GELF HTTP send address

judel5 · February 17, 2020, 5:02pm

Hello, New to Graylog

Trying to send GELF HTTP using CURL over port 5555.

Set up:
Graylog server is installed on 10.0.0.237:9000
Local machine (source of message): 10.0.0.85.

Tried creating an input but it wont accept port 9000 so I changed it to port 5555.

Documentation says to use http://graylog/example.org:[port number]/gelf.

I am not sure where to get the url (other than the destination ip address) and I cant send over port 9000. Any help is appreciated.

Thanks…

shoothub · February 18, 2020, 9:22am

You probably misunderstand how to create proper Input:

Every Input should use it’s own port
Don’t try to use port 9000 for input, as it’s a port, where listen graylog web interface
GELF HTTP Input need own port, by default it is 12201
Proper URL for GELF HTTP is http://graylog.example.com:PORT/gelf or you can also use IP http://10.0.0.237:PORT/gelf
Check that your firewall don’t block your PORT used in GELF HTTP Input from local machine to graylog server

I think, documentation is clear, how to use curl:
https://docs.graylog.org/en/3.2/pages/gelf.html#sending-gelf-messages-via-http-using-curl

judel5 · February 19, 2020, 6:02am

Thanks!

I tried the sending messages using curl as said in the instructions and I get the following:

I then checked the status of elastic search and got the following:

Any help?

shoothub · February 19, 2020, 7:07am

Your Elastic Search database crashed, so check elastic log file to find the reason. Due to crashed elastic db, graylog couldn’t show anything and return error 500.

judel5 · February 19, 2020, 4:34pm

Hello,

when I opened the log file using nano, here is what I found. I am new to this so dont really wanna mess up anything. Any ideas on the best way to fix this?

I just scrolled down to the very end of the file.

thanks.

judel5 · February 19, 2020, 6:08pm

I also gathered from one of the forums that the JAVA_HOME path might not be set correctly. When I try to access the configuration file at etc/default/elasticsearch , I get a “Permission Denied” error.

Not sure how to go about it…

gsmith · February 20, 2020, 5:19am

@judel5
How did you install Graylog on your device?
Could you give us a little more info about your environment?

shoothub · February 20, 2020, 7:17am

Hi @judel5,
did use follow official documentation to install Elastic Search? Because I see in your log file that x-pack modules were loaded, which can cause problems with graylog. Graylog recommend to install OSS version of elastic search packages (elasticsearch-oss) without x-pack extentions:
https://docs.graylog.org/en/3.2/pages/installation/os/ubuntu.html#elasticsearch

Check your installed version:
dpkg -l |grep -i elastic

judel5 · February 24, 2020, 3:48pm

Hi,

The device is a dell desktop with intel core i5. I believe it is about 250GB and 4GB ram. The OS is Ubuntu 19.04.

Thanks

judel5 · February 24, 2020, 3:50pm

Thanks. So at this point does it make sense to reinstall or is there a fix that I can apply? I’lll check the exact version when I get home later today.

Thanks,

Jude

system · March 9, 2020, 3:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to send GELF http message Graylog Central (peer support)	4	4559	April 5, 2018
Graylog Outputs with HTTP_Proxy Graylog Central (peer support)	2	824	January 13, 2018
Send log to graylog with authentication Graylog Central (peer support)	2	1299	October 27, 2019
Connection is failing for gelf Graylog Central (peer support)	4	1057	May 1, 2019
Can't send logs to graylog2 docker container via HTTP endpoint Graylog Central (peer support)	3	1927	May 1, 2017

GELF HTTP send address

Related Topics