Graylog don't start after install

lucasnascin · January 23, 2018, 8:28pm

Hello guys, i need a help, i have installed the latest graylog on my AmazonLinux

Here is my server.conf: (any other thing is not here is commented[#]/default)

is_master = true

node_id_file = /etc/graylog/server/node-id

password_secret = eNahfeemohgatho6######vienuibahyingoojieshiepuoghohvohsaejohfu

root_password_sha2 = 151228958e09a1d7353af661####e3ac11f99d6994bc20ab012276b1103f2f97

plugin_dir = /usr/share/graylog-server/plugin

rest_listen_uri = http://5#.6#.13#.2#:9000/api/

web_listen_uri = http://5#.6#.13#.2#:9000/

rotation_strategy = count

elasticsearch_max_docs_per_index = 20000000

elasticsearch_max_number_of_indices = 20

retention_strategy = delete

elasticsearch_shards = 4
elasticsearch_replicas = 0

elasticsearch_index_prefix = graylog

allow_leading_wildcard_searches = false

allow_highlighting = false

elasticsearch_analyzer = standard

output_batch_size = 500

output_flush_interval = 1

output_fault_count_threshold = 5
output_fault_penalty_seconds = 30

processbuffer_processors = 5
outputbuffer_processors = 3

processor_wait_strategy = blocking

ring_size = 65536

inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking

message_journal_enabled = true

message_journal_dir = /var/lib/graylog-server/journal

lb_recognition_period_seconds = 3

mongodb_uri = mongodb://localhost/graylog

mongodb_max_connections = 1000

mongodb_threads_allowed_to_block_multiplier = 5

content_packs_dir = /usr/share/graylog-server/contentpacks

content_packs_auto_load = grok-patterns.json

proxied_requests_thread_pool_size = 32

Here is the logs:

