Can't install any content packs

Graylog Add-ons
1

I am brand new to Graylog and trying to get it to connect to our schools firewall - Fortigate version 6.2.9
My graylog is v 4.2.2+9cf8667f
Linux ubuntu 20.04.3

I am trying to install two different content packs (just trying to get one to work) but have tried a bunch of others content packs that are not fortigate and same error. The two are (links)

same but on the market place

and

I get the “error importing content pack” make sure it is a valid JSON file… I have searched the internet for days and graylog doc and this support forum. There is nothing in my server.logs that I can see but will post it below. I am at a dead end. I have tried a bunch of things and it is just not working. Any help?

NOTE: There are some things on here that failed. That was just me trying anything to get it to work. But during this time, I was trying ot upload content packs and it was failing.

Caused by: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
2021-12-03T14:21:31.260-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now FAILED
2021-12-03T14:21:44.311-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now STOPPING
2021-12-03T14:21:44.313-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now STOPPED
2021-12-03T14:21:44.313-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now TERMINATED
2021-12-03T14:21:44.314-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now STARTING
2021-12-03T14:21:44.315-06:00 WARN [AbstractTcpTransport] Failed to start channel for input SyslogTCPInput{title=Fortigate, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=43503c07-5050-45ce-adec-d87a728536f2}
io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
2021-12-03T14:21:44.315-06:00 ERROR [InputLauncher] The [org.graylog2.inputs.syslog.tcp.SyslogTCPInput] input with ID <61aa7c4be6bc286a0eb9445b> misfired. Reason: bind(…) failed: Permission denied.
org.graylog2.plugin.inputs.MisfireException: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:158) ~[graylog.jar:?]
at org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
at org.graylog2.plugin.inputs.transports.AbstractTcpTransport.launch(AbstractTcpTransport.java:224) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:155) ~[graylog.jar:?]
… 7 more
Caused by: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
2021-12-03T14:21:44.316-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now FAILED
2021-12-07T08:03:37.347-06:00 INFO [AbstractRotationStrategy] Deflector index (index set <gl-failures_11>) should be rotated, Pointing deflector to new index now!
2021-12-07T08:03:37.348-06:00 INFO [MongoIndexSet] Cycling from <gl-failures_11> to <gl-failures_12>.
2021-12-07T08:03:37.348-06:00 INFO [MongoIndexSet] Creating target index <gl-failures_12>.
2021-12-07T08:03:37.348-06:00 ERROR [IndexRotationThread] Couldn’t point deflector to a new index
java.lang.IllegalStateException: No index template provider found for type ‘failures’
at org.graylog2.indexer.IndexMappingFactory.resolveIndexMappingTemplateProvider(IndexMappingFactory.java:58) ~[graylog.jar:?]
at org.graylog2.indexer.IndexMappingFactory.createIndexMapping(IndexMappingFactory.java:50) ~[graylog.jar:?]
at org.graylog2.indexer.indices.Indices.buildTemplate(Indices.java:208) ~[graylog.jar:?]
at org.graylog2.indexer.indices.Indices.create(Indices.java:191) ~[graylog.jar:?]
at org.graylog2.indexer.MongoIndexSet.cycle(MongoIndexSet.java:291) ~[graylog.jar:?]
at org.graylog2.indexer.rotation.strategies.AbstractRotationStrategy.rotate(AbstractRotationStrategy.java:79) ~[graylog.jar:?]
at org.graylog2.periodical.IndexRotationThread.checkForRotation(IndexRotationThread.java:113) ~[graylog.jar:?]
at org.graylog2.periodical.IndexRotationThread.lambda$doRun$0(IndexRotationThread.java:77) ~[graylog.jar:?]
at java.lang.Iterable.forEach(Iterable.java:75) [?:?]
at org.graylog2.periodical.IndexRotationThread.doRun(IndexRotationThread.java:73) [graylog.jar:?]
at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) [graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) [?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
2021-12-07T08:17:02.415-06:00 INFO [Server] SIGNAL received. Shutting down.
2021-12-07T08:17:02.416-06:00 INFO [GracefulShutdown] Graceful shutdown initiated.
2021-12-07T08:17:02.416-06:00 INFO [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2021-12-07T08:17:06.433-06:00 INFO [Buffers] Waiting until [INPUT, PROCESS, OUTPUT] buffers are empty.
