Graylog is not showing the mysql-server status messages

Jihene · June 15, 2017, 11:49pm

Good evening,

I am trying to use this tutorial https://marketplace.graylog.org/addons/1cb8c00f-fd51-433b-b4a0-a86b089b5671 to send to send a mysql server status to graylog.
My graylog server is working on a CentOS7 machine, also I installed on this machine a mysql server to which I can access. I have followed the steps described in the tutorial :
I downloaded the zip file from github : ‘https://github.com/arikogan/mysql-gelf’, I have extracted it and I have opened the mysql-status.sh file. Then, I modified the following lines in that script as following:

HOST=`***.***`
MYSQL_USER=****
MYSQL_PASS=****
GRAYLOG_SERVER=X.X.X.X

Also, I planified the cron job as mentioned in the tutorial.
Finally, I have created the input in graylog having a bind_address : 127.0.0.1 and listening to the port 12305.
Unfortunately, I don’t see the messages yet. I receive the following message: "Your search returned no results, try changing the used time range or the search query. Do you want more details? Show the Elasticsearch query.
Take a look at the documentation if you need help with the search syntax or the time range selector."
I believe that something is missing in the configuration of the mysql-status.sh file or may be the syntax of the cron job is not correct:

* * * * * user /path/to/mysql-gelf/mysql-status.sh

Please help me to resolve this issue.
I desire to hear from you son.

Thanks!
Jihene

jan · June 16, 2017, 5:40am

Hi @Jihene

you need to debug every single stage in your setup.

is the mysql script writing the status to file?
is the cron running?
does the message show up if you select “show all messages” in Graylog?

Jihene · June 16, 2017, 7:52am

Hi Jan,

Yes, the mysql script is writing the status to the new automatically created file named : mysql-gelf-master/status.last.
Also, yes the crond.service is running.
Then, I actually don’t see any message related to the mysql status by clicking on “show all messages”.

Thank you!
Jihene.

jochen · June 16, 2017, 7:58am

What type of input did you create in Graylog and how did you configure it?
Also, you HOST setting looks strange. Be advised that backticks have a special meaning in shell scripts.

Jihene · June 16, 2017, 8:06am

Hi jochen,

I have created a GELF UDP input as mentioned in the mysql-gelf marketplace turorial, and the other settings are:

bind_address: 127.0.0.1
decompress_size_limit: 8388608
override_source: <empty>
port: 12305
recv_buffer_size: 262144

Then, my HOST setting is the result of the hostname command and I didn’t change the backticks, I have just kept it and changed the hostname.

Thank you!

jochen · June 16, 2017, 8:10am

127.0.0.1 is the loopback network interface. This means that this input is only available on the very same machine running Graylog.
If you want to send messages from other machines to Graylog and this input, you need to change the bind_address setting, e. g. to 0.0.0.0 (which means “all network interfaces”).

That’s wrong. Either keep the hostname command or don’t use backticks (but single or double quotes).

Jihene · June 16, 2017, 8:15am

Hi jochen,

My mysql database is running in the same centos 7 machine which is running graylog.
I also changed the bind_address by 0.0.0.0, restarted the crond.service and the mysql.service but no news.
Then, the HOST setting in the mysql-gelf-master/mysql-status.sh is like this after removing the backticks

HOST=localhost.localdomain

and the hostname command result is

[root@localhost ~]# hostname
localhost.localdomain

So, is it right?

Thank you!

system · June 30, 2017, 8:15am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.