Graylog is not showing the mysql-server status messages

Graylog Add-ons
1

Good evening,

I am trying to use this tutorial https://marketplace.graylog.org/addons/1cb8c00f-fd51-433b-b4a0-a86b089b5671 to send to send a mysql server status to graylog.
My graylog server is working on a CentOS7 machine, also I installed on this machine a mysql server to which I can access. I have followed the steps described in the tutorial :
I downloaded the zip file from github : ‘https://github.com/arikogan/mysql-gelf’, I have extracted it and I have opened the mysql-status.sh file. Then, I modified the following lines in that script as following:

HOST=`***.***`
MYSQL_USER=****
MYSQL_PASS=****
GRAYLOG_SERVER=X.X.X.X

Also, I planified the cron job as mentioned in the tutorial.
Finally, I have created the input in graylog having a bind_address : 127.0.0.1 and listening to the port 12305.
Unfortunately, I don’t see the messages yet. I receive the following message: "Your search returned no results, try changing the used time range or the search query. Do you want more details? Show the Elasticsearch query.
Take a look at the documentation if you need help with the search syntax or the time range selector."
I believe that something is missing in the configuration of the mysql-status.sh file or may be the syntax of the cron job is not correct:

* * * * * user /path/to/mysql-gelf/mysql-status.sh

Please help me to resolve this issue.
I desire to hear from you son.

Thanks!
Jihene

2

Hi @Jihene

you need to debug every single stage in your setup.

  • is the mysql script writing the status to file?
  • is the cron running?
  • does the message show up if you select “show all messages” in Graylog?
3

Hi Jan,

Yes, the mysql script is writing the status to the new automatically created file named : mysql-gelf-master/status.last.
Also, yes the crond.service is running.
Then, I actually don’t see any message related to the mysql status by clicking on “show all messages”.

Thank you!
Jihene.

4

What type of input did you create in Graylog and how did you configure it?
Also, you HOST setting looks strange. Be advised that backticks have a special meaning in shell scripts.

5

Hi jochen,

I have created a GELF UDP input as mentioned in the mysql-gelf marketplace turorial, and the other settings are:

bind_address: 127.0.0.1
decompress_size_limit: 8388608
override_source: <empty>
port: 12305
recv_buffer_size: 262144

Then, my HOST setting is the result of the hostname command and I didn’t change the backticks, I have just kept it and changed the hostname.

Thank you!

6

127.0.0.1 is the loopback network interface. This means that this input is only available on the very same machine running Graylog.
If you want to send messages from other machines to Graylog and this input, you need to change the bind_address setting, e. g. to 0.0.0.0 (which means “all network interfaces”).

That’s wrong. Either keep the hostname command or don’t use backticks (but single or double quotes).

7

Hi jochen,

My mysql database is running in the same centos 7 machine which is running graylog.
I also changed the bind_address by 0.0.0.0, restarted the crond.service and the mysql.service but no news.
Then, the HOST setting in the mysql-gelf-master/mysql-status.sh is like this after removing the backticks

HOST=localhost.localdomain

and the hostname command result is

[root@localhost ~]# hostname
localhost.localdomain

So, is it right?

Thank you!

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.