Config for NXLOG and INPUT on SSL/TLS

Graylog Central (peer support)
, ,
1

Hello,

I need to encrypt the flow of logs to Graylog to do this I do (I am not comfortable with the certificates ):

I generate a certificate with the script to jan and I added it on the JVM store I now have as certificate::

logssl.pkcs8-plain.key.pem  logssl.pkcs8-encrypted.key.pem  logssl.cert.pem  logssl.pkcs5-plain.key.pem
what is my 
TLS private key file: for me is that /etc/graylog/server/certfiles/log/logssl.cert.pem
TLS cert file : for me is that /etc/graylog/server/certfiles/log/logssl.pkcs8-plain.key.pem
TLS Client Auth Trusted Certs : is a CA certificat if I'm not wrong I don't have one ?

my input graylog

bind_address:
 0.0.0.0
decompress_size_limit:
 8388608
max_message_size:
 2097152
override_source:
 <empty>
port:
 12201
recv_buffer_size:
 1048576
tcp_keepalive:
 false
tls_cert_file:
 /etc/graylog/server/certfiles/https/logssl.cert.pem
tls_client_auth:
 disabled
tls_client_auth_cert_file:
 /etc/graylog/server/certfiles/log/logssl.cert.pem
tls_enable:
 true
tls_key_file:
 /etc/graylog/server/certfiles/log/logssl.pkcs8-plain.key.pem
tls_key_password:
use_null_delimiter:
 true

my conf nxlog

<Output out>
    Module      om_ssl
    Host        192.168.10.1
    Port        12201
    Exec        to_syslog_snare();
    OutputType  GELF_TCP
    CertFile    %CERT%\logssl.cert.pem
    CertKeyFile %CERT%\logssl.pkcs8-encrypted.key.pem
    KeyPass         secretpassword
</Output>

<Route 1>
    Path        in => out
</Route>

log nxlog

2018-06-05 16:47:21 INFO reconnecting in 1 seconds
2018-06-05 16:47:22 INFO connecting to 192.168.10.1:12201
2018-06-05 16:47:22 INFO successfully connected to 192.168.10.1:12201
2018-06-05 16:47:22 INFO reconnecting in 1 seconds
2018-06-05 16:47:23 INFO connecting to 192.168.10.1:12201
2018-06-05 16:47:23 INFO successfully connected to 192.168.10.1:12201
2018-06-05 16:47:23 INFO reconnecting in 1 seconds
2018-06-05 16:47:24 INFO connecting to 192.168.10.1:12201

Log graylog


2018-06-05T16:51:04.751+02:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
java.io.IOException: overrun, bytes = 611
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_161]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec(KeyUtil.java:181) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java:154) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java:118) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:205) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-05T16:51:05.946+02:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
java.io.IOException: overrun, bytes = 611
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_161]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec(KeyUtil.java:181) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java:154) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java:118) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:205) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]

did you have any idea of ​​what I’m doing wrong

best regards

2

The private key is invalid or the password is wrong.

3

I have try wtih the certificat for got my https Web i got the same error

log graylog

2018-06-06T11:22:00.481+02:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
java.io.IOException: overrun, bytes = 1195
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_161]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec(KeyUtil.java:181) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java:154) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java:118) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:205) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-06T11:22:01.539+02:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
java.io.IOException: overrun, bytes = 1195
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_161]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec(KeyUtil.java:181) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java:154) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java:118) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:205) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
4

Probably for the same reasons:

The private key is invalid or the password is wrong.

5

I had the https on my web interface if the password was bad or the certificate invalid the https was not working right?
I’ll look :slight_smile:

6

jochen,
Nxlog community send log just on tls 1.0, that can be for that the private key is invalid no ?

7

No. That’s not the reason.

The error already occurs when trying to read and parse the configured private key.

8

Ok i will go retry to do one other certificat,

I have one other question, i adding my certificat on JVM trust store on:
/usr/lib/jvm/jre-openjdk/lib/security/cacerts

but I’m not sure it’s the right path because I have a lot of other path with the same end like this:

/usr/lib/jvm/jre-1.8.0-openjdk/lib/security/cacerts
/usr/lib/jvm/jre-1.8.0/lib/security/cacerts
and more …

it’s for just be sure the problèmes dont come to here.

