I have created a AWS instance using the Graylog AMI in the AWS Market place. I have followed the instructions to the letter. I have also added firewall rule to allow port 9000.
The instance has been successfully spun up and I can connect to it via SSH and I can edit the config files as per the instructions.
I have used my AWS assigned public IP address and when I log on via chrome to “http://public--ip-address” i get a blank screen with the tab labelled Graylog Web Interface. If I try “http://public-ip-address:9000” I receive a “This site can’t be reached - connection refused” error message.
I have tried the same with the AWS domain names and the result is the same.
Web interface REST endpoint URI. Must be reachable from the user’s browser. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL heade$
Reading through the forum this has been a frequent issue but no examples of it on the AWS instance. Its a shame because I would have expected a marketplace instance to be trouble free.
Jan, here are the AMI details from AWS. Is this what you are looking for? If not tcan you tell me how I will determin teh version from teh command line as I am nit very familiar with Linux.
Today I have experimented with using the internal (Private) IPs (the one mentioned previously are the external (public) IPs, but I’m still getting the same results. I feel so close but I cannot fathom what’s wrong.
One thing I have noticed is that in some of the older posts there is something in the config file called the publish_api. This is not in the current config file, but then then it looks to me like current config file appears to have consolidated a number of things from previous versions.
I’ll check about the AMI - what region did you choose?
But my personal recommendation would be anyway to do a custom installation. This way you have knowledge about what is running in what version and what parts are essential.
I’ll take a look at the installation guide and see if I can start building. If I can get it working then it proves there’s something “odd” with the AMI.
Jan, thank you for this update. Good news! I used the links on Github and built a new AMI and was able to access the web GUI first time and login.
The Github AMI builder link is so cool!
For other readers reference the instructions are very good as long as you take your time and are prepared to jump back and forward to copy text (if you’re not an ubuntu person!).
I would add that referencing the Edit the Configuration File section in Docs » Installing Graylog » Operating System Packages » Ubuntu installation is very useful.
I am now having difficult ingesting logs but that is another thread.
So Jan, thanks for helping me out on this occasion. Much appreciated.
I think this thread can be closed.
Quick update. After 2 hours of tinkering and learning more ubuntu have now got my UDP ports permanently redirected and am ingesting syslogs!!
Can I add that when editing the /etc/graylog/server/server.conf, the bind address will be the AWS internal IP address, not the external/elastic/public one (if you have one configured). This is also the bind address that you configure in the Inputs.
Question: Why does the bind address in the input panel of the GUI always default to 0.0.0.0 even if you have another address configured into the config file?
the reason for using 0.0.0.0 as default is that it will bind to all available interfaces by default. That is something you need also in a cluster environment to be able to define a “global” input that is bound to all servers on the same port.
The recommendation is - if not needed different - bind the inputs to all interfaces.