2018-01-23T20:07:06.239Z INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.1 [org.graylog.aws.plugin.AWSPlugin]
2018-01-23T20:07:06.242Z INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.1 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-01-23T20:07:06.242Z INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.1 [org.graylog.plugins.cef.CEFInputPlugin]
2018-01-23T20:07:06.243Z INFO  [CmdLineTool] Loaded plugin: Collector 2.4.1 [org.graylog.plugins.collector.CollectorPlugin]
2018-01-23T20:07:06.244Z INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.1 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-01-23T20:07:06.244Z INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.1 [org.graylog.plugins.map.MapWidgetPlugin]
2018-01-23T20:07:06.245Z INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.1 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-01-23T20:07:06.252Z INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.1 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-01-23T20:07:06.252Z INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.1 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-01-23T20:07:06.576Z INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Dgraylog2.installation_source=rpm
2018-01-23T20:07:06.777Z INFO  [Version] HV000001: Hibernate Validator 5.1.3.Final
2018-01-23T20:07:09.351Z INFO  [InputBufferImpl] Message journal is enabled.
2018-01-23T20:07:09.373Z INFO  [NodeId] Node ID: 1fb30d94-d2d8-48eb-a813-5c7bbc6f4144
2018-01-23T20:07:09.589Z INFO  [LogManager] Loading logs.
2018-01-23T20:07:09.632Z INFO  [LogManager] Logs loading complete.
2018-01-23T20:07:09.633Z INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2018-01-23T20:07:09.648Z INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2018-01-23T20:07:09.667Z INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2018-01-23T20:07:09.713Z INFO  [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2018-01-23T20:07:09.729Z INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:34}] to localhost:27017
2018-01-23T20:07:09.730Z INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 4, 10]}, minWireVersion=0, maxWireVersion=5, maxDocumentSize=16777216, roundTripTimeNanos=457216}
2018-01-23T20:07:09.739Z INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:35}] to localhost:27017
2018-01-23T20:07:10.039Z INFO  [AbstractJestClient] Setting server pool to a list of 1 servers: [http://127.0.0.1:9200]
2018-01-23T20:07:10.040Z INFO  [JestClientFactory] Using multi thread/connection supporting pooling connection manager
2018-01-23T20:07:10.205Z INFO  [JestClientFactory] Using custom ObjectMapper instance
2018-01-23T20:07:10.211Z INFO  [JestClientFactory] Node Discovery disabled...
2018-01-23T20:07:10.211Z INFO  [JestClientFactory] Idle connection reaping disabled...
2018-01-23T20:07:10.657Z INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-01-23T20:07:12.845Z INFO  [RulesEngineProvider] No static rules file loaded.
2018-01-23T20:07:13.076Z WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-01-23T20:07:13.086Z INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-01-23T20:07:13.118Z WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-01-23T20:07:13.143Z WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-01-23T20:07:13.144Z INFO  [connection] Opened connection [connectionId{localValue:3, serverValue:36}] to localhost:27017
2018-01-23T20:07:13.157Z WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-01-23T20:07:13.170Z WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-01-23T20:07:13.426Z INFO  [ServerBootstrap] Graylog server 2.4.1+0f97411 starting up
2018-01-23T20:07:13.426Z INFO  [ServerBootstrap] JRE: Oracle Corporation 1.8.0_151 on Linux 4.9.76-3.78.amzn1.x86_64
2018-01-23T20:07:13.427Z INFO  [ServerBootstrap] Deployment: rpm
2018-01-23T20:07:13.427Z INFO  [ServerBootstrap] OS: Amazon Linux AMI 2017.09 (amzn)
2018-01-23T20:07:13.427Z INFO  [ServerBootstrap] Arch: amd64
2018-01-23T20:07:13.431Z WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-01-23T20:07:13.463Z INFO  [PeriodicalsService] Starting 25 periodicals ...
2018-01-23T20:07:13.464Z INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2018-01-23T20:07:13.495Z INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2018-01-23T20:07:13.503Z INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2018-01-23T20:07:13.511Z INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2018-01-23T20:07:13.539Z INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2018-01-23T20:07:13.556Z INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2018-01-23T20:07:13.557Z INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2018-01-23T20:07:13.568Z INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2018-01-23T20:07:13.568Z INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2018-01-23T20:07:13.577Z INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:37}] to localhost:27017
2018-01-23T20:07:13.588Z INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2018-01-23T20:07:13.605Z INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2018-01-23T20:07:13.611Z INFO  [LookupTableService] Data Adapter tor-exit-node/5a678ed9c9dc8b0d30c601bd [@27f1a050] STARTING
2018-01-23T20:07:13.611Z ERROR [LookupDataAdapter] Couldn't start data adapter <tor-exit-node/5a678ed9c9dc8b0d30c601bd/@27f1a050>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: TOR service is disabled, not starting TOR exit addresses adapter. To enable it please go to System / Configurations.