Thank you.

9

That’s not the problem. The problem is the private key.

10

Ok I’ll do research to verify the key

11

My nxlog is installed on post on windows i need to get format pkcs12 for the cert and key ?

12

Hey,
i got that on log now :

2018-06-11T10:17:44.277+02:00 INFO  [AbstractTcpTransport] Enabled TLS for input [GELF TCP/5addd43c61a3b40447d3a5f1]. key-file="/etc/graylog/server/certfiles/https/https.pkcs8-encrypted.key.pem" cert-file="/etc/graylog/server/certfiles/https/https.cert.pem"
2018-06-11T10:17:44.280+02:00 WARN  [NettyTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Windows, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=c910ac4e-778c-4485-bcda-3aa3f93a0580} should be 1048576 but is 212992.
2018-06-11T10:17:44.284+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now STOPPING
2018-06-11T10:17:44.285+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now TERMINATED
2018-06-11T10:17:44.285+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now STOPPED
2018-06-11T10:17:44.285+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now RUNNING
2018-06-11T10:17:44.286+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now STARTING
2018-06-11T10:18:49.406+02:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records
2018-06-11T10:23:49.405+02:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records
13

Please refer to http://docs.graylog.org/en/2.4/pages/enterprise/setup.html#license-verification.

14

I have this warn now in the logs

2018-06-11T11:02:49.428+02:00 WARN  [ProxiedResource] Unable to call https://192.168.10.1:9000/api/system on node <c910ac4e-778c-4485-bcda-3aa3f93a0580>
java.net.SocketTimeoutException: timeout
        at okio.Okio$4.newTimeoutException(Okio.java:230) ~[graylog.jar:?]
        at okio.AsyncTimeout.exit(AsyncTimeout.java:285) ~[graylog.jar:?]
        at okio.AsyncTimeout$2.read(AsyncTimeout.java:241) ~[graylog.jar:?]
        at okio.RealBufferedSource.indexOf(RealBufferedSource.java:345) ~[graylog.jar:?]
        at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:217) ~[graylog.jar:?]
        at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:211) ~[graylog.jar:?]
        at okhttp3.internal.http1.Http1Codec.readResponseHeaders(Http1Codec.java:187) ~[graylog.jar:?]
        at okhttp3.internal.http.CallServerInterceptor.intercept(CallServerInterceptor.java:88) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:45) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:77) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.net.SocketException: Socket closed
        at java.net.SocketInputStream.read(SocketInputStream.java:204) ~[?:1.8.0_161]
        at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_161]
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) ~[?:1.8.0_161]
        at sun.security.ssl.InputRecord.read(InputRecord.java:503) ~[?:1.8.0_161]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983) ~[?:1.8.0_161]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:940) ~[?:1.8.0_161]
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) ~[?:1.8.0_161]
        at okio.Okio$2.read(Okio.java:139) ~[graylog.jar:?]
        at okio.AsyncTimeout$2.read(AsyncTimeout.java:237) ~[graylog.jar:?]

Log are send in ssl and i can access on my web interface

15

What’s the complete configuration of your Graylog node(s)?
Are you using any load-balancer or revers proxy in front of your Graylog node(s)?

16

I got just one node.
MongoDB, elasticsearch and graylog are on the same server.
And i dont use load-balancer or revers proxy in front of my graylog node.

server.conf



rest_listen_uri = https://192.168.10.1:9000/api/
rest_transport_uri = https://192.168.10.1:9000/api/
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/certfiles/https/https.cert.pem
rest_tls_key_file = /etc/graylog/server/certfiles/https/https.pkcs8-encrypted.key.pem
rest_tls_key_password = passwod


web_listen_uri = https://192.168.10.1:9000/
web_enable_tls = true
web_tls_cert_file = /etc/graylog/server/certfiles/https/https.cert.pem
web_tls_key_file = /etc/graylog/server/certfiles/https/https.pkcs8-encrypted.key.pem
web_tls_key_password = password
17

I have restart the service and the serveur now that in my log :

