All,
I came across a warning when I clicked on " Show received messages" on any of my INPUTS and it redirect me to the Search page.
I’m unable to click on the Green search button for that input.
My work around is select " Preset Times.
I just applied Updates last Thursday.
Updates that were applied
package_updates_applied
[root@graylog graylog-server]# grep Updated: /var/log/yum.log | tail -25
Jan 14 23:49:05 Updated: cronie-1.4.11-24.el7_9.x86_64
Jan 14 23:49:05 Updated: systemd-sysv-219-78.el7_9.5.x86_64
Jan 14 23:49:05 Updated: systemd-python-219-78.el7_9.5.x86_64
Jan 14 23:49:05 Updated: libgudev1-219-78.el7_9.5.x86_64
Jan 14 23:49:05 Updated: unzip-6.0-24.el7_9.x86_64
Jan 27 20:19:39 Updated: 1:openssl-libs-1.0.2k-24.el7_9.x86_64
Jan 27 20:19:39 Updated: 1:openssl-1.0.2k-24.el7_9.x86_64
Jan 27 20:19:40 Updated: mongodb-org-database-tools-extra-4.4.12-1.el7.x86_64
Jan 27 20:19:40 Updated: mongodb-org-tools-4.4.12-1.el7.x86_64
Jan 27 20:19:45 Updated: mongodb-org-server-4.4.12-1.el7.x86_64
Jan 27 20:19:48 Updated: mongodb-org-shell-4.4.12-1.el7.x86_64
Jan 27 20:19:52 Updated: mongodb-org-mongos-4.4.12-1.el7.x86_64
Jan 27 20:19:53 Updated: httpd-tools-2.4.6-97.el7.centos.4.x86_64
Jan 27 20:19:54 Updated: httpd-2.4.6-97.el7.centos.4.x86_64
Jan 27 20:19:56 Updated: kernel-tools-libs-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:20:00 Updated: kernel-tools-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:20:00 Updated: 1:mod_ssl-2.4.6-97.el7.centos.4.x86_64
Jan 27 20:20:00 Updated: mongodb-org-4.4.12-1.el7.x86_64
Jan 27 20:20:03 Updated: 1:openssl-devel-1.0.2k-24.el7_9.x86_64
Jan 27 20:20:07 Updated: python-perf-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:20:37 Updated: polkit-0.112-26.el7_9.1.x86_64
Jan 27 20:20:51 Updated: kernel-headers-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:21:40 Updated: grafana-8.3.4-1.x86_64
Jan 31 22:53:22 Updated: 1:java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64
Jan 31 22:53:23 Updated: 1:java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64
[root@graylog graylog-server]#
My Environment:
- CentOS 7 OS
- Graylog 4.2.5+59802bf
Elasticsearch
{
“name” : “graylog.enseva-labs.net”,
“cluster_name” : “graylog”,
“cluster_uuid” : “OMgi3eu5QGiJ3buKOYn4_w”,
“version” : {
“number” : “7.10.2”,
“build_flavor” : “oss”,
“build_type” : “rpm”,
“build_hash” : “747e1cc71def077253878a59143c1f785afa92b9”,
“build_date” : “2021-01-13T00:42:12.435326Z”,
“build_snapshot” : false,
“lucene_version” : “8.7.0”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
MongDb
db version v4.4.12
Build Info: {
“version”: “4.4.12”,
“gitVersion”: “51475a8c4d9856eb1461137e7539a0a763cc85dc”,
“openSSLVersion”: “OpenSSL 1.0.1e-fips 11 Feb 2013”,
“modules”: ,
“allocator”: “tcmalloc”,
“environment”: {
“distmod”: “rhel70”,
“distarch”: “x86_64”,
“target_arch”: “x86_64”
}
}
I’ll be honest, not sure if I did this myself, something new I don’t know about or it happened a while ago.
To recreate this, I navigated to any INPUT and clicked on Show Received Messages button.
Is it just me or does anyone know?
