=	DISTVERSION=${DISTVERSION} \
>+		GRAYLOG_DATA_DIR=${GRAYLOG_DATA_DIR} \
> 		GRAYLOG_LOGS_DIR=${GRAYLOG_LOGS_DIR} \
> 		GRAYLOGUSER=${GRAYLOGUSER} \
> 		GRAYLOGGROUP=${GRAYLOGGROUP} \
>-		PORTVERSION=${PORTVERSION}
>+		PORTNAME=${PORTNAME}
> 
> do-install:
> 	@${MKDIR} ${STAGEDIR}${DATADIR}/plugin
>-	@${MKDIR} ${STAGEDIR}${ETCDIR}/server
>+	@${MKDIR} ${STAGEDIR}${ETCDIR}
> 	@${MKDIR} ${STAGEDIR}${GRAYLOG_DATA_DIR}
> 	@${MKDIR} ${STAGEDIR}${GRAYLOG_LOGS_DIR}
> 	${INSTALL_DATA} ${WRKSRC}/graylog.jar ${STAGEDIR}${DATADIR}
>+	${INSTALL_DATA} ${WRKSRC}/graylog.conf.example ${STAGEDIR}${ETCDIR}/graylog.conf.example
> 	cd ${WRKSRC}/plugin && ${COPYTREE_SHARE} . ${STAGEDIR}${DATADIR}/plugin
>-	${INSTALL_DATA} ${WRKDIR}/server.conf ${STAGEDIR}${ETCDIR}/server/server.conf.sample
>-	${INSTALL_DATA} ${WRKDIR}/log4j2.xml ${STAGEDIR}${ETCDIR}/server/log4j2.xml.sample
>+	${INSTALL_DATA} ${WRKDIR}/log4j2.xml ${STAGEDIR}${ETCDIR}/log4j2.xml.example
> 
> .include <bsd.port.mk>
>Index: sysutils/graylog/distinfo
>===================================================================
>--- sysutils/graylog/distinfo
>+++ sysutils/graylog/distinfo
>@@ -1,3 +1,3 @@
>-TIMESTAMP = 1542056253
>-SHA256 (graylog-2.4.6.tgz) = fcfaf44c3faea8297f340ddc6ed19e5b1fe8f3de3c1b2a1078119565fe2f751d
>-SIZE (graylog-2.4.6.tgz) = 122985232
>+TIMESTAMP = 1556003719
>+SHA256 (graylog-3.0.1.tgz) = 11db663c02173942380b1d1b05a60785aff4d311512dfa993212a626d800401d
>+SIZE (graylog-3.0.1.tgz) = 112064061
>Index: sysutils/graylog/files/graylog.in
>===================================================================
>--- sysutils/graylog/files/graylog.in
>+++ sysutils/graylog/files/graylog.in
>@@ -55,14 +55,14 @@
> : ${graylog_enable:="NO"}
> : ${graylog_user:="%%GRAYLOGUSER%%"}
> : ${graylog_group:="%%GRAYLOGGROUP%%"}
>-: ${graylog_config:="%%ETCDIR%%/server/server.conf"}
>+: ${graylog_config:="%%ETCDIR%%/graylog.conf"}
> : ${graylog_min_mem:="256m"}
> : ${graylog_max_mem:="1g"}
> : ${graylog_dir:="%%DATADIR%%"}
> : ${graylog_data_dir:="%%GRAYLOG_DATA_DIR%%"}
> : ${graylog_logs_dir:="%%GRAYLOG_LOGS_DIR%%"}
> : ${graylog_run_dir:="/var/run/graylog"}
>-: ${graylog_log_config:="%%ETCDIR%%/server/log4j2.xml"}
>+: ${graylog_log_config:="%%ETCDIR%%/log4j2.xml"}
> 
> java_options=" \
>     -Djava.awt.headless=true \
>Index: sysutils/graylog/files/graylog_logging.xml.in
>===================================================================
>--- sysutils/graylog/files/graylog_logging.xml.in
>+++ /dev/null
>@@ -1,34 +0,0 @@
>-<?xml version="1.0" encoding="UTF-8"?>
>-<!DOCTYPE log4j:configuration PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" "log4j.dtd">
>-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
>-
>-    <appender name="FILE" class="org.apache.log4j.rolling.RollingFileAppender">
>-        <rollingPolicy class="org.apache.log4j.rolling.FixedWindowRollingPolicy" >
>-            <param name="activeFileName" value="%%GRAYLOG_LOGS_DIR%%/server.log" /> 
>-            <param name="fileNamePattern" value="%%GRAYLOG_LOGS_DIR%%/server.%i.log" /> 
>-            <param name="minIndex" value="1" /> 
>-            <param name="maxIndex" value="10" /> 
>-        </rollingPolicy>
>-        <triggeringPolicy class="org.apache.log4j.rolling.SizeBasedTriggeringPolicy">
>-            <param name="maxFileSize" value="5767168" /> 
>-        </triggeringPolicy>
>-        <layout class="org.apache.log4j.PatternLayout">
>-            <param name="ConversionPattern" value="%d %-5p: %c - %m%n"/>