	at org.graylog.plugins.threatintel.adapters.tor.TorExitNodeDataAdapter.doStart(TorExitNodeDataAdapter.java:73) ~[?:?]
	at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
	at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
	at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
2018-01-23T20:07:13.637Z WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-01-23T20:07:13.640Z INFO  [LookupTableService] Data Adapter otx-api-ip/5a678ed9c9dc8b0d30c601bb [@38ce19fa] STARTING
2018-01-23T20:07:13.651Z INFO  [LookupTableService] Data Adapter otx-api-ip/5a678ed9c9dc8b0d30c601bb [@38ce19fa] RUNNING
2018-01-23T20:07:13.657Z INFO  [LookupTableService] Data Adapter otx-api-domain/5a678ed9c9dc8b0d30c601bc [@1a62e91] STARTING
2018-01-23T20:07:13.665Z WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-01-23T20:07:13.671Z INFO  [LookupTableService] Data Adapter otx-api-domain/5a678ed9c9dc8b0d30c601bc [@1a62e91] RUNNING
2018-01-23T20:07:13.681Z ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601be/@1809f381>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
	at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
	at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
	at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
	at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
2018-01-23T20:07:13.682Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601be [@1809f381] STARTING
2018-01-23T20:07:13.682Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601be [@1809f381] RUNNING
2018-01-23T20:07:13.685Z ERROR [LookupDataAdapter] Couldn't start data adapter <spamhaus-drop/5a678ed9c9dc8b0d30c601c0/@168a01f3>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Spamhaus service is disabled, not starting (E)DROP adapter. To enable it please go to System / Configurations.
	at org.graylog.plugins.threatintel.adapters.spamhaus.SpamhausEDROPDataAdapter.doStart(SpamhausEDROPDataAdapter.java:68) ~[?:?]
	at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
	at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
	at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
2018-01-23T20:07:13.695Z ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601bf/@302589fa>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
	at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
	at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
	at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
	at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
2018-01-23T20:07:13.699Z INFO  [LookupTableService] Data Adapter spamhaus-drop/5a678ed9c9dc8b0d30c601c0 [@168a01f3] STARTING
2018-01-23T20:07:13.699Z INFO  [LookupTableService] Data Adapter spamhaus-drop/5a678ed9c9dc8b0d30c601c0 [@168a01f3] RUNNING
2018-01-23T20:07:13.700Z INFO  [LookupTableService] Data Adapter whois/5a678ed9c9dc8b0d30c601c1 [@73fb1ee5] STARTING
2018-01-23T20:07:13.700Z INFO  [LookupTableService] Data Adapter whois/5a678ed9c9dc8b0d30c601c1 [@73fb1ee5] RUNNING
2018-01-23T20:07:13.700Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601bf [@302589fa] STARTING
2018-01-23T20:07:13.700Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601bf [@302589fa] RUNNING
2018-01-23T20:07:13.711Z INFO  [LookupTableService] Data Adapter tor-exit-node/5a678ed9c9dc8b0d30c601bd [@27f1a050] RUNNING
2018-01-23T20:07:13.715Z INFO  [LookupTableService] Cache otx-api-ip-cache/5a678ed9c9dc8b0d30c601b8 [@2acf945d] STARTING
2018-01-23T20:07:13.716Z INFO  [LookupTableService] Cache otx-api-ip-cache/5a678ed9c9dc8b0d30c601b8 [@2acf945d] RUNNING
2018-01-23T20:07:13.716Z INFO  [LookupTableService] Cache otx-api-domain-cache/5a678ed9c9dc8b0d30c601b6 [@55eab14c] STARTING
2018-01-23T20:07:13.716Z INFO  [LookupTableService] Cache otx-api-domain-cache/5a678ed9c9dc8b0d30c601b6 [@55eab14c] RUNNING
2018-01-23T20:07:13.716Z INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c] STARTING
2018-01-23T20:07:13.711Z INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2018-01-23T20:07:13.719Z INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2018-01-23T20:07:13.719Z INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2018-01-23T20:07:13.719Z INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2018-01-23T20:07:13.749Z INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2018-01-23T20:07:13.754Z INFO  [LookupTableService] Cache whois-cache/5a678ed9c9dc8b0d30c601b9 [@7b647b9d] STARTING
2018-01-23T20:07:13.754Z INFO  [LookupTableService] Cache whois-cache/5a678ed9c9dc8b0d30c601b9 [@7b647b9d] RUNNING
2018-01-23T20:07:13.754Z INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5a678ed9c9dc8b0d30c601b7 [@4bbde310] STARTING
2018-01-23T20:07:13.754Z INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5a678ed9c9dc8b0d30c601b7 [@4bbde310] RUNNING
2018-01-23T20:07:13.763Z INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2018-01-23T20:07:13.766Z INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c] RUNNING
2018-01-23T20:07:13.773Z INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2018-01-23T20:07:13.775Z INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2018-01-23T20:07:13.776Z INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:38}] to localhost:27017
