My Docker compose file is below, I have AWS elasticsearch service and it shows connected

image2058×1140 172 KB

Input is configured as GELF TCP and UDP

image2734×1326 280 KB

I have for test opened all ports in ec2 instance hosting the graylog container , but still no messages are reaching graylog,
curl -XPOST http://x.x.x.x:12202/gelf -p0 -d ‘{“short_message”:“Hello there”, “host”:“example.org”, “facility”:“test”, “_foo”:“bar”}’ -v

Note: Unnecessary use of -X or --request, POST is already inferred.

• Trying x.x.x.x

• TCP_NODELAY set

• Connection failed

• connect to XX:XX:XX:XX port 12202 failed: Connection refused

• Failed to connect to XX:XX:XX:XX port 12202: Connection refused

• Closing connection 0

curl: (7) Failed to connect to XX.XX.XX.XX port 12202: Connection refused

version: ‘2’
services:

MongoDB: https://hub.docker.com/_/mongo/

mongodb:
image: mongo:3

Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html

elasticsearch:

image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4

environment:

- http.host=0.0.0.0

- transport.host=localhost

- network.host=0.0.0.0

- “ES_JAVA_OPTS=-Xms512m -Xmx512m”

ulimits:

memlock:

soft: -1

hard: -1

mem_limit: 1g

Graylog: https://hub.docker.com/r/graylog/graylog/

graylog:
image: graylog/graylog:2.5
environment:
- GRAYLOG_PASSWORD_SECRET=XXXX
# Password: admin
- GRAYLOG_REST_TRANSPORT_URI=http://127.0.0.1:12900
- GRAYLOG_ROOT_PASSWORD_SHA2=XXXXXX
- GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api
- GRAYLOG_ELASTICSEARCH_HOSTS=XXX
stdin_open: true
links:
- mongodb:mongo

- elasticsearch

depends_on:
  - mongodb
  # - elasticsearch
ports:
  # Graylog web interface and REST API
  - 9000:9000
  - 12900:12900
  # Syslog TCP
  - 514:514
  # Syslog UDP
  - 514:514/udp
  # GELF TCP
  - 12201:12201
  # GELF UDP
  - 12201:12201/udp

