I copied the docker-compose.yml from the persisting data section of http://docs.graylog.org/en/latest/pages/installation/docker.html and only changed the GRAYLOG_PASSWORD_SECRET to something more random. Ran it on my synology in docker and go to MyserverIP:9000 and I get the following.
Any thoughts on how I should trouble shoot this from here?
What’s the complete configuration of the Graylog Docker container?
What’s in the logs of the Graylog Docker container?
Which URI are you using in your web browser to access the Graylog web interface?
Which operating system are the Docker containers running on?
docker-compose.yml
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.6.3
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
# Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/security-settings.html#general-security-settings
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:2.4.0-1
volumes:
- graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
Please answer all questions.
Log file -
2018-06-12 11:11:06,920 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 2.4.0 [org.graylog.aws.plugin.AWSPlugin]
2018-06-12 11:11:06,927 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elastic Beats Input 2.4.0 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-06-12 11:11:06,930 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: CEF Input 2.4.0 [org.graylog.plugins.cef.CEFInputPlugin]
2018-06-12 11:11:06,932 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 2.4.0 [org.graylog.plugins.collector.CollectorPlugin]
2018-06-12 11:11:06,934 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Enterprise Integration Plugin 2.4.0 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-06-12 11:11:06,936 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: MapWidgetPlugin 2.4.0 [org.graylog.plugins.map.MapWidgetPlugin]
2018-06-12 11:11:06,938 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: NetFlow Plugin 2.4.0 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-06-12 11:11:06,972 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Pipeline Processor Plugin 2.4.0 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-06-12 11:11:06,975 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 2.4.0 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-06-12 11:11:10,806 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=/usr/share/graylog/data/config/log4j2.xml -Djava.library.path=/usr/share/graylog/lib/sigar/ -Dgraylog2.installation_source=docker
2018-06-12 11:11:12,398 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator 5.1.3.Final
2018-06-12 11:11:27,885 INFO : org.graylog2.shared.buffers.InputBufferImpl - Message journal is enabled.
2018-06-12 11:11:28,103 INFO : org.graylog2.plugin.system.NodeId - No node ID file found. Generated: 8d92cb68-c780-4f88-b7b4-f32f11e83a3c
2018-06-12 11:11:30,151 INFO : kafka.log.LogManager - Loading logs.
2018-06-12 11:11:30,165 INFO : kafka.log.LogManager - Logs loading complete.
2018-06-12 11:11:30,294 INFO : kafka.log.LogManager - Created log for partition [messagejournal,0] in /usr/share/graylog/data/journal with properties {file.delete.delay.ms -> 60000, compact -> false, max.message.bytes -> 104857600, min.insync.replicas -> 1, segment.jitter.ms -> 0, index.interval.bytes -> 4096, min.cleanable.dirty.ratio -> 0.5, unclean.leader.election.enable -> true, retention.bytes -> 5368709120, delete.retention.ms -> 86400000, flush.ms -> 60000, segment.bytes -> 104857600, segment.ms -> 3600000, retention.ms -> 43200000, flush.messages -> 1000000, segment.index.bytes -> 1048576}.
2018-06-12 11:11:30,295 INFO : org.graylog2.shared.journal.KafkaJournal - Initialized Kafka based journal at /usr/share/graylog/data/journal
2018-06-12 11:11:30,344 INFO : org.graylog2.shared.buffers.InputBufferImpl - Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2018-06-12 11:11:30,395 INFO : org.mongodb.driver.cluster - Cluster created with settings {hosts=[mongo:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
2018-06-12 11:11:30,608 INFO : org.mongodb.driver.cluster - No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=mongo:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2018-06-12 11:11:31,229 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:1, serverValue:1}] to mongo:27017
2018-06-12 11:11:31,243 INFO : org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=mongo:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 6, 5]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, roundTripTimeNanos=4573966}
2018-06-12 11:11:31,267 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:2, serverValue:2}] to mongo:27017
2018-06-12 11:11:57,827 INFO : io.searchbox.client.AbstractJestClient - Setting server pool to a list of 1 servers: [http://elasticsearch:9200]
2018-06-12 11:11:57,830 INFO : io.searchbox.client.JestClientFactory - Using multi thread/connection supporting pooling connection manager
2018-06-12 11:11:58,474 INFO : io.searchbox.client.JestClientFactory - Using custom ObjectMapper instance
2018-06-12 11:11:58,474 INFO : io.searchbox.client.JestClientFactory - Node Discovery disabled...
2018-06-12 11:11:58,475 INFO : io.searchbox.client.JestClientFactory - Idle connection reaping disabled...
2018-06-12 11:12:13,665 INFO : org.graylog2.users.RoleServiceImpl - Admin role is missing or invalid, re-adding it as a built-in role.
2018-06-12 11:12:14,299 INFO : org.graylog2.users.RoleServiceImpl - Reader role is missing or invalid, re-adding it as a built-in role.
2018-06-12 11:12:15,436 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:3, serverValue:3}] to mongo:27017
2018-06-12 11:12:21,475 INFO : org.graylog2.shared.buffers.ProcessBuffer - Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-06-12 11:12:28,809 INFO : org.graylog2.bindings.providers.RulesEngineProvider - No static rules file loaded.
2018-06-12 11:12:42,500 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-12 11:12:42,533 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-06-12 11:12:42,581 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-12 11:12:42,627 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-12 11:12:42,680 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-12 11:12:42,745 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-12 11:13:02,363 INFO : org.graylog2.bootstrap.ServerBootstrap - Graylog server 2.4.0+2115a42 starting up
2018-06-12 11:13:02,365 INFO : org.graylog2.bootstrap.ServerBootstrap - JRE: Oracle Corporation 1.8.0_151 on Linux 3.10.105
2018-06-12 11:13:02,365 INFO : org.graylog2.bootstrap.ServerBootstrap - Deployment: docker
2018-06-12 11:13:02,366 INFO : org.graylog2.bootstrap.ServerBootstrap - OS: Debian GNU/Linux 9 (stretch) (debian)
2018-06-12 11:13:02,366 INFO : org.graylog2.bootstrap.ServerBootstrap - Arch: amd64
2018-06-12 11:13:02,374 WARN : org.graylog2.shared.events.DeadEventLoggingListener - Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-12 11:13:03,997 INFO : org.graylog2.shared.initializers.PeriodicalsService - Starting 25 periodicals ...
2018-06-12 11:13:04,011 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2018-06-12 11:13:04,017 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
I’m using http://192.168.1.99:9000/ to access Graylog and that is where I saw the original message.
Docker is running on my Synology DSM 6.2 box.
Sorry for not responding to the other questions sooner. Disqus had me in line for an approval on the last response.
You’ll have to adapt the web_endpoint_uri configuration setting (via the GRAYLOG_WEB_ENDPOINT_URI environment variable) to your network environment.
Also make sure to use the latest stable version of the Graylog Docker image.
https://hub.docker.com/r/graylog/graylog/tags/
That seems to have solved it. Is there a docker tag for the latest version? Or should I just stay on top of the versions?
No, there’s intentionally no latest tag. You could use graylog/graylog:2.4 if you really want to (and understood the disadvantages of doing so).
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.