>-        </layout>
>-    </appender>
>-
>-    
>-    <logger name="org.graylog2">
>-        <level value="info"/>
>-    </logger>
>-    
>-    <logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl">
>-        <level value="error"/>
>-    </logger>
>-    
>-    <root>
>-        <priority value="info"/>
>-        <appender-ref ref="FILE"/>
>-    </root>
>-
>-</log4j:configuration>
>Index: sysutils/graylog/files/log4j2.xml.in
>===================================================================
>--- sysutils/graylog/files/log4j2.xml.in
>+++ sysutils/graylog/files/log4j2.xml.in
>@@ -33,10 +33,7 @@
>         
>         <Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
>         <Root level="warn">
>-            <AppenderRef ref="STDOUT"/>
>             <AppenderRef ref="graylog-internal-logs"/>
>-        </Root>
>-        <Root level="error">
>             <AppenderRef ref="FreeBSD-logs"/>
>         </Root>
>     </Loggers>
>Index: sysutils/graylog/files/pkg-message.in
>===================================================================
>--- sysutils/graylog/files/pkg-message.in
>+++ sysutils/graylog/files/pkg-message.in
>@@ -1,7 +1,7 @@
> ======================================================================
> 
>-Please see %%ETCDIR%% for sample versions of server.conf, log4j.xml, and
>-graylog_logging.xml, and adjust them for your configuration.
>+Please see %%ETCDIR%% for sample versions of graylog.conf, log4j.xml, and
>+and adjust them for your configuration.
> 
> For GeoIP support you need to install the net/GeoIP port and
> configure the path to the GeoIP databases in the Graylog Web Interface.
>@@ -15,3 +15,10 @@
> 
> And ensure that the elasticsearch cluster name matches that used by graylog.
> ======================================================================
>+
>+The locations for configuration files have changed to match upstream
>+versions, using %%ETCDIR%%/graylog.conf instead of server/server.conf.
>+
>+You can either relocate your config files, or use rc.conf settings to
>+specify appropriate paths using graylog_config and graylog_log_config
>+for graylog.conf and log4j.xml respectively.
>Index: sysutils/graylog/files/server.conf.in
>===================================================================
>--- sysutils/graylog/files/server.conf.in
>+++ /dev/null
>@@ -1,586 +0,0 @@
>-############################
>-# GRAYLOG CONFIGURATION FILE
>-############################
>-#
>-# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
>-# Characters that cannot be directly represented in this encoding can be written using Unicode escapes
>-# as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
>-# For example, \u002c.
>-# 
>-# * Entries are generally expected to be a single line of the form, one of the following:
>-#
>-# propertyName=propertyValue
>-# propertyName:propertyValue
>-#
>-# * White space that appears between the property name and property value is ignored,
>-#   so the following are equivalent:
>-# 
>-# name=Stephen
>-# name = Stephen
>-#
>-# * White space at the beginning of the line is also ignored.
>-#
>-# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
>-#
>-# * The property value is generally terminated by the end of the line. White space following the
>-#   property value is not ignored, and is treated as part of the property value.
>-#
>-# * A property value can span several lines if each line is terminated by a backslash (â\â) character.
