Graylog Installation Issue

Hi ,

I have tried to install Graylog in my lab.
The issue is that I cannot have HTTP access to Graylog (default port 9000).

Here you have some details :
I am running Ubuntu 20.04:
ubuntu@ubuntu:~$ lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu
Description: Ubuntu 20.04.5 LTS
Release: 20.04
Codename: focal

Graylog is running :
ubuntu@ubuntu:/home$ ps aux | grep graylog
ubuntu 1170412 0.0 0.0 6432 656 pts/0 S+ 19:28 0:00 grep --color=auto graylog

FYI I followed the steps mentioned in page Ubuntu installation

The Ubuntu host has Internet access (it is a private IP address). The IP add es 192.168.1.2 if needed (it is not reachable from Internet).

If you can check I attach here the Configuration File located at /etc/graylog/server/server.conf

I have add password_secret and root_password_sha2 to this configuration file as is indicated in the above page.

Sorry for this long email.

Could you attach the server.conf file please ?

@emgonzalez59

Hope you don’t mind but I moved this post out of Development which is the place to discuss and ask questions about the development of a Graylog-related project and into Graylog Central , I believe this is a installment issue.

Hi H2Cyber,
I tried to upload it but I get an error saying that new users cannot upload files.

Hi H2Cyber,
Here you are the error mentioned before.
error

Hello,
You could copy and Paste your configuration. as shown here

Here is the Status of the Graylog service:

ubuntu@ubuntu:~$ systemctl status graylog-server.service
? graylog-server.service - Graylog server
Loaded: loaded (/lib/systemd/system/graylog-server.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2022-09-20 22:22:12 -03; 8s ago
Docs: http://docs.graylog.org/
Process: 2973 ExecStart=/usr/share/graylog-server/bin/graylog-server (code=exited, status=1/FAILURE)
Main PID: 2973 (code=exited, status=1/FAILURE)

Hi there,

May be these logs are useful (it was extracted from /var/log/graylog-server/server.log >>

2022-09-20T00:48:52.154-03:00 ERROR [CmdLineTool] Invalid configuration
com.github.joschi.jadconfig.ValidationException: Couldn’t run validator method
at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:227) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:100) ~[graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:464) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:270) [graylog.jar:?]
at org.graylog2.bootstrap.Main.main(Main.java:45) [graylog.jar:?]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:221) ~[graylog.jar:?]
… 4 more

Hello @emgonzalez59

What @H2Cyber needs is your configuration file for Graylog, Judging from the partial log you posted it my be the source of this issue.

Example:

[root@graylog elasticsearch]# cat /etc/graylog/server/server.conf | egrep -v "^\s*(#|$)"
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = epOqmLi7r7CdZxl76QOQxr8bRUPYstNdcBuajsaSNfG5bkXXFxy22EBT17elgGTUJgbD
root_password_sha2 =ef92b778bafe771e89245b89ecbc08a44a4e166c0665991
root_email = "greg.smith@domain.com"
root_timezone = America/Chicago
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 192.168.1.100:9000
http_enable_cors = true

Notice the formatting??

Hi is the server.conf file:

node_id_file = /etc/graylog/server/node-id

password_secret = dWZSyuwn7093eGu1EgovdZ3EIoekF0WI1hfoNcK5TwLSFCY8jCseuiYmeqIOgWkHPkNCTh3f3LJ0qlxUmnQdR9IiToF11hxn

root_password_sha2 = 482a0afb23cdb7c3b0b167db82c464bd20ed4fc1c5a45236a9308c29eb270971