2018-06-11T11:40:21.047+02:00 INFO  [Server] SIGNAL received. Shutting down.
2018-06-11T11:40:21.149+02:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2018-06-11T11:40:21.149+02:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2018-06-11T11:40:25.237+02:00 INFO  [InputSetupService] Attempting to close input <org.graylog2.inputs.gelf.tcp.GELFTCPInput.5addd43c61a3b40447d3a5f1> [GELF TCP].
2018-06-11T11:40:25.262+02:00 INFO  [InputSetupService] Input <org.graylog2.inputs.gelf.tcp.GELFTCPInput.5addd43c61a3b40447d3a5f1> closed. Took [24ms]
2018-06-11T11:40:25.262+02:00 INFO  [InputSetupService] Attempting to close input <org.graylog2.inputs.syslog.tcp.SyslogTCPInput.5addde8e61a3b40f11d66023> [Syslog TCP].
2018-06-11T11:40:25.318+02:00 INFO  [InputSetupService] Input <org.graylog2.inputs.syslog.tcp.SyslogTCPInput.5addde8e61a3b40f11d66023> closed. Took [55ms]
2018-06-11T11:40:25.390+02:00 INFO  [Buffers] Waiting until all buffers are empty.
2018-06-11T11:40:25.396+02:00 INFO  [Buffers] All buffers are empty. Continuing.
2018-06-11T11:40:25.396+02:00 INFO  [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.AlertScannerThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>.
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2018-06-11T11:40:25.396+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.TrafficCounterCalculator].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.TrafficCounterCalculator] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.license.LicenseManagerPeriodical].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.license.LicenseManagerPeriodical] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.license.LicenseReportPeriodical].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.license.LicenseReportPeriodical] complete, took <0ms>.
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2018-06-11T11:40:25.397+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2018-06-11T11:40:25.398+02:00 INFO  [GracefulShutdown] Goodbye.
2018-06-11T11:40:25.399+02:00 INFO  [JerseyService] Shutting down HTTP listener at <https://192.168.10.1:9000/api/>
2018-06-11T11:40:25.399+02:00 INFO  [JournalReader] Stopping.
2018-06-11T11:40:25.401+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@576cda4e] STOPPING, was RUNNING
2018-06-11T11:40:25.401+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@576cda4e] TERMINATED, was STOPPING
2018-06-11T11:40:25.401+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@25974a8e] STOPPING, was RUNNING
2018-06-11T11:40:25.401+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@25974a8e] TERMINATED, was STOPPING
2018-06-11T11:40:25.401+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@737a9463] STOPPING, was RUNNING
2018-06-11T11:40:25.402+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@22b4440c] STOPPING, was RUNNING
2018-06-11T11:40:25.403+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@ec64761] STOPPING, was RUNNING
2018-06-11T11:40:25.403+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@737a9463] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@ec64761] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@22b4440c] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5c22ed86] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5c22ed86] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@2a227ae2] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@2a227ae2] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@4b6e8181] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@4b6e8181] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@2607fbbe] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@2607fbbe] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@1dd0db50] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@1dd0db50] TERMINATED, was STOPPING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@7c353de7] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@3a1bed05] STOPPING, was RUNNING
2018-06-11T11:40:25.422+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@7c353de7] TERMINATED, was STOPPING
2018-06-11T11:40:25.423+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@3a1bed05] TERMINATED, was STOPPING
2018-06-11T11:40:25.423+02:00 INFO  [LookupDataAdapterRefreshService] Stopping 0 jobs
2018-06-11T11:40:25.458+02:00 INFO  [LogManager] Shutting down.
2018-06-11T11:40:25.580+02:00 INFO  [LogManager] Shutdown complete.
2018-06-11T11:40:25.580+02:00 INFO  [NetworkListener] Stopped listener bound to [192.168.10.1:9000
2018-06-11T11:40:25.581+02:00 WARN  [ProxiedResource] Unable to call https:// 192.168.10.1:9000/api/system/inputstates on node <c910ac4e-778c-4485-bcda-3aa3f93a0580>
java.io.IOException: unexpected end of stream on Connection{192.168.10.1:9000, proxy=DIRECT hostAddress=/192.168.10.1:9000cipherSuite=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA protocol=http/1.1}
        at okhttp3.internal.http1.Http1Codec.readResponseHeaders(Http1Codec.java:203) ~[graylog.jar:?]
