“Error getting data / node 5404ceb7 / srv0colectorlog”:
1. Describe your incident: I am experiencing an error in Graylog in a CentOS 7 environment. The error I am seeing is “Error getting data / node 5404ceb7 / srv0colectorlog”.
2. Describe your environment:
Operating System Information: CentOS 7
Package Version: 4.xx version.
Service logs, configurations, and environment variables: No information was provided on service logs, configurations, and environment variables.
3. What steps have you already taken to try and solve the problem? No information was provided on steps that have been taken to try and solve the problem.
4. How can the community help? I would like advice or suggestions on how to resolve the error I am experiencing in Graylog in a CentOS 7 environment. Is there any service log I should check or any configuration I should adjust to fix this problem?
2023-04-19T21:49:32.229-05:00 WARN [CorrelationEventProcessor] No valid Enterprise license found - not executing event correlation <SOURCE: 30 minutes silent sender/622915252569ab00dd204b96>
2023-04-19T21:49:32.450-05:00 WARN [ProxiedResource] Unable to call https://192.168.100.1:9000/api/system/metrics/multiple on node <5404ceb7-ca56-4e24-9cec-36a3c354a731>: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2023-04-19T21:49:32.510-05:00 ERROR [FileInfo] Couldn’t get file info for path: /etc/graylog/server/service-names-port-numbers.csv
java.nio.file.NoSuchFileException: /etc/graylog/server/service-names-port-numbers.csv
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86) ~[?:1.8.0_312]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_312]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:1.8.0_312]
at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55) ~[?:1.8.0_312]
at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144) ~[?:1.8.0_312]
at sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99) ~[?:1.8.0_312]
at java.nio.file.Files.readAttributes(Files.java:1737) ~[?:1.8.0_312]
at org.graylog2.plugin.utilities.FileInfo.forPath(FileInfo.java:76) ~[graylog.jar:?]
at org.graylog2.plugin.utilities.FileInfo.checkForChange(FileInfo.java:96) ~[graylog.jar:?]
at org.graylog2.lookup.adapters.CSVFileDataAdapter.doRefresh(CSVFileDataAdapter.java:102) ~[graylog.jar:?]
at org.graylog2.plugin.lookup.LookupDataAdapter.refresh(LookupDataAdapter.java:109) ~[graylog.jar:?]
at org.graylog2.lookup.LookupDataAdapterRefreshService.lambda$schedule$0(LookupDataAdapterRefreshService.java:142) ~[graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_312]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_312]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_312]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_312]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_312]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_312]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_312]
2023-04-19T21:49:32.510-05:00 ERROR [CSVFileDataAdapter] Couldn’t check data adapter CSV file /etc/graylog/server/service-names-port-numbers.csv for updates: java.nio.file.NoSuchFileException /etc/graylog/server/service-names-port-numbers.csv
2023-04-19T21:49:33.538-05:00 WARN [ProxiedResource] Unable to call https://192.168.100.1:9000/api/system on node <5404ceb7-ca56-4e24-9cec-36a3c354a731>: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Normally when you see this is because Graylog cant not find your certs, ensure there in the correct keystore and if your using a different keystore you need to make adjustment to show Graylog where its at.
Example and I quote:
In order for the JVM to pick up the new trust store, it has to be started with the JVM parameter -Djavax.net.ssl.trustStore=/path/to/cacerts.jks. If you’ve been using another password to encrypt the JVM trust store than the default changeit, you additionally have to set the JVM parameter -Djavax.net.ssl.trustStorePassword=secret.
If your using JAVA default keystore " cacerts" this should not be an issue unless you have multiple JAVA installation.
Example:
Check the version
java -version
This will tell you which one your using and shows full path.
sudo update-alternatives --config java
Make sure Graylog has access to the certificates, just an idea for a Dev setup, place them in Graylog Home directory /etc/graylog , because Graylog has accesss to its own directory.
Hey gerarmoran, I had the same problem. After every update I have to put the ssl cert back in the truststore. This is verrry easy. At first you need keytool and you have to find your cert in pem format.
search the truststore of graylog like this:
sudo find / -name cacerts
the truststore is somthing like /usr/share/graylog-server/jvm/lib/security/cacerts
now with keytool you can import the cert in the truststore.