>-#   For example:
>-#
>-# targetCities=\
>-#         Detroit,\
>-#         Chicago,\
>-#         Los Angeles
>-#
>-#   This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
>-# 
>-# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
>-# 
>-# * The backslash character must be escaped as a double backslash. For example:
>-# 
>-# path=c:\\docs\\doc1
>-#
>-
>-# If you are running more than one instances of Graylog server you have to select one of these
>-# instances as master. The master will perform some periodical tasks that non-masters won't perform.
>-is_master = true
>-
>-# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
>-# to use an absolute file path here if you are starting Graylog server from init scripts or similar.
>-node_id_file = %%GRAYLOG_DATA_DIR%%/node-id
>-
>-# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
>-# Generate one by using for example: pwgen -N 1 -s 96
>-password_secret =
>-
>-# The default root user is named 'admin'
>-#root_username = admin
>-
>-# You MUST specify a hash password for the root user (which you only need to initially set up the
>-# system and in case you lose connectivity to your authentication backend)
>-# This password cannot be changed using the API or via the web interface. If you need to change it,
>-# modify it in this file.
>-# Create one by using for example: echo -n yourpassword | shasum -a 256
>-# and put the resulting hash value into the following line
>-root_password_sha2 =
>-
>-# The email address of the root user.
>-# Default is empty
>-#root_email = ""
>-
>-# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
>-# Default is UTC
>-#root_timezone = UTC
>-
>-# Set plugin directory here (relative or absolute)
>-plugin_dir = %%DATADIR%%/plugin
>-
>-# REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
>-# When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
>-rest_listen_uri = http://127.0.0.1:9000/api/
>-
>-# REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
>-# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
>-# If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
>-# this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
>-# You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
>-# the scheme, host name or URI.
>-# This must not contain a wildcard address (0.0.0.0).
>-#rest_transport_uri = http://192.168.1.1:9000/api/
>-
>-# Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
>-# If these are disabled, modern browsers will not be able to retrieve resources from the server.
>-# This is enabled by default. Uncomment the next line to disable it.
>-#rest_enable_cors = false
>-
>-# Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
>-# overall round trip times. This is enabled by default. Uncomment the next line to disable it.
>-#rest_enable_gzip = false
>-
>-# Enable HTTPS support for the REST API. This secures the communication with the REST API with
>-# TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
>-# next line to enable it.
>-#rest_enable_tls = true
>-
>-# The X.509 certificate chain file in PEM format to use for securing the REST API.
>-#rest_tls_cert_file = /path/to/graylog.crt
>-
>-# The PKCS#8 private key file in PEM format to use for securing the REST API.
>-#rest_tls_key_file = /path/to/graylog.key
>-
>-# The password to unlock the private key used for securing the REST API.
>-#rest_tls_key_password = secret
>-
>-# The maximum size of the HTTP request headers in bytes.
>-#rest_max_header_size = 8192
>-
>-# The size of the thread pool used exclusively for serving the REST API.
>-#rest_thread_pool_size = 16
>-
>-# Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
>-# header. May be subnets, or hosts.
>-#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
>-
>-# Enable the embedded Graylog web interface.
>-# Default: true
>-#web_enable = false
>-
>-# Web interface listen URI.
>-# Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement
>-# for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface.
>-#web_listen_uri = http://127.0.0.1:9000/
>-
>-# Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.
>-# Default: $rest_transport_uri
>-#web_endpoint_uri =
>-
>-# Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.
>-# If these are disabled, modern browsers will not be able to retrieve resources from the server.
>-#web_enable_cors = false
>-
>-# Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce
>-# overall round trip times. This is enabled by default. Uncomment the next line to disable it.
>-#web_enable_gzip = false
>-
>-# Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
>-# using TLS to prevent request forgery and eavesdropping.
>-# This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
>-#web_enable_tls = true
>-
>-# The X.509 certificate chain file in PEM format to use for securing the web interface.
>-#web_tls_cert_file = /path/to/graylog-web.crt
>-
>-# The PKCS#8 private key file in PEM format to use for securing the web interface.
>-#web_tls_key_file = /path/to/graylog-web.key
>-
>-# The password to unlock the private key used for securing the web interface.
