When I tried to start and input I got an error about the input not being able to start. The popup suggested I check my error logs, here is what I see:
2017-10-23T10:47:51.826+01:00 WARN [ProxiedResource] Unable to call http://VMExternalIP:9000/api/system/metrics/multiple on node <0e3dcc02-a09a-4a7f-b9eb-13ff286b89f8>
java.net.SocketTimeoutException: connect timed out
I have provided what I deem to be the relevant parts of my config.
I believed this would test connectivity between the Virtual machine and its external IP. The command timed out, which points further towards the VM not being able to communicate with its external address. Is there any way to work around this or should I put a hole in the firewall?
I have gone to ‘WebInterface’/api/api-browser. Going to this page allows me to perform API queries and I get response code ‘200’ which is a good sign. I still have no idea how to resolve this issue, could it be firewall blocking Graylog performing API queries on itself?
I have now set my config as you stated and now I get a login error which means my browser can’t access the API. this leads me to believe we need to add a firewall rule to allow access from the browser to the Graylog API.
So the rest_transport_api is set to the internal address and the web_endpoint_uri is set to the external address then we get a login error: 404 - cannot POST.
We have put a firewall rule in so that the virtual machine can go out and connect back into itself. The firewall rule is as follows: ExternalIPoftheVM to ExternalIPoftheVM over port 9000 on TCP. This should allow Graylog to connect to the API when the rest_transport_api is set to external.
I get Error - the server returned: 404 - cannot POST (404)
That error message is from the web interface itself. When I set rest_transport_uri = http://External:9000/api/ I can connect to the web interface fine, but Graylog itself can’t query its rest api. So I things such as node info just shows as unavailable.
Are you using a reverse proxy in front of Graylog?
If not, you have used the wrong value for web_endpoint_uri. It has to point to the public URI of the Graylog REST API.
No, I am not using a reverse proxy, however I have may look into using one as it may resolve this issue.
The address I am using for the web_endpoint_uri is the external IP address of machine that Graylog is run on. I am not sure if that is the correct value?
It’s http://<External IP address>:9000/api/, as written before.
Example:
Given the external URI for the Graylog web interface was http://example.com/ and the URI for the Graylog REST API was http://example.com/api/, then the web_endpoint_uri setting should be http://example.com/api/.