Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I’ve enabled HTTPS on Graylog Open 6.1 by creating a self-signed Certificate. I’ve followed the guidelines from the following :
HTTPS
How-To Guide: Securing Graylog with TLS
For clarity I’m providing the following steps that I took for enabling HTTPS with a self-signed certificate.
Step 1 :
echo "[ req ]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = v3_req
[ dn ]
CN = Graylog Server
[ v3_req ]
subjectAltName = IP:10.35.4.20" > openssl-graylog.cnf
Step 2: openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config openssl-graylog.cnf -keyout pkcs5-plain.pem -out cert.pem
Step 3: openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem
Step 4: sudo mv cert.pem /etc/graylog/server/graylog.crt
sudo mv pkcs8-plain.pem /etc/graylog/server/graylog.key
Step 5: sudo chown graylog:graylog /etc/graylog/server/graylog.crt /etc/graylog/server/graylog.key
sudo chmod 644 /etc/graylog/server/graylog.crt
sudo chmod 600 /etc/graylog/server/graylog.key
Step 6: In the server.conf file the following changes have been made -
http_enable_tls = true
http_tls_cert_file = /etc/graylog/server/graylog.crt
http_tls_key_file = /etc/graylog/server/graylog.key
Step 7: systemctl restart graylog-server
Then I’ve installed Graylog Sidecar on Windows following the instructions from here
[Install Sidecar on Windows](Install Sidecar on Windows?
In the sidecar.yml I’ve also edited the following :
tls_skip_verify: true
After that when I tried to add an input for Beats with port 5044 selecting Global, it shows “0 Running”
2. Describe your environment:
-
OS Information: Red Hat Enterprise Linux release 9.5 (Plow)
-
Package Version:
MongoDB-org 7.0
Graylog-6.1 -
Service logs, configurations, and environment variables:
After adding a Beats I did a tail -f /var/log/graylog-server/server.log, this is the output :
This is the image of my inputs for Beats showing “0 running”
I also added another Beats inputs to my only node and the following screenshot of the web interface and the logs are below:
Log: As you can see it’s showing it’s running on the logs but the web interface is showing not running on the node.
3. What steps have you already taken to try and solve the problem?
I’m trying to figure out even what causing my inputs not to run. Previously I did not have OpenJDK installed. I have installed OpenJDK 17 now and I’m trying to see if I have to add my self signed certificate to JVM Trust Store or not? Is this problem related to certificate trust issue that is preventing the web interface from showing inputs as running?
4. How can the community help?
If the community can point out how to run Beats and troubleshoot why my inputs for Beats aren’t running on the web interface, I would really appreciate it. I’m trying to get windows log files on the Graylog server. I am also thinking that it could be a simple GUI issue. My inputs beats could be running but it’s not showing in the web interface.
Thank you in advance!
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]