        at okhttp3.internal.http.CallServerInterceptor.intercept(CallServerInterceptor.java:88) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:45) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:77) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.io.EOFException: \n not found: limit=0 content=…
        at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:227) ~[graylog.jar:?]
        at okio.RealBufferedSource.readUtf8LineStrict(RealBufferedSource.java:211) ~[graylog.jar:?]
        at okhttp3.internal.http1.Http1Codec.readResponseHeaders(Http1Codec.java:187) ~[graylog.jar:?]
        ... 24 more
2018-06-11T11:40:25.597+02:00 INFO  [ServiceManagerListener] Services are now stopped.
2018-06-11T11:40:25.606+02:00 WARN  [ProxiedResource] Unable to call https://192.168.10.1:9000/api/system/metrics/multiple on node <c910ac4e-778c-4485-bcda-3aa3f93a0580>
java.net.ConnectException: Failed to connect to /192.168.10.1:9000
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:240) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:158) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:77) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.net.ConnectException: Connexion refusée (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_161]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_161]
        at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_161]
        at okhttp3.internal.platform.Platform.connectSocket(Platform.java:125) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:238) ~[graylog.jar:?]
        ... 26 more
2018-06-11T11:40:25.606+02:00 WARN  [ProxiedResource] Unable to call https:// 192.168.10.1:9000/api/system/inputstates on node <c910ac4e-778c-4485-bcda-3aa3f93a0580>
java.net.ConnectException: Failed to connect to /192.168.10.1:9000
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:240) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:158) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:77) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.net.ConnectException: Connexion refusée (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_161]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_161]
        at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_161]
        at okhttp3.internal.platform.Platform.connectSocket(Platform.java:125) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:238) ~[graylog.jar:?]
        ... 26 more
2018-06-11T11:40:25.606+02:00 WARN  [ProxiedResource] Unable to call https:// 192.168.10.1:9000/api/system/inputstates on node <c910ac4e-778c-4485-bcda-3aa3f93a0580>
java.net.ConnectException: Failed to connect to /192.168.10.1:9000
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:240) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:158) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:77) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Caused by: java.net.ConnectException: Connexion refusée (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_161]
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_161]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_161]
        at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_161]
        at okhttp3.internal.platform.Platform.connectSocket(Platform.java:125) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:238) ~[graylog.jar:?]
        ... 26 more
2018-06-11T11:41:15.894+02:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.3 [org.graylog.aws.plugin.AWSPlugin]
2018-06-11T11:41:15.896+02:00 INFO  [CmdLineTool] Loaded plugin: ArchivePlugin 2.4.3 [org.graylog.plugins.archive.ArchivePlugin]
2018-06-11T11:41:15.897+02:00 INFO  [CmdLineTool] Loaded plugin: Audit Log 2.4.3 [org.graylog.plugins.auditlog.AuditLogPlugin]
2018-06-11T11:41:15.897+02:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-06-11T11:41:15.898+02:00 INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.3 [org.graylog.plugins.cef.CEFInputPlugin]
2018-06-11T11:41:15.899+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.4.3 [org.graylog.plugins.collector.CollectorPlugin]
2018-06-11T11:41:15.899+02:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-06-11T11:41:15.901+02:00 INFO  [CmdLineTool] Loaded plugin: License Plugin 2.4.3 [org.graylog.plugins.license.LicensePlugin]
2018-06-11T11:41:15.901+02:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.3 [org.graylog.plugins.map.MapWidgetPlugin]
2018-06-11T11:41:15.902+02:00 INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.3 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-06-11T11:41:15.909+02:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-06-11T11:41:15.909+02:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-06-11T11:41:16.816+02:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2018-06-11T11:41:17.381+02:00 INFO  [Version] HV000001: Hibernate Validator 5.1.3.Final
2018-06-11T11:41:20.929+02:00 INFO  [InputBufferImpl] Message journal is enabled.
2018-06-11T11:41:21.201+02:00 INFO  [NodeId] Node ID: c910ac4e-778c-4485-bcda-3aa3f93a0580
2018-06-11T11:41:23.409+02:00 INFO  [LogManager] Loading logs.