root_timezone = America/Argentina/Buenos_Aires

bin_dir = /usr/share/graylog-server/bin

data_dir = /var/lib/graylog-server

plugin_dir = /usr/share/graylog-server/plugin

http_bind_address = 127.0.0.1:9000

http_publish_uri = http://$http_bind_address

http_external_uri = $http_publish_uri

http_enable_cors = true

http_enable_gzip = true

rotation_strategy = count

elasticsearch_max_docs_per_index = 20000000

elasticsearch_max_number_of_indices = 20

elasticsearch_shards = 4

elasticsearch_replicas = 0

elasticsearch_index_prefix = graylog

allow_leading_wildcard_searches = false

allow_highlighting = false

elasticsearch_analyzer = standard

processor_wait_strategy = blocking

ring_size = 65536

inputbuffer_ring_size = 65536

inputbuffer_processors = 2

inputbuffer_wait_strategy = blocking

message_journal_enabled = true

message_journal_dir = /var/lib/graylog-server/journal

lb_recognition_period_seconds = 3

mongodb_uri = mongodb://localhost/graylog

mongodb_max_connections = 1000

mongodb_threads_allowed_to_block_multiplier = 5

proxied_requests_thread_pool_size = 32

Hi gsmith,

I found the way to show server.conf content without including comments:

Here is:

is_leader = true

node_id_file = /etc/graylog/server/node-id

password_secret = dWZSyuwn7093eGu1EgovdZ3EIoekF0WI1hfoNcK5TwLSFCY8jCseuiYmeqIOgWkHPkNCTh3f3LJ0qlxUmnQdR9IiToF11hxn

root_password_sha2 = 482a0afb23cdb7c3b0b167db82c464bd20ed4fc1c5a45236a9308c29eb270971

root_timezone = America/Argentina/Buenos_Aires

bin_dir = /usr/share/graylog-server/bin

data_dir = /var/lib/graylog-server

plugin_dir = /usr/share/graylog-server/plugin

http_bind_address = 192.168.1.2:9000

http_publish_uri = http://192.168.1.2:9000

http_external_uri = $http_publish_uri

http_enable_cors = true

http_enable_gzip = true

rotation_strategy = count

elasticsearch_max_docs_per_index = 20000000

elasticsearch_max_number_of_indices = 20

retention_strategy = delete

elasticsearch_shards = 4

elasticsearch_replicas = 0

elasticsearch_index_prefix = graylog

allow_leading_wildcard_searches = false

allow_highlighting = false

elasticsearch_analyzer = standard

output_batch_size = 500

output_flush_interval = 1

output_fault_count_threshold = 5

output_fault_penalty_seconds = 30

processbuffer_processors = 5

outputbuffer_processors = 3

processor_wait_strategy = blocking

ring_size = 65536

inputbuffer_ring_size = 65536

inputbuffer_processors = 2

inputbuffer_wait_strategy = blocking

message_journal_enabled = true

message_journal_dir = /var/lib/graylog-server/journal

lb_recognition_period_seconds = 3

mongodb_uri = mongodb://localhost/graylog

mongodb_max_connections = 1000

mongodb_threads_allowed_to_block_multiplier = 5

proxied_requests_thread_pool_size = 32

Sorry, I am stuck on this Installation issue… may be difficult to troubleshoot so if anyone can send me an server.conf file (obviously without Private IP addresses) will be appreciated…Thanks

@emgonzalez59

Here is mine.

[root@graylog journal]# cat /etc/graylog/server/server.conf | egrep -v "^\s*(#|$)"
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = epOqmLi7r7CdZxl76QOQxr8bRUPYstNdcBuajsa
root_password_sha2 =ef92b778bafe771e89245b89ecbc08a44a4e1
root_email = "greg.smith@domain.com"
root_timezone = America/Chicago
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 192.168.1.100:9000
http_enable_cors = true
elasticsearch_hosts = http://127.0.0.1:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = true
allow_highlighting = false
elasticsearch_analyzer = standard
elasticsearch_index_optimization_timeout = 1h
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
message_journal_max_size = 5gb
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost:27017/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
http_connect_timeout = 10s
proxied_requests_thread_pool_size = 32
[root@graylog journal]#

Logon URL

http://192.168.1.100:9000

The correct URI is http_publish_uri = http://192.168.1.2:9000/ or leave it default http://$http_bind_address/