2021-12-07T08:17:06.434-06:00 INFO [Buffers] All buffers are empty. Continuing.
2021-12-07T08:17:06.436-06:00 INFO [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2021-12-07T08:17:06.437-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2021-12-07T08:17:06.437-06:00 INFO [GracefulShutdownService] Running graceful shutdown for <1> shutdown hooks
2021-12-07T08:17:06.437-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
2021-12-07T08:17:06.437-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2021-12-07T08:17:06.437-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2021-12-07T08:17:06.437-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2021-12-07T08:17:06.438-06:00 INFO [GracefulShutdownService] Initiate shutdown for
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2021-12-07T08:17:06.438-06:00 INFO [GracefulShutdownService] Finished shutdown for , took 0 ms
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2021-12-07T08:17:06.438-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.TrafficCounterCalculator].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.TrafficCounterCalculator] complete, took <0ms>.
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical] complete, took <0ms>.
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp].
2021-12-07T08:17:06.439-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp] complete, took <0ms>.
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ESVersionCheckPeriodical].
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ESVersionCheckPeriodical] complete, took <0ms>.
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread].
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread] complete, took <0ms>.
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads].
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads] complete, took <0ms>.
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog.plugins.views.search.db.SearchesCleanUpJob].
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.views.search.db.SearchesCleanUpJob] complete, took <0ms>.
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog.events.periodicals.EventNotificationStatusCleanUp].
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog.events.periodicals.EventNotificationStatusCleanUp] complete, took <0ms>.
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2021-12-07T08:17:06.440-06:00 INFO [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2021-12-07T08:17:06.441-06:00 INFO [GracefulShutdown] Goodbye.
2021-12-07T08:17:06.441-06:00 INFO [FailureSubmissionQueue] [FailureHandlerService#triggerShutdown] Total number of submitted batches: 0 (0 failures), total number of consumed batches: 0 (0 failures)
2021-12-07T08:17:06.441-06:00 INFO [FailureHandlingService] The service’s thread has been interrupted. The queue currently contains 0 failure batches.
2021-12-07T08:17:06.442-06:00 INFO [JerseyService] Shutting down HTTP listener at <127.0.0.1:9000>
2021-12-07T08:17:06.443-06:00 INFO [LocalKafkaMessageQueueReader] Stopping.
2021-12-07T08:17:06.446-06:00 INFO [LogManager] Shutting down.
2021-12-07T08:17:06.447-06:00 INFO [LookupTableService] Cache watchlist-cache/6197f15b63d2ef4a88683c0e [@619e7148] STOPPING, was RUNNING
2021-12-07T08:17:06.450-06:00 INFO [LookupTableService] Cache watchlist-cache/6197f15b63d2ef4a88683c0e [@619e7148] TERMINATED, was STOPPING
2021-12-07T08:17:06.451-06:00 INFO [LookupDataAdapterRefreshService] Stopping 0 jobs
2021-12-07T08:17:06.467-06:00 INFO [LogManager] Shutdown complete.
2021-12-07T08:17:09.441-06:00 INFO [FailureHandlingService] Shutting down the service. Processed 0 remaining failure batches.
2021-12-07T08:17:09.441-06:00 INFO [FailureSubmissionQueue] [FailureHandlerService#shutDown] Total number of submitted batches: 0 (0 failures), total number of consumed batches: 0 (0 failures)
2021-12-07T08:17:09.442-06:00 INFO [ServiceManagerListener] Services are now stopped.
2021-12-07T08:17:10.624-06:00 INFO [ImmutableFeatureFlagsCollector] Following feature flags are used: {}
2021-12-07T08:17:11.074-06:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 4.2.2 [org.graylog.aws.AWSPlugin]
2021-12-07T08:17:11.074-06:00 INFO [CmdLineTool] Loaded plugin: Integrations 4.2.2 [org.graylog.integrations.IntegrationsPlugin]
2021-12-07T08:17:11.075-06:00 INFO [CmdLineTool] Loaded plugin: Collector 4.2.2 [org.graylog.plugins.collector.CollectorPlugin]
