Graylog Gelf http Input not working

Graylog Central (peer support)
1

Hi Graylog Community,

My goal is to log specific informations from an external web application over REST API of Graylog.

I installed Graylog with docker-compose on my Ubuntu system and configured apache2. I can access from the www to graylog application. I then tried to configure a GELF http input and tried to send a dummy log entry via Postman, unfortunately it doesn’t work. Also when I go to system → node and open the API browser, the page will not open and points me to this: “http://192.168.80.4:9000/api/api-browser

here is my docker-compose.yml:

  version: '3'
services:
  # MongoDB
  mongo:
    image: mongo:4
    volumes:
      - mongo_data:/data/db
    networks:
      - graylog-net

  # Elasticsearch                                                   
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0
    environment:
      - "discovery.type=single-node"
    volumes:
      - elasticsearch_data:/usr/share/elasticsearch/data
    networks:
      - graylog-net

  # Graylog
  graylog:
    image: graylog/graylog:4.1
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=c0938bdb75472a87d7a9b2651badc86ceaa05541e004beee7400c8920579dfb6
      - GRAYLOG_HTTP_EXTERNAL_URI=http://10.0.1.10:9000/
      - GRAYLOG_WEB_ENDPOINT_URI=http://10.0.1.10:9000/api
      - GRAYLOG_HTTP_ENABLE=true
    depends_on:
      - mongo
      - elasticsearch
    ports:
      - "9000:9000"
      - "5140:5140"
      - "5140:5140/udp"
      - "12201:12201"
      - "12201:12201/udp"
    networks:
      - graylog-net

networks:
  graylog-net:
    driver: bridge

volumes:
  mongo_data:
  elasticsearch_data:

and this is my apache2 config:

IfModule mod_ssl.c>
 <VirtualHost *:443>
        ServerAdmin admin@example.com
        ServerName logs.zuselli-server.ddns.net
        ServerAlias logs.zuselli-server.ddns.net

        # Module laden (falls nciht schon woanders geschehen)
        LoadModule proxy_module modules/mod_proxy.so
        LoadModule proxy_http_module modules/mod_proxy_http.so

        ProxyRequests Off

         # keine Spezialitäten, balancer, etc.: Stupides *
        <Proxy *>
                Require all granted
        </Proxy>

        #ProxyPass / http://localhost:8080/
        <Location />
 #               ProxyPreserveHost On
#               RequestHeader set X-Graylog-Server-URL "https://logs.zuselli-server.ddns.net/"
                ProxyPass http://10.0.1.10:9000/
                ProxyPassReverse http://10.0.1.10:9000/
        </Location>
     # Uncomment the line below if your site uses SSL.
     SSLProxyEngine On

        RewriteEngine on

# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

   RewriteCond %{HTTPS} !=on
   RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L
   


SSLCertificateFile /etc/letsencrypt/live/cloud.zuselli-server.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.zuselli-server.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Apache2 is running on a different server and redirects to the internal graylog server which is 10.0.1.10

Do I have some Firewall problems? Or how can I make the external API entry point running?

Thanks for helping me

2

Could it be that I need to do Port Forwarding on my Router?
Unfortunately I’m not near the router so I can’t try…

Anyway, in the meantime, the default node and api-browser is working…
Get Request are possible with the url

log.my-server.com:443/api/

But when I set up http gelf input, the REST API url in the graylog web interface is the same (log.my-server.com:443/api)
I expected that the input creates a new url, something like: log.my-server.com:12201/gelf

Hope somebody can help me, It would be very grateful.

3

Yes the input will run on a totally different port, it’s not really an API it’s just an input that will accept whatever it is given.
It has nothing to do with the Graylog API, it won’t show in the API browser etc.

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.