>-#web_tls_key_password = secret
>-
>-# The maximum size of the HTTP request headers in bytes.
>-#web_max_header_size = 8192
>-
>-# The size of the thread pool used exclusively for serving the web interface.
>-#web_thread_pool_size = 16
>-
>-# List of Elasticsearch hosts Graylog should connect to.
>-# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
>-# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
>-# requires authentication.
>-#
>-# Default: http://127.0.0.1:9200
>-#elasticsearch_hosts = http://node1:9200,http://user:password@node2:19200
>-
>-# Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port.
>-#
>-# Default: 10 Seconds
>-#elasticsearch_connect_timeout = 10s
>-
>-# Maximum amount of time to wait for reading back a response from an Elasticsearch server.
>-#
>-# Default: 60 seconds
>-#elasticsearch_socket_timeout = 60s
>-
>-# Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will
>-# be tore down.
>-#
>-# Default: inf
>-#elasticsearch_idle_timeout = -1s
>-
>-# Maximum number of total connections to Elasticsearch.
>-#
>-# Default: 20
>-#elasticsearch_max_total_connections = 20
>-
>-# Maximum number of total connections per Elasticsearch route (normally this means per
>-# elasticsearch server).
>-#
>-# Default: 2
>-#elasticsearch_max_total_connections_per_route = 2
>-
>-# Maximum number of times Graylog will retry failed requests to Elasticsearch.
>-#
>-# Default: 2
>-#elasticsearch_max_retries = 2
>-
>-# Enable automatic Elasticsearch node discovery through Nodes Info,
>-# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html
>-#
>-# WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield.
>-#
>-# Default: false
>-#elasticsearch_discovery_enabled = true
>-
>-# Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes,
>-# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes
>-#
>-# Default: empty
>-#elasticsearch_discovery_filter = rack:42
>-
>-# Frequency of the Elasticsearch node discovery.
>-#
>-# Default: 30s
>-# elasticsearch_discovery_frequency = 30s
>-
>-# Enable payload compression for Elasticsearch requests.
>-#
>-# Default: false
>-#elasticsearch_compression_enabled = true
>-
>-# Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
>-# when to rotate the currently active write index.
>-# It supports multiple rotation strategies:
>-#   - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
>-#   - "size" per index, use elasticsearch_max_size_per_index below to configure
>-# valid values are "count", "size" and "time", default is "count"
>-#
>-# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
>-#            to your previous 1.x settings so they will be migrated to the database!
>-rotation_strategy = count
>-
>-# (Approximate) maximum number of documents in an Elasticsearch index before a new index
>-# is being created, also see no_retention and elasticsearch_max_number_of_indices.
>-# Configure this if you used 'rotation_strategy = count' above.
>-#
>-# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
>-#            to your previous 1.x settings so they will be migrated to the database!
>-elasticsearch_max_docs_per_index = 20000000
>-
>-# (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
>-# no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
>-# Configure this if you used 'rotation_strategy = size' above.
>-#
>-# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
>-#            to your previous 1.x settings so they will be migrated to the database!
>-#elasticsearch_max_size_per_index = 1073741824
>-
>-# (Approximate) maximum time before a new Elasticsearch index is being created, also see
>-# no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
>-# Configure this if you used 'rotation_strategy = time' above.
>-# Please note that this rotation period does not look at the time specified in the received messages, but is
>-# using the real clock value to decide when to rotate the index!
>-# Specify the time using a duration and a suffix indicating which unit you want:
>-#  1w  = 1 week
>-#  1d  = 1 day
>-#  12h = 12 hours
>-# Permitted suffixes are: d for day, h for hour, m for minute, s for second.
>-#
>-# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
>-#            to your previous 1.x settings so they will be migrated to the database!
>-#elasticsearch_max_time_per_index = 1d
>-
>-# Disable checking the version of Elasticsearch for being compatible with this Graylog release.
>-# WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
>-#elasticsearch_disable_version_check = true
>-
>-# Disable message retention on this node, i. e. disable Elasticsearch index rotation.
>-#no_retention = false
>-
>-# How many indices do you want to keep?
>-#
>-# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
>-#            to your previous 1.x settings so they will be migrated to the database!