2018-01-23T20:07:13.775Z INFO  [LookupTableService] Starting lookup table tor-exit-node-list/5a678ed9c9dc8b0d30c601c3 [@46002f87] using cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c], data adapter tor-exit-node/5a678ed9c9dc8b0d30c601bd [@27f1a050]
2018-01-23T20:07:13.778Z INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2018-01-23T20:07:13.778Z INFO  [LookupTableService] Starting lookup table otx-api-ip/5a678ed9c9dc8b0d30c601c4 [@68130f55] using cache otx-api-ip-cache/5a678ed9c9dc8b0d30c601b8 [@2acf945d], data adapter otx-api-ip/5a678ed9c9dc8b0d30c601bb [@38ce19fa]
2018-01-23T20:07:13.778Z INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601c5 [@33988cac] using cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c], data adapter abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601bf [@302589fa]
2018-01-23T20:07:13.780Z INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601c6 [@5d630724] using cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c], data adapter abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601be [@1809f381]
2018-01-23T20:07:13.780Z INFO  [LookupTableService] Starting lookup table otx-api-domain/5a678ed9c9dc8b0d30c601c7 [@1ad87718] using cache otx-api-domain-cache/5a678ed9c9dc8b0d30c601b6 [@55eab14c], data adapter otx-api-domain/5a678ed9c9dc8b0d30c601bc [@1a62e91]
2018-01-23T20:07:13.780Z INFO  [LookupTableService] Starting lookup table spamhaus-drop/5a678ed9c9dc8b0d30c601c8 [@6ac1bab1] using cache spamhaus-e-drop-cache/5a678ed9c9dc8b0d30c601b7 [@4bbde310], data adapter spamhaus-drop/5a678ed9c9dc8b0d30c601c0 [@168a01f3]
2018-01-23T20:07:13.782Z INFO  [LookupTableService] Starting lookup table whois/5a678ed9c9dc8b0d30c601c9 [@1dcba6a9] using cache whois-cache/5a678ed9c9dc8b0d30c601b9 [@7b647b9d], data adapter whois/5a678ed9c9dc8b0d30c601c1 [@73fb1ee5]
2018-01-23T20:07:13.786Z INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2018-01-23T20:07:13.792Z INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2018-01-23T20:07:13.801Z INFO  [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2018-01-23T20:07:13.803Z INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2018-01-23T20:07:13.809Z INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2018-01-23T20:07:13.815Z INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2018-01-23T20:07:13.969Z INFO  [JerseyService] Enabling CORS for HTTP endpoint
2018-01-23T20:07:25.819Z ERROR [ServiceManager] Service JerseyService [FAILED] has failed in the STARTING state.
java.net.BindException: Cannot assign requested address
	at sun.nio.ch.Net.bind0(Native Method) ~[?:1.8.0_151]
	at sun.nio.ch.Net.bind(Net.java:433) ~[?:1.8.0_151]
	at sun.nio.ch.Net.bind(Net.java:425) ~[?:1.8.0_151]
	at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) ~[?:1.8.0_151]
	at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) ~[?:1.8.0_151]
	at org.glassfish.grizzly.nio.transport.TCPNIOBindingHandler.bindToChannelAndAddress(TCPNIOBindingHandler.java:131) ~[graylog.jar:?]
	at org.glassfish.grizzly.nio.transport.TCPNIOBindingHandler.bind(TCPNIOBindingHandler.java:88) ~[graylog.jar:?]
	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.bind(TCPNIOTransport.java:238) ~[graylog.jar:?]
	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.bind(TCPNIOTransport.java:218) ~[graylog.jar:?]
	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.bind(TCPNIOTransport.java:209) ~[graylog.jar:?]
	at org.glassfish.grizzly.http.server.NetworkListener.start(NetworkListener.java:723) ~[graylog.jar:?]
	at org.glassfish.grizzly.http.server.HttpServer.start(HttpServer.java:277) ~[graylog.jar:?]
	at org.graylog2.shared.initializers.JerseyService.startUpApi(JerseyService.java:233) ~[graylog.jar:?]
	at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService.java:140) ~[graylog.jar:?]
	at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
	at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
2018-01-23T20:07:25.821Z INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Failed [LB:DEAD]
2018-01-23T20:07:25.822Z ERROR [InputSetupService] Not starting any inputs because lifecycle is: Failed [LB:DEAD]
2018-01-23T20:07:25.827Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.AlertScannerThread].
2018-01-23T20:07:25.827Z INFO  [LogManager] Shutting down.
2018-01-23T20:07:25.827Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>.
2018-01-23T20:07:25.829Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2018-01-23T20:07:25.829Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
2018-01-23T20:07:25.829Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2018-01-23T20:07:25.829Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2018-01-23T20:07:25.829Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2018-01-23T20:07:25.829Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2018-01-23T20:07:25.830Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2018-01-23T20:07:25.830Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2018-01-23T20:07:25.830Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2018-01-23T20:07:25.830Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2018-01-23T20:07:25.830Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2018-01-23T20:07:25.831Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2018-01-23T20:07:25.832Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2018-01-23T20:07:25.833Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2018-01-23T20:07:25.834Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2018-01-23T20:07:25.834Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2018-01-23T20:07:25.834Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2018-01-23T20:07:25.834Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2018-01-23T20:07:25.835Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2018-01-23T20:07:25.835Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2018-01-23T20:07:25.835Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.TrafficCounterCalculator].
