Graylog inputs not working


(sean) #1

My Graylog server is up and now in configuration stage. I have created several Syslog inputs but unable to start them. When I clicked start input, a message pop up saying “Input BB SW 1 could not be started”. The messages in log show:

Input [Syslog UDP/59c1e66651ed270cca671c18] is now STARTED
Input [Syslog UDP/59c1e66651ed270cca671c18] is now STOPPING
Input [Syslog UDP/59c1e66651ed270cca671c18] is now STOPPED
Input [Syslog UDP/59c1e66651ed270cca671c18] is now TERMINATED


(Jochen) #2

What’s the configuration of the Syslog UDP input?
What’s in the logs of your Graylog node?


(sean) #3

There are some progresses after my last post.
I disabled rest_transport_uri in Graylog configuration file, then input is working for binding address of 0.0.0.0 and 127.0.0.1.
But failed with others. Could you let me know what suppose to be binding address? I thought it should be equipment like switches, routers, firewalls.


(sean) #4


(Jan Doberstein) #5

please look at the FAQ

http://docs.graylog.org/en/2.3/pages/faq.html#how-can-i-start-an-input-on-a-port-below-1024


(sean) #6

I have changed the port number beyong 1024 but still failed.


(Philipp Ruland) #7

Hey @seansem,

you already use port 8514 on BB SW2, with uses 0.0.0.0 as bind address and therefore listens on all IPs your server has. So trying to start BB SW1 will fail since port 8514 is already bound on that IP. Use another port or change the bind address of BB SW2. :slight_smile:

Greetings - Phil


(sean) #8

After changed still failed.


(Philipp Ruland) #9

@seansem,

does your server actually have the IPs 192.168.1.101 and 192.168.1.103?
This seems kind of odd.

To check: use ifconfig on the CLI of your server and check if the server has these IPs. If not, this would be the error then.

Greeting - Phil


(sean) #10

@DerPhlipsi,
192.168.1.101 and 103 are my switches IP addresses.
So, the bind address should be the equipment (switches, routers, servers) or Graylog server itself?


(Justas) #11

It should be your graylog IP or 0.0.0.0 which would listen on all graylog interfaces.


(Jochen) #12

You don’t need to create an individual Syslog UDP input for each client.
Creating one Syslog UDP input to which all clients can send their messages works fine.


(sean) #13

@jochen,
Thank you for your reply. I managed to get it work now.
However, the issue again after I enabled HTTPS. I went through those steps mentioned in http://docs.graylog.org/en/2.3/pages/configuration/https.htm but I got no idea how to proceed with step below:
In order for the JVM to pick up the new trust store, it has to be started with the JVM parameter -Djavax.net.ssl.trustStore=/path/to/cacerts.jks. If you’ve been using another password to encrypt the JVM trust store than the default changeit, you additionally have to set the JVM parameter -Djavax.net.ssl.trustStorePassword=secret.


(Jochen) #14

The documentation says in the following paragraph:

Most start and init scripts for Graylog provide a JAVA_OPTS variable which can be used to pass the javax.net.ssl.trustStore and (optionally) javax.net.ssl.trustStorePassword system properties.

Also see http://docs.graylog.org/en/2.3/pages/configuration/file_location.html


(system) #15

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.