Hi, I tried to run graylog on CentOS Linux release 7.6.1810 (Core) machine A and everything works well.
Then I copyied docker images and docker-compose.yml to another CentOS Linux release 7.6.1810 (Core) machine B, repeat same but failed
Hard to read the screen shots over here. from what I can see it looks like you maybe missing Plugin _dir and something called realpath: operand which I’m not sure of.
graylog_1 | realpath: missing operand
graylog_1 | Try 'realpath --help' for more information.
graylog_1 | wait-for-it: waiting 15 seconds for elasticsearch:9200
graylog_1 | wait-for-it: elasticsearch:9200 is available after 11 seconds
graylog_1 | find '/plugins-default/': No such file or directory
cp_graylog_1 exited with code 1
graylog_1 | realpath: missing operand
graylog_1 | Try 'realpath --help' for more information.
graylog_1 | wait-for-it: waiting 15 seconds for elasticsearch:9200
graylog_1 | wait-for-it: elasticsearch:9200 is available after 0 seconds
graylog_1 | find '/plugins-default/': No such file or directory
cp_graylog_1 exited with code 1
process of elasticsearch and mongo seems works well
What does it show in the logs why Docker cant start your container?
I know I had to reference my journalctl -x. Are you able to check the rest of the logs to find out why Graylog container will not start?
This is my compose file, not sure if it will help but You can see I have a plugin directory
graylog:
#image: graylog/graylog-enterprise:4.3.3-jre11
image: graylog/graylog-enterprise:4.3.8-jre11
network_mode: bridge
dns:
- 8.8.8.8
- 8.8.4.4
# journal and config directories in local NFS share for persistence
volumes:
- graylog_journal:/usr/share/graylog/data/journal
- graylog_bin:/usr/share/graylog-server/bin/
- graylog_data:/usr/share/graylog/data/config
- graylog_log:/usr/share/graylog/data/log
- graylog_plugin:/usr/share/graylog/data/plugin
- graylog_content:/usr/share/graylog/data/contentpacks
# Mount local configuration directory into Docker container
- graylog_scripts:/usr/share/graylog/scripts
environment:
# Container time Zone
- TZ=America/Chicago
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=pJod1TRZAckHmqM2oQPqX1qnLV
I have posted docker logs above. The log repeats graylog_1 | realpath: missing operand graylog_1 | Try 'realpath --help' for more information. graylog_1 | wait-for-it: waiting 15 seconds for elasticsearch:9200 graylog_1 | wait-for-it: elasticsearch:9200 is available after 11 seconds graylog_1 | find '/plugins-default/': No such file or directory cp_graylog_1 exited with code 1
I run graylog with docker-compose. docker-compose.yml is the same with Docker and Example Version 3 section.
I understand , Hence why I was suggesting and defining the logs for you.
EDIT:
Unfortunately those logs don’t help as much as other logs would have to troubleshoot this issue.
Posting them would or might have helped. Sorry I cant be further assistance.
@aaronsachs Yes. I upgrade docker to v20.10.9 and graylog startup successfully. The Welcome page of graylog is shown. The /api/system/sessions returns 200 and session_id is returned./api/users/admin returns 401. /api/users/admin is sent without cookie by browser. There is no proxy.
Username and password is correct.
How can I find log file to solve this 401 problem. Thanks.
And api/system/sessions also returns valid_util. Its value is very near to the time the reponse is received. It seems to affect Response’s Set-Cookie Expires value. I don’t whether it’s related to the 401 response.