>-elasticsearch_max_number_of_indices = 20
>-
>-# Decide what happens with the oldest indices when the maximum number of indices is reached.
>-# The following strategies are availble:
>-#   - delete # Deletes the index completely (Default)
>-#   - close # Closes the index and hides it from the system. Can be re-opened later.
>-#
>-# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
>-#            to your previous 1.x settings so they will be migrated to the database!
>-retention_strategy = delete
>-
>-# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
>-# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
>-#            to your previous settings so they will be migrated to the database!
>-elasticsearch_shards = 4
>-elasticsearch_replicas = 0
>-
>-# Prefix for all Elasticsearch indices and index aliases managed by Graylog.
>-#
>-# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
>-#            to your previous settings so they will be migrated to the database!
>-elasticsearch_index_prefix = graylog
>-
>-# Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
>-# Default: graylog-internal
>-#
>-# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
>-#            to your previous settings so they will be migrated to the database!
>-#elasticsearch_template_name = graylog-internal
>-
>-# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
>-# be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html
>-allow_leading_wildcard_searches = false
>-
>-# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
>-# should only be enabled after making sure your Elasticsearch cluster has enough memory.
>-allow_highlighting = false
>-
>-# Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
>-# All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
>-# Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html
>-# Note that this setting only takes effect on newly created indices.
>-#
>-# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
>-#            to your previous settings so they will be migrated to the database!
>-elasticsearch_analyzer = standard
>-
>-# Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
>-# calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
>-# Default: 1m
>-#elasticsearch_request_timeout = 1m
>-
>-# Global timeout for index optimization (force merge) requests.
>-# Default: 1h
>-#elasticsearch_index_optimization_timeout = 1h
>-
>-# Maximum number of concurrently running index optimization (force merge) jobs.
>-# If you are using lots of different index sets, you might want to increase that number.
>-# Default: 20
>-#elasticsearch_index_optimization_jobs = 20
>-
>-# Time interval for index range information cleanups. This setting defines how often stale index range information
>-# is being purged from the database.
>-# Default: 1h
>-#index_ranges_cleanup_interval = 1h
>-
>-# Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
>-# module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
>-# reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
>-# that every outputbuffer processor manages its own batch and performs its own batch write calls.
>-# ("outputbuffer_processors" variable)
>-output_batch_size = 500
>-
>-# Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
>-# batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
>-# for this time period is less than output_batch_size * outputbuffer_processors.
>-output_flush_interval = 1
>-
>-# As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
>-# over again. To prevent this, the following configuration options define after how many faults an output will
>-# not be tried again for an also configurable amount of seconds.
>-output_fault_count_threshold = 5
>-output_fault_penalty_seconds = 30
>-
>-# The number of parallel running processors.
>-# Raise this number if your buffers are filling up.
>-processbuffer_processors = 5
>-outputbuffer_processors = 3
>-
>-# The following settings (outputbuffer_processor_*) configure the thread pools backing each output buffer processor.
>-# See https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadPoolExecutor.html for technical details
>-
>-# When the number of threads is greater than the core (see outputbuffer_processor_threads_core_pool_size),
>-# this is the maximum time in milliseconds that excess idle threads will wait for new tasks before terminating.
>-# Default: 5000
>-#outputbuffer_processor_keep_alive_time = 5000
>-
>-# The number of threads to keep in the pool, even if they are idle, unless allowCoreThreadTimeOut is set
>-# Default: 3
>-#outputbuffer_processor_threads_core_pool_size = 3
>-
>-# The maximum number of threads to allow in the pool
>-# Default: 30
>-#outputbuffer_processor_threads_max_pool_size = 30
>-
>-# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
>-#udp_recvbuffer_sizes = 1048576
>-
>-# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
>-# Possible types:
>-#  - yielding
>-#     Compromise between performance and CPU usage.
>-#  - sleeping
>-#     Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
>-#  - blocking
>-#     High throughput, low latency, higher CPU usage.
>-#  - busy_spinning
>-#     Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
>-processor_wait_strategy = blocking
>-
>-# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
>-# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
>-# Must be a power of 2. (512, 1024, 2048, ...)