2021-12-07T08:17:11.075-06:00 INFO [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 4.2.2 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2021-12-07T08:17:11.076-06:00 INFO [CmdLineTool] Loaded plugin: Elasticsearch 6 Support 4.2.2+9cf867f [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin]
2021-12-07T08:17:11.076-06:00 INFO [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 4.2.2+9cf867f [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2021-12-07T08:17:11.087-06:00 INFO [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb
2021-12-07T08:17:11.158-06:00 INFO [Version] HV000001: Hibernate Validator null
2021-12-07T08:17:12.548-06:00 INFO [InputBufferImpl] Message journal is enabled.
2021-12-07T08:17:12.558-06:00 INFO [NodeId] Node ID: 43503c07-5050-45ce-adec-d87a728536f2
2021-12-07T08:17:12.657-06:00 INFO [LogManager] Loading logs.
2021-12-07T08:17:12.686-06:00 INFO [LogManager] Logs loading complete.
2021-12-07T08:17:12.688-06:00 INFO [LocalKafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2021-12-07T08:17:12.706-06:00 INFO [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout=‘30000 ms’, maxWaitQueueSize=5000}
2021-12-07T08:17:12.727-06:00 INFO [cluster] Cluster description not yet available. Waiting for 30000 ms before timing out
2021-12-07T08:17:12.739-06:00 INFO [connection] Opened connection [connectionId{localValue:1, serverValue:12}] to localhost:27017
2021-12-07T08:17:12.743-06:00 INFO [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[4, 0, 27]}, minWireVersion=0, maxWireVersion=7, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=1912795}
2021-12-07T08:17:12.751-06:00 INFO [connection] Opened connection [connectionId{localValue:2, serverValue:13}] to localhost:27017
2021-12-07T08:17:12.849-06:00 INFO [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy , running 2 parallel message handlers.
2021-12-07T08:17:13.091-06:00 INFO [ElasticsearchVersionProvider] Elasticsearch cluster is running v7.10.2
2021-12-07T08:17:13.438-06:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2021-12-07T08:17:13.481-06:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2021-12-07T08:17:13.487-06:00 INFO [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy .
2021-12-07T08:17:13.493-06:00 INFO [connection] Opened connection [connectionId{localValue:3, serverValue:14}] to localhost:27017
2021-12-07T08:17:13.501-06:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2021-12-07T08:17:13.513-06:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2021-12-07T08:17:13.525-06:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2021-12-07T08:17:13.538-06:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2021-12-07T08:17:13.891-06:00 INFO [ServerBootstrap] Graylog server 4.2.2+9cf867f starting up
2021-12-07T08:17:13.891-06:00 INFO [ServerBootstrap] JRE: Ubuntu 11.0.11 on Linux 5.4.0-91-generic
2021-12-07T08:17:13.891-06:00 INFO [ServerBootstrap] Deployment: deb
2021-12-07T08:17:13.891-06:00 INFO [ServerBootstrap] OS: Ubuntu 20.04.3 LTS (focal)
2021-12-07T08:17:13.891-06:00 INFO [ServerBootstrap] Arch: amd64
2021-12-07T08:17:13.906-06:00 INFO [PeriodicalsService] Starting 29 periodicals …
2021-12-07T08:17:13.907-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2021-12-07T08:17:13.912-06:00 INFO [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2021-12-07T08:17:13.922-06:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.AlertScannerThread] periodical. Not configured to run on this node.
2021-12-07T08:17:13.923-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2021-12-07T08:17:13.924-06:00 INFO [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2021-12-07T08:17:13.926-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2021-12-07T08:17:13.934-06:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not configured to run on this node.
2021-12-07T08:17:13.934-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2021-12-07T08:17:13.935-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2021-12-07T08:17:13.939-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2021-12-07T08:17:13.942-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2021-12-07T08:17:13.945-06:00 INFO [connection] Opened connection [connectionId{localValue:4, serverValue:15}] to localhost:27017
2021-12-07T08:17:13.947-06:00 WARN [LookupTableService] Unable to load data adapter watchlist-mongo of type mongodb, missing a factory. Is a required plugin missing?
