Cannot access web interface for Graylog

I just installed Graylog and edited the server.conf to my liking, but I cannot access the web interface. I set an appropriate root password and secret and have the http bind address to 127.0.0.1:9000 so I can access Graylog from my other PC by that machine’s IPv4 address and I have port 9000 open to Graylog. Everytime I try to access it, it says it cannot be found in Google Chrome. I’ve even used pfSense to test the 9000 port and it’s saying that port 9000 isn’t active and listening on the Graylog server.

Is there something I’m missing here? It is not a firewall issue because I packet captured and I know for sure my packets are reaching the Graylog server fine.

127.0.0.1 is the loop-back address.

You will only be able to access the web interface from the host Graylog is running on.

So if, for example, that host’s IP is 192.168.0.54, should I put 192.168.0.54 as the http bind address? I’ve already tried that and I still couldn’t reach it.

http_bind_address should be set to whatever IP address you want graylog to listen on.

If you have it listening on its routeable IPv4 address and you still cannot access it, check the firewall configuration on the host.

I read that Ubuntu’s built-in firewall is disabled by default.

I’ll look some stuff up.

How have you set the system up? Is it running on a VM? Is it behind NAT?

Yes, running on a VM behind NAT, although it’s a server that rarely connects to the internet as it provides services onsite.

Just to be clear, I don’t mean NAT between the GL server and the internet - I mean NAT between the GL server and whatever host you’re trying to access the web interface from.

I don’t believe so. NAT is only being used for the internet, obviously. For our local network, we have subnets. I permit appropriate management traffic from our production subnet to our management subnet (which has the Graylog server).

OK so, I assume you have allowed traffic through any firewalls to the graylog server on 9000/tcp

Have you checked whether the port is showing as open after reconfiguring your http_bind_address and restarting GL?

If it isn’t, check on the GL host itself to make sure it is actually listening netstat -lntp or ss -lntp.

You can also check the graylog-server log file for any issues with tail -f /var/log/graylog-server/server.log

I checked again with pfSense and it cannot make a connection to that port, so it must still be closed.

Alright I’ll check netstat and the logs.

Wait… is MongoDB required for Graylog? I had issues installing it so I force installed it but it may not be installed correctly…

Graylog server.log:

ERROR [MongoConnectionProvider] Error connecting to MongoDB: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket}, caused by {java.net.ConnectException: Connection refused (Connection refused)}}]

netstat did not show port 9000 as being actively listened on

Mongodb is very much required for Graylog. Graylog will not work at all without it.

That will be your issue.

If you follow the step-by-step guide in the docs, you shouldn’t have any problems getting it up and running:
https://docs.graylog.org/en/3.2/pages/installation/os/ubuntu.html

Not sure how you tried installing MongoDB but, I’d apt purge whatever mongodb packages you installed and then go through the mongodb installation steps in the docs.

I reinstalled MongoDB but every time it starts it crashes with code=exited, status=100/n/a.

I’m looking solutions up online but so far none of them have worked. :confused:

Are there any errors in the mongod log file?

It should be located at: /var/log/mongodb/mongod.log

Cannot start server with an unknown storage engine: mmapv1

Quick google of that error message found a viable solution:

Worst case scenario, you could always just trash that VM and start fresh.

Okay I got MongoDB working by changing the storage engine to wiredTiger!
Here’s my solution on another post I made:

Thank you @Ponet for helping me! :slight_smile:

https://docs.graylog.org/en/3.2/pages/configuration/file_location.html

NEVERMIND I GOT IT! I just had to wait for Graylog to start up :joy: I cat the log file and it was sooooo long haha!

Finally. Thank you so much for helping me sir! :slight_smile: I’m so excited to dig in!

1 Like