>-ring_size = 65536
>-
>-inputbuffer_ring_size = 65536
>-inputbuffer_processors = 2
>-inputbuffer_wait_strategy = blocking
>-
>-# Enable the disk based message journal.
>-message_journal_enabled = true
>-
>-# The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
>-# must not contain any other files than the ones created by Graylog itself.
>-#
>-# ATTENTION:
>-#   If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'
>-#   in the root directory, you need to create a sub directory for your journal.
>-#   Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.
>-message_journal_dir = %%GRAYLOG_DATA_DIR%%/journal
>-
>-# Journal hold messages before they could be written to Elasticsearch.
>-# For a maximum of 12 hours or 5 GB whichever happens first.
>-# During normal operation the journal will be smaller.
>-#message_journal_max_age = 12h
>-#message_journal_max_size = 5gb
>-
>-#message_journal_flush_age = 1m
>-#message_journal_flush_interval = 1000000
>-#message_journal_segment_age = 1h
>-#message_journal_segment_size = 100mb
>-
>-# Number of threads used exclusively for dispatching internal events. Default is 2.
>-#async_eventbus_processors = 2
>-
>-# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
>-# shutdown process. Set to 0 if you have no status checking load balancers in front.
>-lb_recognition_period_seconds = 3
>-
>-# Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is
>-# disabled if not set.
>-#lb_throttle_threshold_percentage = 95
>-
>-# Every message is matched against the configured streams and it can happen that a stream contains rules which
>-# take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
>-# This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
>-# streams, Graylog limits the execution time for each stream.
>-# The default values are noted below, the timeout is in milliseconds.
>-# If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
>-# that stream is disabled and a notification is shown in the web interface.
>-#stream_processing_timeout = 2000
>-#stream_processing_max_faults = 3
>-
>-# Length of the interval in seconds in which the alert conditions for all streams should be checked
>-# and alarms are being sent.
>-#alert_check_interval = 60
>-
>-# Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
>-# outputs. The next setting defines the timeout for a single output module, including the default output module where all
>-# messages end up.
>-#
>-# Time in milliseconds to wait for all message outputs to finish writing a single message.
>-#output_module_timeout = 10000
>-
>-# Time in milliseconds after which a detected stale master node is being rechecked on startup.
>-#stale_master_timeout = 2000
>-
>-# Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
>-#shutdown_timeout = 30000
>-
>-# MongoDB connection string
>-# See https://docs.mongodb.com/manual/reference/connection-string/ for details
>-mongodb_uri = mongodb://localhost/graylog
>-
>-# Authenticate against the MongoDB server
>-#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
>-
>-# Use a replica set instead of a single host
>-#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
>-
>-# Increase this value according to the maximum connections your MongoDB server can handle from a single client
>-# if you encounter MongoDB connection problems.
>-mongodb_max_connections = 1000
>-
>-# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
>-# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
>-# then 500 threads can block. More than that and an exception will be thrown.
>-# http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
>-mongodb_threads_allowed_to_block_multiplier = 5
>-
>-# Drools Rule File (Use to rewrite incoming log messages)
>-# See: http://docs.graylog.org/en/2.1/pages/drools.html
>-#rules_file = /etc/graylog/server/rules.drl
>-
>-# Email transport
>-#transport_email_enabled = false
>-#transport_email_hostname = mail.example.com
>-#transport_email_port = 587
>-#transport_email_use_auth = true
>-#transport_email_use_tls = true
>-#transport_email_use_ssl = true
>-#transport_email_auth_username = you@example.com
>-#transport_email_auth_password = secret
>-#transport_email_subject_prefix = [graylog]
>-#transport_email_from_email = graylog@example.com
>-
>-# Specify and uncomment this if you want to include links to the stream in your stream alert mails.
>-# This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
>-#transport_email_web_interface_url = https://graylog.example.com
>-
>-# The default connect timeout for outgoing HTTP connections.
>-# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
>-# Default: 5s
>-#http_connect_timeout = 5s
>-
>-# The default read timeout for outgoing HTTP connections.
>-# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
>-# Default: 10s
>-#http_read_timeout = 10s
>-
>-# The default write timeout for outgoing HTTP connections.