2018-06-11T11:41:23.955+02:00 INFO  [LogManager] Logs loading complete.
2018-06-11T11:41:23.955+02:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2018-06-11T11:41:24.416+02:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2018-06-11T11:41:24.728+02:00 INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2018-06-11T11:41:24.936+02:00 INFO  [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2018-06-11T11:41:25.218+02:00 INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:1}] to localhost:27017
2018-06-11T11:41:25.220+02:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED,
18 
ok=true, version=ServerVersion{versionList=[3, 6, 5]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, roundTripTimeNanos=422996}
2018-06-11T11:41:25.225+02:00 INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:2}] to localhost:27017
2018-06-11T11:41:27.608+02:00 INFO  [AbstractJestClient] Setting server pool to a list of 1 servers: [http://127.0.0.1:9200]
2018-06-11T11:41:27.609+02:00 INFO  [JestClientFactory] Using multi thread/connection supporting pooling connection manager
2018-06-11T11:41:27.778+02:00 INFO  [JestClientFactory] Using custom ObjectMapper instance
2018-06-11T11:41:27.779+02:00 INFO  [JestClientFactory] Node Discovery disabled...
2018-06-11T11:41:27.779+02:00 INFO  [JestClientFactory] Idle connection reaping disabled...
2018-06-11T11:41:33.686+02:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records
2018-06-11T11:41:34.843+02:00 INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-06-11T11:41:37.343+02:00 INFO  [RulesEngineProvider] No static rules file loaded.
2018-06-11T11:41:38.034+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-11T11:41:38.058+02:00 INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-06-11T11:41:38.066+02:00 INFO  [connection] Opened connection [connectionId{localValue:3, serverValue:3}] to localhost:27017
2018-06-11T11:41:38.080+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-11T11:41:38.096+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-11T11:41:38.113+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-11T11:41:38.129+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-11T11:41:38.809+02:00 INFO  [ServerBootstrap] Graylog server 2.4.3+2c41897 starting up
2018-06-11T11:41:38.810+02:00 INFO  [ServerBootstrap] JRE: Oracle Corporation 1.8.0_161 on Linux 3.10.0-693.21.1.el7.x86_64
2018-06-11T11:41:38.810+02:00 INFO  [ServerBootstrap] Deployment: rpm
2018-06-11T11:41:38.810+02:00 INFO  [ServerBootstrap] OS: CentOS Linux 7 (Core) (centos)
2018-06-11T11:41:38.810+02:00 INFO  [ServerBootstrap] Arch: amd64
2018-06-11T11:41:38.818+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-11T11:41:53.949+02:00 INFO  [PeriodicalsService] Starting 28 periodicals ...
2018-06-11T11:41:53.950+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2018-06-11T11:41:53.950+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2018-06-11T11:41:53.950+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2018-06-11T11:41:53.951+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2018-06-11T11:41:53.952+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2018-06-11T11:41:53.954+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2018-06-11T11:41:53.955+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2018-06-11T11:41:53.955+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2018-06-11T11:41:53.956+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2018-06-11T11:41:53.956+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2018-06-11T11:41:53.956+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2018-06-11T11:41:53.956+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2018-06-11T11:41:53.957+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2018-06-11T11:41:53.957+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2018-06-11T11:41:53.957+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2018-06-11T11:41:53.957+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2018-06-11T11:41:53.958+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2018-06-11T11:41:53.958+02:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:5}] to localhost:27017
2018-06-11T11:41:53.960+02:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:4}] to localhost:27017
2018-06-11T11:41:54.004+02:00 INFO  [connection] Opened connection [connectionId{localValue:6, serverValue:6}] to localhost:27017
2018-06-11T11:41:54.036+02:00 INFO  [connection] Opened connection [connectionId{localValue:7, serverValue:7}] to localhost:27017
2018-06-11T11:41:54.059+02:00 INFO  [connection] Opened connection [connectionId{localValue:8, serverValue:8}] to localhost:27017
2018-06-11T11:41:54.074+02:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2018-06-11T11:41:54.074+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2018-06-11T11:41:54.075+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2018-06-11T11:41:54.097+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2018-06-11T11:41:54.102+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2018-06-11T11:41:54.102+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2018-06-11T11:41:54.102+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.license.LicenseManagerPeriodical] periodical in [0s], polling every [300s].