Container instance doesn’t show 12201 as listening port
[ec2-user@]$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 172 ip-10-10-1-134.eu-west-:ssh ip-10-10-1-170.eu-wes:43702 ESTABLISHED
tcp 0 0 ip-10-10-1-134.eu-wes:50618 :https ESTABLISHED
tcp 0 0 ip-10-10-1-134.eu-wes:50052 :https ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 10 DGRAM 11022 /dev/log
unix 3 STREAM CONNECTED 12362
unix 3 STREAM CONNECTED 12361
unix 3 STREAM CONNECTED 8970715 /var/run/docker.sock
unix 3 STREAM CONNECTED 8993068
unix 3 STREAM CONNECTED 12485
unix 3 STREAM CONNECTED 8991682
unix 3 STREAM CONNECTED 11455
unix 3 STREAM CONNECTED 8994351 @/containerd-shim/moby/b74acd30344d544ae47c8c77ad401f355492feed55767e9fcd06f786012d027d/shim.sock@
unix 2 DGRAM 11381
unix 3 STREAM CONNECTED 8994034 @/containerd-shim/moby/20e35c57c614936cd7844da50b59061fb584166efb573db8eaa136871e6aeacc/shim.sock@
unix 3 STREAM CONNECTED 12504
unix 2 DGRAM 11396
unix 3 STREAM CONNECTED 8991683 /var/run/docker.sock
unix 3 STREAM CONNECTED 11456 /var/run/docker/containerd/docker-containerd.sock
unix 3 STREAM CONNECTED 8994349
unix 2 DGRAM 11103
unix 3 DGRAM 9674
unix 2 DGRAM 11399
unix 3 DGRAM 9673
unix 3 STREAM CONNECTED 12477 /var/run/docker/containerd/docker-containerd.sock
unix 3 STREAM CONNECTED 8970714
unix 2 DGRAM 11409
unix 3 STREAM CONNECTED 11479 /var/run/docker/containerd/docker-containerd.sock
unix 2 DGRAM 11164
unix 3 STREAM CONNECTED 11965
unix 3 STREAM CONNECTED 11968
unix 2 DGRAM 36712
unix 3 STREAM CONNECTED 11963 /var/run/docker.sock
unix 3 STREAM CONNECTED 11962
unix 3 STREAM CONNECTED 11826
unix 3 STREAM CONNECTED 11960 /var/run/docker.sock
unix 3 STREAM CONNECTED 10168
unix 3 STREAM CONNECTED 11942 /var/run/docker.sock
unix 3 STREAM CONNECTED 11941
unix 3 STREAM CONNECTED 10169
unix 3 STREAM CONNECTED 11983
unix 3 STREAM CONNECTED 11972 /var/run/docker.sock
unix 3 STREAM CONNECTED 11981 /var/run/docker.sock
unix 3 STREAM CONNECTED 11971
unix 3 STREAM CONNECTED 8994511
unix 3 STREAM CONNECTED 11986
unix 3 STREAM CONNECTED 11969 /var/run/docker.sock
unix 3 STREAM CONNECTED 11828 @/containerd-shim/moby/88c1869003a4e65561273b6c24d8f86ba1408b2db90908c74b5261a95838d64e/shim.sock@
unix 3 STREAM CONNECTED 11984 /var/run/docker.sock
unix 3 STREAM CONNECTED 11989
unix 3 STREAM CONNECTED 11931 /var/run/docker.sock
unix 3 STREAM CONNECTED 11978 /var/run/docker.sock
unix 3 STREAM CONNECTED 11987 /var/run/docker.sock
unix 3 STREAM CONNECTED 11930
unix 3 STREAM CONNECTED 11977
unix 3 STREAM CONNECTED 11990 /var/run/docker.sock
unix 3 STREAM CONNECTED 9484456
unix 3 STREAM CONNECTED 11953
unix 3 STREAM CONNECTED 11956
unix 3 STREAM CONNECTED 11957 /var/run/docker.sock
unix 3 STREAM CONNECTED 9917
unix 3 STREAM CONNECTED 8994512 /var/run/docker.sock
unix 3 STREAM CONNECTED 10696 /var/run/lvm/lvmetad.socket
unix 3 STREAM CONNECTED 11959
unix 3 STREAM CONNECTED 11945 /var/run/docker.sock
unix 2 DGRAM 9484451
unix 3 STREAM CONNECTED 11975 /var/run/docker.sock
unix 3 STREAM CONNECTED 11947
unix 3 STREAM CONNECTED 11966 /var/run/docker.sock
unix 3 STREAM CONNECTED 11944
unix 3 STREAM CONNECTED 11974
unix 3 STREAM CONNECTED 11950
unix 3 STREAM CONNECTED 11980
unix 3 STREAM CONNECTED 11948 /var/run/docker.sock
unix 3 STREAM CONNECTED 11951 /var/run/docker.sock
unix 3 STREAM CONNECTED 9484455
unix 3 STREAM CONNECTED 11954 /var/run/docker.sock

You use some weird Bind address on Gelf TCP input: 00.00.00.00 instead of 0.0.0.0

Passed that stage , now i am confused with what i should put in aws task definition to get the udp gelf logs in graylog.

my current task definition has

“logConfiguration”: {
“logDriver”: “gelf”,
“options”: {
“gelf-address”: “udp://graylog-ip:12201”
}
}
This is not working

image2734×1326 258 KB

If I were you I would check:

1. If Gelf port 12201/udp is listening on docker using command: netstat -tupln or ss -tulpn
2. You created Gelf udp input, but try to test it with curl command for input gelf http, so try to use command from point 3.
3. Try to send dummy message to gelf udp input using command: echo -n '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' | nc -w1 -u graylog.example.com 12201
   https://docs.graylog.org/en/2.5/pages/gelf.html#sending-gelf-messages-via-udp-using-netcat

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.