>-# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
>-# Default: 10s
>-#http_write_timeout = 10s
>-
>-# HTTP proxy for outgoing HTTP connections
>-# ATTENTION: If you configure a proxy, make sure to also configure the "http_non_proxy_hosts" option so internal
>-#            HTTP connections with other nodes does not go through the proxy.
>-# Examples:
>-#   - http://proxy.example.com:8123
>-#   - http://username:password@proxy.example.com:8123
>-#http_proxy_uri =
>-
>-# A list of hosts that should be reached directly, bypassing the configured proxy server.
>-# This is a list of patterns separated by ",". The patterns may start or end with a "*" for wildcards.
>-# Any host matching one of these patterns will be reached through a direct connection instead of through a proxy.
>-# Examples:
>-#   - localhost,127.0.0.1
>-#   - 10.0.*,*.example.com
>-#http_non_proxy_hosts =
>-
>-# Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
>-# on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
>-# cycled indices.
>-#
>-# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
>-#            to your previous settings so they will be migrated to the database!
>-#disable_index_optimization = true
>-
>-# Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
>-# on heavily used systems with large indices, but it will decrease search performance. The default is 1.
>-#
>-# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
>-#            to your previous settings so they will be migrated to the database!
>-#index_optimization_max_num_segments = 1
>-
>-# The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
>-# will be generated to warn the administrator about possible problems with the system. Default is 1 second.
>-#gc_warning_threshold = 1s
>-
>-# Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
>-#ldap_connection_timeout = 2000
>-
>-# Disable the use of SIGAR for collecting system stats
>-#disable_sigar = false
>-
>-# The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
>-#dashboard_widget_default_cache_time = 10s
>-
>-# Automatically load content packs in "content_packs_dir" on the first start of Graylog.
>-#content_packs_loader_enabled = true
>-
>-# The directory which contains content packs which should be loaded on the first start of Graylog.
>-#content_packs_dir = data/contentpacks
>-
>-# A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
>-# the first start of Graylog.
>-# Default: empty
>-content_packs_auto_load = grok-patterns.json
>-
>-# For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number
>-# of threads available for this. Increase it, if '/cluster/*' requests take long to complete.
>-# Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users.
>-proxied_requests_thread_pool_size = 32
>Index: sysutils/graylog/pkg-plist
>===================================================================
>--- sysutils/graylog/pkg-plist
>+++ sysutils/graylog/pkg-plist
>@@ -1,14 +1,8 @@
>-@sample(%%GRAYLOGUSER%%,%%GRAYLOGGROUP%%,440) %%ETCDIR%%/server/server.conf.sample
>-@sample(%%GRAYLOGUSER%%,%%GRAYLOGGROUP%%,440) %%ETCDIR%%/server/log4j2.xml.sample
>+@sample(%%GRAYLOGUSER%%,%%GRAYLOGGROUP%%,440) %%ETCDIR%%/graylog.conf.example
>+@sample(%%GRAYLOGUSER%%,%%GRAYLOGGROUP%%,440) %%ETCDIR%%/log4j2.xml.example
> %%DATADIR%%/graylog.jar
>-%%DATADIR%%/plugin/graylog-plugin-aws-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-beats-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-cef-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-collector-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-enterprise-integration-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-map-widget-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-netflow-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-pipeline-processor-%%PORTVERSION%%.jar
>-%%DATADIR%%/plugin/graylog-plugin-threatintel-%%PORTVERSION%%.jar
>+%%DATADIR%%/plugin/%%PORTNAME%%-plugin-aws-%%DISTVERSION%%.jar
>+%%DATADIR%%/plugin/%%PORTNAME%%-plugin-collector-%%DISTVERSION%%.jar
>+%%DATADIR%%/plugin/%%PORTNAME%%-plugin-threatintel-%%DISTVERSION%%.jar
> @dir(%%GRAYLOGUSER%%,%%GRAYLOGGROUP%%,440) %%GRAYLOG_DATA_DIR%%
> @dir(%%GRAYLOGUSER%%,%%GRAYLOGGROUP%%,440) %%GRAYLOG_LOGS_DIR%%

Actions: View | Diff

Attachments on bug 237485: 203911 | 203913 | 204045