2021-12-07T08:17:13.948-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2021-12-07T08:17:13.953-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2021-12-07T08:17:13.957-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2021-12-07T08:17:13.958-06:00 INFO [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2021-12-07T08:17:13.960-06:00 INFO [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2021-12-07T08:17:13.962-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2021-12-07T08:17:13.964-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2021-12-07T08:17:13.968-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2021-12-07T08:17:13.971-06:00 INFO [connection] Opened connection [connectionId{localValue:5, serverValue:16}] to localhost:27017
2021-12-07T08:17:13.979-06:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2021-12-07T08:17:13.979-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2021-12-07T08:17:13.983-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2021-12-07T08:17:13.987-06:00 INFO [Periodicals] Starting [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical] periodical in [0s], polling every [3600s].
2021-12-07T08:17:13.990-06:00 INFO [Periodicals] Starting [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp] periodical in [120s], polling every [86400s].
2021-12-07T08:17:13.997-06:00 INFO [Periodicals] Starting [org.graylog2.periodical.ESVersionCheckPeriodical] periodical in [0s], polling every [30s].
2021-12-07T08:17:14.000-06:00 INFO [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread] periodical in [0s], polling every [600s].
2021-12-07T08:17:14.005-06:00 INFO [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads] periodical in [0s], polling every [600s].
2021-12-07T08:17:14.007-06:00 INFO [Periodicals] Starting [org.graylog.plugins.views.search.db.SearchesCleanUpJob] periodical in [3600s], polling every [28800s].
2021-12-07T08:17:14.009-06:00 INFO [Periodicals] Starting [org.graylog.events.periodicals.EventNotificationStatusCleanUp] periodical in [120s], polling every [86400s].
2021-12-07T08:17:14.009-06:00 INFO [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2021-12-07T08:17:14.009-06:00 INFO [LookupTableService] Cache watchlist-cache/6197f15b63d2ef4a88683c0e [@2087da9f] STARTING
2021-12-07T08:17:14.013-06:00 INFO [LookupTableService] Cache watchlist-cache/6197f15b63d2ef4a88683c0e [@2087da9f] RUNNING
2021-12-07T08:17:14.022-06:00 WARN [LookupTableService] Lookup table watchlist is referencing a missing data adapter 6197f15b63d2ef4a88683c0c, check if it started properly.
2021-12-07T08:17:14.268-06:00 INFO [AbstractRotationStrategy] Deflector index (index set <gl-failures_11>) should be rotated, Pointing deflector to new index now!
2021-12-07T08:17:14.277-06:00 INFO [MongoIndexSet] Cycling from <gl-failures_11> to <gl-failures_12>.
2021-12-07T08:17:14.277-06:00 INFO [MongoIndexSet] Creating target index <gl-failures_12>.
2021-12-07T08:17:14.280-06:00 ERROR [IndexRotationThread] Couldn’t point deflector to a new index
java.lang.IllegalStateException: No index template provider found for type ‘failures’
at org.graylog2.indexer.IndexMappingFactory.resolveIndexMappingTemplateProvider(IndexMappingFactory.java:58) ~[graylog.jar:?]
at org.graylog2.indexer.IndexMappingFactory.createIndexMapping(IndexMappingFactory.java:50) ~[graylog.jar:?]
at org.graylog2.indexer.indices.Indices.buildTemplate(Indices.java:208) ~[graylog.jar:?]
at org.graylog2.indexer.indices.Indices.create(Indices.java:191) ~[graylog.jar:?]
at org.graylog2.indexer.MongoIndexSet.cycle(MongoIndexSet.java:291) ~[graylog.jar:?]
at org.graylog2.indexer.rotation.strategies.AbstractRotationStrategy.rotate(AbstractRotationStrategy.java:79) ~[graylog.jar:?]
at org.graylog2.periodical.IndexRotationThread.checkForRotation(IndexRotationThread.java:113) ~[graylog.jar:?]
at org.graylog2.periodical.IndexRotationThread.lambda$doRun$0(IndexRotationThread.java:77) ~[graylog.jar:?]
at java.lang.Iterable.forEach(Iterable.java:75) [?:?]
at org.graylog2.periodical.IndexRotationThread.doRun(IndexRotationThread.java:73) [graylog.jar:?]
at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) [graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) [?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
2021-12-07T08:17:15.157-06:00 INFO [JerseyService] Started REST API at <127.0.0.1:9000>
2021-12-07T08:17:15.157-06:00 INFO [ServiceManagerListener] Services are healthy
