Can't send logs to graylog2 docker container via HTTP endpoint


#1

Hello. I posted this question on stackoverflow already, but didn’t get any answers, so I’ll just copy/paste what I wrote there:

I have a running graylog2 docker container on a remote machine with ports 3000 and 12900 exposed (3000 routes to port 9000 within docker) and I can open graylog web UI on that port. So that works as expected. But for some reason I can’t add logs from outside the container. Running this from the cli WORKS from INSIDE the container, but DOESN’T WORK from OUTSIDE:

curl -XPOST http://localhost:3000/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}'

Running this command from outside the docker container I get:

{"type":"ApiError","message":"HTTP 404 Not Found"}

Edit: Found some information that this could possibly be solved by setting GRAYLOG_REST_TRANSPORT_URI to a public IP when running the docker container. Unfortunately when I start it like that, I run into another problem - can’t start any inputs to receive logs. Bind address: 0.0.0.0 Port: 3000 It throws:

Request to start input 'project' failed. Check your Graylog logs for more information.

Edit2: Moved my testing environment to a local machine, to rule out possible server misconfigurations. Getting same errors and same problems.

Edit3: Decided to test out the graylog1 docker image and with that one everything actually works as expected right off the bat! So as a backup I could use an old version, but I’d rather avoid that if possible.


(Jochen) #2

You have to start a GELF HTTP input to be able to receive GELF messages via HTTP.

The Graylog REST API does not provide this type of input.


#3

I did start a GELF HTTP input, that’s why the curl POST works from inside the container. But I can’t post to it from outside the container. Any ideas on that?


(Jochen) #4

You have to start the input on a network interface which is accessible from outside the Docker container and open the respective port.