2018-06-11T11:41:54.103+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.license.LicenseReportPeriodical] periodical in [300s], polling every [3600s].
2018-06-11T11:41:54.126+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2018-06-11T11:41:54.127+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.auditlog.mongodb.MongoAuditLogPeriodical] periodical in [0s], polling every [3600s].
2018-06-11T11:41:54.128+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2018-06-11T11:41:54.258+02:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2018-06-11T11:41:54.265+02:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records
2018-06-11T11:41:54.268+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@60bddf0d] STARTING
2018-06-11T11:41:54.269+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@6dd7b117] STARTING
2018-06-11T11:41:54.269+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@1c0f6c6b] STARTING
2018-06-11T11:41:54.269+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@77b0aefa] STARTING
2018-06-11T11:41:54.270+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@75f5a00e] STARTING
2018-06-11T11:41:54.270+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@5b614b9a] STARTING
2018-06-11T11:41:54.270+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@1bb8b6b3] STARTING
2018-06-11T11:41:54.271+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@1bb8b6b3] RUNNING
2018-06-11T11:41:54.310+02:00 WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-06-11T11:41:54.310+02:00 WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-06-11T11:41:54.411+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@60457767] STARTING
2018-06-11T11:41:54.411+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@60457767] RUNNING
2018-06-11T11:41:54.411+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@5e394f40] STARTING
2018-06-11T11:41:54.411+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@132ed098] STARTING
2018-06-11T11:41:54.412+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@5e394f40] RUNNING
2018-06-11T11:41:54.412+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@132ed098] RUNNING
2018-06-11T11:41:54.412+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@71c0a53c] STARTING
2018-06-11T11:41:54.412+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@71c0a53c] RUNNING
2018-06-11T11:41:54.412+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@1f6d8ec0] STARTING
2018-06-11T11:41:54.412+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@1f6d8ec0] RUNNING
2018-06-11T11:41:54.269+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <spamhaus-drop/5ac37ce361a3b445286ea5cf/@1c0f6c6b>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Spamhaus service is disabled, not starting (E)DROP adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.spamhaus.SpamhausEDROPDataAdapter.doStart(SpamhausEDROPDataAdapter.java:68) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-11T11:41:54.268+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd/@60bddf0d>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-11T11:41:54.270+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <tor-exit-node/5ac37ce361a3b445286ea5cc/@75f5a00e>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: TOR service is disabled, not starting TOR exit addresses adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.tor.TorExitNodeDataAdapter.doStart(TorExitNodeDataAdapter.java:73) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-11T11:41:54.268+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0/@6dd7b117>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-11T11:41:54.431+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@1c0f6c6b] RUNNING
2018-06-11T11:41:54.431+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@60bddf0d] RUNNING
2018-06-11T11:41:54.431+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@5b614b9a] RUNNING
2018-06-11T11:41:54.431+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@75f5a00e] RUNNING
2018-06-11T11:41:54.432+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@77b0aefa] RUNNING
2018-06-11T11:41:54.432+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@6dd7b117] RUNNING
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-ip/5ac37ce461a3b445286ea5d4 [@3bb9e80a] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@132ed098], data adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@6dd7b117]
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-domains/5ac37ce461a3b445286ea5d5 [@4931262a] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@132ed098], data adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@60bddf0d]