2018-01-23T20:07:25.835Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.TrafficCounterCalculator] complete, took <0ms>.
2018-01-23T20:07:25.836Z INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2018-01-23T20:07:25.837Z INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2018-01-23T20:07:25.840Z INFO  [LookupTableService] Cache otx-api-domain-cache/5a678ed9c9dc8b0d30c601b6 [@55eab14c] STOPPING, was RUNNING
2018-01-23T20:07:25.841Z INFO  [LookupTableService] Cache otx-api-domain-cache/5a678ed9c9dc8b0d30c601b6 [@55eab14c] TERMINATED, was STOPPING
2018-01-23T20:07:25.842Z INFO  [LookupTableService] Cache otx-api-ip-cache/5a678ed9c9dc8b0d30c601b8 [@2acf945d] STOPPING, was RUNNING
2018-01-23T20:07:25.843Z INFO  [LookupTableService] Cache otx-api-ip-cache/5a678ed9c9dc8b0d30c601b8 [@2acf945d] TERMINATED, was STOPPING
2018-01-23T20:07:25.853Z INFO  [Buffers] Waiting until all buffers are empty.
2018-01-23T20:07:25.853Z INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c] STOPPING, was RUNNING
2018-01-23T20:07:25.854Z INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5a678ed9c9dc8b0d30c601b5 [@e4a95c] TERMINATED, was STOPPING
2018-01-23T20:07:25.855Z INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5a678ed9c9dc8b0d30c601b7 [@4bbde310] STOPPING, was RUNNING
2018-01-23T20:07:25.855Z INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5a678ed9c9dc8b0d30c601b7 [@4bbde310] TERMINATED, was STOPPING
2018-01-23T20:07:25.856Z INFO  [LookupTableService] Cache whois-cache/5a678ed9c9dc8b0d30c601b9 [@7b647b9d] STOPPING, was RUNNING
2018-01-23T20:07:25.857Z INFO  [LookupTableService] Cache whois-cache/5a678ed9c9dc8b0d30c601b9 [@7b647b9d] TERMINATED, was STOPPING
2018-01-23T20:07:25.857Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601be [@1809f381] STOPPING, was RUNNING
2018-01-23T20:07:25.858Z INFO  [Buffers] All buffers are empty. Continuing.
2018-01-23T20:07:25.858Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5a678ed9c9dc8b0d30c601be [@1809f381] TERMINATED, was STOPPING
2018-01-23T20:07:25.859Z INFO  [LookupTableService] Data Adapter spamhaus-drop/5a678ed9c9dc8b0d30c601c0 [@168a01f3] STOPPING, was RUNNING
2018-01-23T20:07:25.859Z INFO  [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2018-01-23T20:07:25.860Z INFO  [LookupTableService] Data Adapter spamhaus-drop/5a678ed9c9dc8b0d30c601c0 [@168a01f3] TERMINATED, was STOPPING
2018-01-23T20:07:25.861Z INFO  [LookupTableService] Data Adapter otx-api-ip/5a678ed9c9dc8b0d30c601bb [@38ce19fa] STOPPING, was RUNNING
2018-01-23T20:07:25.861Z INFO  [LookupTableService] Data Adapter otx-api-ip/5a678ed9c9dc8b0d30c601bb [@38ce19fa] TERMINATED, was STOPPING
2018-01-23T20:07:25.861Z INFO  [LookupTableService] Data Adapter whois/5a678ed9c9dc8b0d30c601c1 [@73fb1ee5] STOPPING, was RUNNING
2018-01-23T20:07:25.861Z INFO  [LookupTableService] Data Adapter whois/5a678ed9c9dc8b0d30c601c1 [@73fb1ee5] TERMINATED, was STOPPING
2018-01-23T20:07:25.861Z INFO  [LookupTableService] Data Adapter tor-exit-node/5a678ed9c9dc8b0d30c601bd [@27f1a050] STOPPING, was RUNNING
2018-01-23T20:07:25.862Z INFO  [LookupDataAdapterRefreshService] Stopping 0 jobs
2018-01-23T20:07:25.862Z INFO  [LookupTableService] Data Adapter tor-exit-node/5a678ed9c9dc8b0d30c601bd [@27f1a050] TERMINATED, was STOPPING
2018-01-23T20:07:25.862Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601bf [@302589fa] STOPPING, was RUNNING
2018-01-23T20:07:25.862Z INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5a678ed9c9dc8b0d30c601bf [@302589fa] TERMINATED, was STOPPING
2018-01-23T20:07:25.863Z INFO  [LookupTableService] Data Adapter otx-api-domain/5a678ed9c9dc8b0d30c601bc [@1a62e91] STOPPING, was RUNNING
2018-01-23T20:07:25.863Z INFO  [LookupTableService] Data Adapter otx-api-domain/5a678ed9c9dc8b0d30c601bc [@1a62e91] TERMINATED, was STOPPING
2018-01-23T20:07:25.865Z INFO  [LogManager] Shutdown complete.
2018-01-23T20:07:25.926Z INFO  [JournalReader] Stopping.
2018-01-23T20:07:25.926Z INFO  [ServiceManagerListener] Services are now stopped.
2018-01-23T20:07:25.926Z ERROR [ServerBootstrap] Graylog startup failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}
	at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:740) ~[graylog.jar:?]
	at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:553) ~[graylog.jar:?]
	at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:312) ~[graylog.jar:?]
	at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:149) [graylog.jar:?]
	at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) [graylog.jar:?]
	at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
2018-01-23T20:07:25.927Z INFO  [Server] SIGNAL received. Shutting down.
2018-01-23T20:07:25.933Z INFO  [GracefulShutdown] Graceful shutdown initiated.
2018-01-23T20:07:25.933Z INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2018-01-23T20:07:25.933Z WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-01-23T20:07:29.935Z INFO  [GracefulShutdown] Goodbye.