2021-12-07T08:17:15.158-06:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2021-12-07T08:17:15.158-06:00 INFO [ServerBootstrap] Services started, startup times in ms: {FailureHandlingService [RUNNING]=1, GracefulShutdownService [RUNNING]=1, InputSetupService [RUNNING]=2, JobSchedulerService [RUNNING]=4, EtagService [RUNNING]=4, OutputSetupService [RUNNING]=8, LocalKafkaMessageQueueWriter [RUNNING]=11, BufferSynchronizerService [RUNNING]=12, ConfigurationEtagService [RUNNING]=12, UrlWhitelistService [RUNNING]=14, LocalKafkaMessageQueueReader [RUNNING]=16, MongoDBProcessingStatusRecorderService [RUNNING]=16, PrometheusExporter [RUNNING]=17, UserSessionTerminationService [RUNNING]=18, LocalKafkaJournal [RUNNING]=27, StreamCacheService [RUNNING]=59, LookupTableService [RUNNING]=100, PeriodicalsService [RUNNING]=108, JerseyService [RUNNING]=1250}
2021-12-07T08:17:15.160-06:00 INFO [ServerBootstrap] Graylog server up and running.
2021-12-07T08:17:15.190-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now STARTING
2021-12-07T08:17:15.246-06:00 WARN [AbstractTcpTransport] Failed to start channel for input SyslogTCPInput{title=Fortigate, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=43503c07-5050-45ce-adec-d87a728536f2}
io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
2021-12-07T08:17:15.247-06:00 ERROR [InputLauncher] The [org.graylog2.inputs.syslog.tcp.SyslogTCPInput] input with ID <61aa7c4be6bc286a0eb9445b> misfired. Reason: bind(…) failed: Permission denied.
org.graylog2.plugin.inputs.MisfireException: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:158) ~[graylog.jar:?]
at org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
at org.graylog2.plugin.inputs.transports.AbstractTcpTransport.launch(AbstractTcpTransport.java:224) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:155) ~[graylog.jar:?]
… 7 more
Caused by: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
2021-12-07T08:17:15.249-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now FAILED
2021-12-07T08:39:42.845-06:00 INFO [connection] Opened connection [connectionId{localValue:6, serverValue:17}] to localhost:27017
2021-12-07T08:39:50.456-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now STOPPING
2021-12-07T08:39:50.464-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now STOPPED
2021-12-07T08:39:50.464-06:00 INFO [InputStateListener] Input [Syslog TCP/61aa7c4be6bc286a0eb9445b] is now TERMINATED
2021-12-07T09:01:59.220-06:00 INFO [connection] Opened connection [connectionId{localValue:7, serverValue:18}] to localhost:27017
2021-12-07T09:14:54.351-06:00 INFO [connection] Opened connection [connectionId{localValue:9, serverValue:21}] to localhost:27017
2021-12-07T09:14:54.351-06:00 INFO [connection] Opened connection [connectionId{localValue:10, serverValue:19}] to localhost:27017
2021-12-07T09:14:54.351-06:00 INFO [connection] Opened connection [connectionId{localValue:8, serverValue:20}] to localhost:27017
2021-12-07T09:14:54.352-06:00 INFO [InputStateListener] Input [Syslog TCP/61af7a6e3530dd092dfc2d18] is now STARTING
2021-12-07T09:14:54.356-06:00 INFO [InputStateListener] Input [Syslog TCP/61af7a6e3530dd092dfc2d18] is now RUNNING
2021-12-07T09:14:54.361-06:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=Fortinet, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=43503c07-5050-45ce-adec-d87a728536f2} (channel [id: 0xa3290146, L:/0:0:0:0:0:0:0:0%0:1050]) should be >= 1048576 but is 425984.
2021-12-07T09:20:39.268-06:00 WARN [IndexFieldTypePollerPeriodical] Active write index for index set “Fortigate” (61af7bc73530dd092dfc2e91) doesn’t exist yet
2021-12-07T09:20:43.942-06:00 INFO [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.
2021-12-07T09:20:43.949-06:00 INFO [MongoIndexSet] Did not find a deflector alias. Setting one up now.
2021-12-07T09:20:43.950-06:00 INFO [MongoIndexSet] There is no index target to point to. Creating one now.
2021-12-07T09:20:43.951-06:00 INFO [MongoIndexSet] Cycling from to <fortigate_0>.
2021-12-07T09:20:43.951-06:00 INFO [MongoIndexSet] Creating target index <fortigate_0>.
2021-12-07T09:20:44.186-06:00 INFO [MongoIndexSet] Waiting for allocation of index <fortigate_0>.
2021-12-07T09:20:44.190-06:00 INFO [MongoIndexSet] Index <fortigate_0> has been successfully allocated.
2021-12-07T09:20:44.191-06:00 INFO [MongoIndexSet] Pointing index alias <fortigate_deflector> to new index <fortigate_0>.
2021-12-07T09:20:44.228-06:00 INFO [MongoIndexSet] Successfully pointed index alias <fortigate_deflector> to index <fortigate_0>.