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table tor-exit-node-list/5ac37ce461a3b445286ea5d6 [@3e4f0b1e] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@132ed098], data adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@75f5a00e]
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table whois/5ac37ce461a3b445286ea5d7 [@6e8f792f] using cache whois-cache/5ac37ce361a3b445286ea5c9 [@60457767], data adapter whois/5ac37ce461a3b445286ea5d2 [@1bb8b6b3]
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table otx-api-domain/5ac37ce461a3b445286ea5d8 [@1a82254c] using cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@71c0a53c], data adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@77b0aefa]
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table spamhaus-drop/5ac37ce461a3b445286ea5d9 [@5ac25040] using cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@5e394f40], data adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@1c0f6c6b]
2018-06-11T11:41:54.694+02:00 INFO  [LookupTableService] Starting lookup table otx-api-ip/5ac37ce461a3b445286ea5da [@1c13b7fd] using cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@1f6d8ec0], data adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@5b614b9a]
2018-06-11T11:41:56.321+02:00 INFO  [JerseyService] Enabling CORS for HTTP endpoint
2018-06-11T11:42:10.544+02:00 INFO  [NetworkListener] Started listener bound to [192.168.10.1:9000]
2018-06-11T11:42:10.546+02:00 INFO  [HttpServer] [HttpServer] Started.
2018-06-11T11:42:10.546+02:00 INFO  [JerseyService] Started REST API at <https:// 192.168.10.1:9000/api/>
2018-06-11T11:42:10.546+02:00 INFO  [JerseyService] Started Web Interface at <https:// 192.168.10.1:9000/>
2018-06-11T11:42:10.546+02:00 INFO  [ServiceManagerListener] Services are healthy
2018-06-11T11:42:10.547+02:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2018-06-11T11:42:10.592+02:00 INFO  [ServerBootstrap] Services started, startup times in ms: {BufferSynchronizerService [RUNNING]=0, JournalReader [RUNNING]=0, OutputSetupService [RUNNING]=0, ConfigurationEtagService [RUNNING]=1, KafkaJournal [RUNNING]=1, InputSetupService [RUNNING]=2, StreamCacheService [RUNNING]=6, PeriodicalsService [RUNNING]=178, LookupTableService [RUNNING]=744, JerseyService [RUNNING]=16596}
2018-06-11T11:42:10.812+02:00 INFO  [ServerBootstrap] Graylog server up and running.
2018-06-11T11:42:10.852+02:00 INFO  [InputStateListener] Input [GELF TCP/5adf328f61a3b44e46eff61e] is now STARTING
2018-06-11T11:42:10.853+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now STARTING
2018-06-11T11:42:10.855+02:00 INFO  [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now STARTING
2018-06-11T11:42:10.867+02:00 INFO  [AbstractTcpTransport] Enabled TLS for input [GELF TCP/5addd43c61a3b40447d3a5f1]. key-file="/etc/graylog/server/certfiles/https/https.pkcs8-encrypted.key.pem" cert-file="/etc/graylog/server/certfiles/https/https.cert.pem"
2018-06-11T11:42:10.961+02:00 WARN  [NettyTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Windows, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=c910ac4e-778c-4485-bcda-3aa3f93a0580} should be 1048576 but is 212992.
2018-06-11T11:42:10.961+02:00 WARN  [NettyTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Serveur_ad, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=c910ac4e-778c-4485-bcda-3aa3f93a0580} should be 1048576 but is 212992.
2018-06-11T11:42:10.962+02:00 WARN  [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=Switch/routeur , type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=c910ac4e-778c-4485-bcda-3aa3f93a0580} should be 1048576 but is 212992.
2018-06-11T11:42:10.963+02:00 INFO  [InputStateListener] Input [GELF TCP/5addd43c61a3b40447d3a5f1] is now RUNNING
2018-06-11T11:42:10.964+02:00 INFO  [InputStateListener] Input [GELF TCP/5adf328f61a3b44e46eff61e] is now RUNNING
2018-06-11T11:42:10.964+02:00 INFO  [InputStateListener] Input [Syslog TCP/5addde8e61a3b40f11d66023] is now RUNNING
2018-06-11T11:43:31.443+02:00 INFO  [connection] Opened connection [connectionId{localValue:10, serverValue:10}] to localhost:27017
2018-06-11T11:43:31.443+02:00 INFO  [connection] Opened connection [connectionId{localValue:9, serverValue:9}] to localhost:27017
2018-06-11T11:43:49.274+02:00 INFO  [connection] Opened connection [connectionId{localValue:11, serverValue:11}] to localhost:27017
2018-06-11T11:43:57.183+02:00 INFO  [connection] Opened connection [connectionId{localValue:12, serverValue:12}] to localhost:27017
2018-06-11T11:43:57.199+02:00 INFO  [InputStateListener] Input [GELF TCP/5adf328f61a3b44e46eff61e] is now STOPPING
2018-06-11T11:43:57.296+02:00 INFO  [InputStateListener] Input [GELF TCP/5adf328f61a3b44e46eff61e] is now TERMINATED
2018-06-11T11:43:57.296+02:00 INFO  [InputStateListener] Input [GELF TCP/5adf328f61a3b44e46eff61e] is now STOPPED
2018-06-11T11:46:54.212+02:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records
2018-06-11T11:47:31.803+02:00 WARN  [LicenseChecker] License violation - Detected irregular traffic records

these are the following logs

19

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.