I really dont khnow why is not working, i already have done graylog server before and i try all the day to up this in 3 diferent servers (2 times on Ubuntu 16.04, and 1 time on AmazonLinux) and keep not working, i follow exacly the documentation, pleeease help !

jochen · January 24, 2018, 8:57am

The IP address used in these settings is incorrect, i. e. not available on the machine running Graylog.

lucasnascin · January 24, 2018, 1:01pm

The ips im using in server.conf is the public ip they give at AWS (i put the # to not give the ip here)

jochen · January 24, 2018, 1:25pm

The listen (bind) addresses need to resolve to IP addresses which have been set-up on the machine (i. e. which are shown in the output of ip addr show or ifconfig).

Please refer to Amazon EC2 instance IP addressing - Amazon Elastic Compute Cloud for details about instance addressing on AWS EC2.

system · February 7, 2018, 1:25pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog don’t start after install Graylog Central (peer support)	5	1529	September 23, 2018
No Folders created during/after installation [AmazonLinux2] Graylog Central (peer support)	3	427	December 30, 2019
Debian, after install graylog server dont startup Graylog Central (peer support)	16	7033	January 4, 2021
Graylog-server-doesn't start Graylog Central (peer support)	7	758	April 16, 2021
Unable to start graylog Graylog Central (peer support)	17	2488	August 31, 2017

Graylog don't start after install

Related Topics