GELF HTTP send address

judel5 · February 17, 2020, 5:02pm

Hello, New to Graylog

Trying to send GELF HTTP using CURL over port 5555.

Set up:
Graylog server is installed on 10.0.0.237:9000
Local machine (source of message): 10.0.0.85.

Tried creating an input but it wont accept port 9000 so I changed it to port 5555.

Documentation says to use http://graylog/example.org:[port number]/gelf.

I am not sure where to get the url (other than the destination ip address) and I cant send over port 9000. Any help is appreciated.

Thanks…

shoothub · February 18, 2020, 9:22am

You probably misunderstand how to create proper Input:

Every Input should use it’s own port
Don’t try to use port 9000 for input, as it’s a port, where listen graylog web interface
GELF HTTP Input need own port, by default it is 12201
Proper URL for GELF HTTP is http://graylog.example.com:PORT/gelf or you can also use IP http://10.0.0.237:PORT/gelf
Check that your firewall don’t block your PORT used in GELF HTTP Input from local machine to graylog server

I think, documentation is clear, how to use curl:
https://docs.graylog.org/en/3.2/pages/gelf.html#sending-gelf-messages-via-http-using-curl

judel5 · February 19, 2020, 6:02am

Thanks!

I tried the sending messages using curl as said in the instructions and I get the following:

I then checked the status of elastic search and got the following:

Any help?

shoothub · February 19, 2020, 7:07am

Your Elastic Search database crashed, so check elastic log file to find the reason. Due to crashed elastic db, graylog couldn’t show anything and return error 500.

judel5 · February 19, 2020, 4:34pm

Hello,

when I opened the log file using nano, here is what I found. I am new to this so dont really wanna mess up anything. Any ideas on the best way to fix this?

I just scrolled down to the very end of the file.

thanks.

judel5 · February 19, 2020, 6:08pm

I also gathered from one of the forums that the JAVA_HOME path might not be set correctly. When I try to access the configuration file at etc/default/elasticsearch , I get a “Permission Denied” error.

Not sure how to go about it…

gsmith · February 20, 2020, 5:19am

@judel5
How did you install Graylog on your device?
Could you give us a little more info about your environment?

shoothub · February 20, 2020, 7:17am

Hi @judel5,
did use follow official documentation to install Elastic Search? Because I see in your log file that x-pack modules were loaded, which can cause problems with graylog. Graylog recommend to install OSS version of elastic search packages (elasticsearch-oss) without x-pack extentions:
https://docs.graylog.org/en/3.2/pages/installation/os/ubuntu.html#elasticsearch

Check your installed version:
dpkg -l |grep -i elastic

judel5 · February 24, 2020, 3:48pm

Hi,

The device is a dell desktop with intel core i5. I believe it is about 250GB and 4GB ram. The OS is Ubuntu 19.04.

Thanks

judel5 · February 24, 2020, 3:50pm

Thanks. So at this point does it make sense to reinstall or is there a fix that I can apply? I’lll check the exact version when I get home later today.

Thanks,

Jude

system · March 9, 2020, 3:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
GELF HTTP is not getting messages Graylog Central (peer support)	4	1125	June 16, 2020
Not able to send GELF http message Graylog Central (peer support)	4	4800	April 5, 2018
ApiError HTTP 404 not found Graylog Central (peer support)	7	2849	March 25, 2019
Graylog Gelf http Input not working Graylog Central (peer support)	3	254	February 21, 2024
Graylog Outputs with HTTP_Proxy Graylog Central (peer support)	2	913	January 13, 2018

GELF HTTP send address

Related topics