Logs
GL-logs
2022-01-31T21:45:34.957-06:00 INFO [AbstractTcpTransport] Enabled TLS for input [GELF TCP/5a62903bffe8b1e04bd2fe89]. key-file="/etc/graylog/graylog3-key.pem" cert-file="/etc/graylog/graylog3-certificate.pem"
2022-01-31T21:45:34.957-06:00 INFO [InputStateListener] Input [Raw/Plaintext UDP/5e9f732383d72e05f668a26d] is now STARTING
2022-01-31T21:45:34.959-06:00 INFO [InputStateListener] Input [Beats/619318e9d1f2fd03dc7b4b4c] is now STARTING
2022-01-31T21:45:34.965-06:00 INFO [InputStateListener] Input [NetFlow UDP/61930ee96cfcf9713fe14bf2] is now STARTING
2022-01-31T21:45:35.279-06:00 INFO [InputStateListener] Input [Beats/619318e9d1f2fd03dc7b4b4c] is now RUNNING
2022-01-31T21:45:35.300-06:00 INFO [InputStateListener] Input [GELF TCP/5a62903bffe8b1e04bd2fe89] is now RUNNING
2022-01-31T21:45:35.317-06:00 INFO [InputStateListener] Input [GELF TCP/5e265ada83d72ec570ab5fe2] is now RUNNING
2022-01-31T21:45:35.378-06:00 INFO [InputStateListener] Input [Raw/Plaintext UDP/5e9f732383d72e05f668a26d] is now RUNNING
2022-01-31T21:45:35.385-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x591acb01, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.385-06:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input Beats2Input{title= Beats, type=org.graylog.plugins.beats.Beats2Input, nodeId=null} (channel [id: 0x09a46d84, L:/0:0:0:0:0:0:0:0%0:5044]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x916a3897, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x35268920, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xec839cbc, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x6ff0be75, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xf0c997cf, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x5d461ce1, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x25e6091b, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Linux Secure System, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=null} (channel [id: 0x71d3c125, L:/0:0:0:0:0:0:0:0%0:51411]) should be >= 1058576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x57ce1e06, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x8b9450c1, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Windows System Secure, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=null} (channel [id: 0xb3dbc0c2, L:/0:0:0:0:0:0:0:0%0:51412]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.399-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xd82c9f49, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.399-06:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xfc563139, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.400-06:00 INFO [InputStateListener] Input [Raw/Plaintext UDP/5a6965ef83d72e84ac7ca99b] is now RUNNING
2022-01-31T21:45:35.446-06:00 INFO [InputStateListener] Input [NetFlow UDP/61930ee96cfcf9713fe14bf2] is now RUNNING
2022-01-31T21:45:40.313-06:00 INFO [connection] Opened connection [connectionId{localValue:12, serverValue:134}] to localhost:27017
2022-01-31T21:45:41.588-06:00 INFO [connection] Opened connection [connectionId{localValue:13, serverValue:135}] to localhost:27017
2022-01-31T21:45:41.766-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T21:50:12.885-06:00 INFO [connection] Opened connection [connectionId{localValue:14, serverValue:136}] to localhost:27017
2022-01-31T22:32:04.913-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:05.081-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:08.963-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:43.504-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:43.667-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:47.277-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:19.262-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.453-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.541-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.568-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.816-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.860-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:27.203-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:27.473-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:29.292-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:39.473-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
Not seeing anything in Elasticsearch and MongoDb logs.
I did find something weird when I check Graylog service status
[root@graylog graylog-server]# systemctl status graylog-server -l
● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-01-31 21:45:08 CST; 1h 43min ago
Docs: http://docs.graylog.org/
Main PID: 120429 (graylog-server)
CGroup: /system.slice/graylog-server.service
├─120429 /bin/sh /usr/share/graylog-server/bin/graylog-server
└─120479 /usr/bin/java -Xms3g -Xmx3g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -jar -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm /usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np
Jan 31 21:45:08 graylog.domain.com systemd[1]: Started Graylog server.
Jan 31 21:45:11 graylog.domain.com graylog-server[120429]: 2022-01-31 21:45:11,420 main ERROR appender File has no parameter that matches element Policies
Jan 31 21:45:11 ggraylog.domain.com graylog-server[120429]: 2022-01-31 21:45:11,447 main ERROR Unable to locate appender "STDOUT" for logger config "org.graylog2.rest.accesslog"
Jan 31 22:32:00 graylog.domain.com graylog-server[120429]: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
Jan 31 22:32:00 graylog.domain.com graylog-server[120429]: SLF4J: Defaulting to no-operation (NOP) logger implementation
Jan 31 22:32:00 graylog.domain.com graylog-server[120429]: SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
I’m actual looking into that link shown above , but I figured I post this incase someone else may run into this.