2

Hello @Cheeseman1969

It seems that you have a lot going on. “Less is more.”

I’m going to try to pick out what I can see.
Please format you log files when you post them. Most community members will pass by this post for the simple fact its very hard to read.
Just an FYI , I have multiple Fortinet 200D Firewalls and we do not use none of those content packs but its harder to configure for sure.

First, looks like your INPUT Failed and It looks like you have a permission issues.

Second, Looks like you don’t have GEO database installed.

Third, seams like you have an issue with you index template.

Troubleshooting:

Remove anything prior to these other content packs if possible. The try installing
try installing ONE content pack and see if it works.

Once its running and your receiving data then try the other ones you want, but I think those two are conflicting each other. Might want to check that to.

Last but not least, Did you see this. Perhaps that might be an issue with what version your using.

Tested with Fortigate 601E FortiOs V6.4.4 build 1803 and graylog 4.0.2

have you tried to just create a INPUT Syslog/UDP or Raw/Plaintext UDP? and see if you get messages first before install all these content packs?

For example I run Raw/Plaintext UDP for my Firewalls.

image
image565×688 35.8 KB

And I do have some extractors which creates fields I need.

image
image619×732 37.2 KB

I understand the uploading of these content packs are handy specially if your new. Like I stated do one thing at a time get it to work correctly then move on to the other projects.
For a better understand please have a look here. This will help us, help you.

1 Like
3

Gsmith - Thanks for the help. I will look at that stuff and see what I come up with. I am pretty sure that some of these failures was other things that I was trying. Right now I have a clean system and not input anything. Again thanks for the help. Once I find out something, I will post here for the group and future to help other people out.

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.