Graylog does not log

hi,

i’m stuck way back at the very beginning i’m afraid. i can’t get graylog to log anything.

i’m following along here:

https://docs.graylog.org/en/3.2/pages/installation/docker.html

i’ve used the most basic docker-compose example provided (although i’ve repeated the more basic steps without using docker-compose and had the same results), but i’ve added access to the 5555 port.

it all seems to work, i can log into the web console, but when i issue the command (as per the document):

echo ‘First log message’ | nc localhost 5555

nothing gets added to the messages in the web console. if i run that nc command with the -v argument, it says:

Connection to localhost 5555 port [tcp/*] succeeded!

i have tried this on a macOS host, and a linux host, and the messages don’t appear in the web console on either. any tips? i’m reasonably experienced with docker if that makes a difference.

with thanks

this is my docker-compose.yaml:

version: '3'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongo:
    image: mongo:3
    networks:
      - graylog
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    deploy:
      resources:
        limits:
          memory: 1g
    networks:
      - graylog
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.2
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
    networks:
      - graylog
    depends_on:
      - mongo
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
      - 5555:5555
networks:
  graylog:
    driver: bridge

do you have an input on the 5555 in your webUI?
https://docs.graylog.org/en/3.2/pages/installation/docker.html#how-to-get-log-data-in

hi yes, this is what i have:

Why did you create Input with bind adress to localhost (127.0.0.1)? It will only work from localhost, so same host where graylog run. Better is to setup to 0.0.0.0 (default), so you can send logs also from network.

1 Like

//I’m not sure how it is working in docker, maybe the loopback is enough. But try it with 0.0.0.0

But on the picture, you can check, your message don’t achieve the input (0B traffic)

haha! it works! changing the bind address to 0.0.0.0 has fixed it.

thanks for your help.

with thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.