Graylog logs indicate no errors and server running; web site not responsive


(Bill Villers) #1

Installed, carefully, Graylog v.2.4 (I think – can’t confirm) onto CentOS v.7.x

ElasticSearch & MongoDB each can see the server.

The server shows timeout when trying to access the server.

//servername:9000
//servername:9000/api

Nothing responds.

No errors in logs apparent…

I appreciate any helpful suggestions.
What logs can I look at ?

Additional info:

sudo systemctl status graylog-server.service

● graylog-server.service - Graylog server
   Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-01-23 19:08:51 EST; 4min 54s ago

 Main PID: 1089 (graylog-server)
   CGroup: /system.slice/graylog-server.service
           ├─1089 /bin/sh /usr/share/graylog-server/bin/graylog-server
           └─1106 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -jar -Dlog4j.config...
[1]: Started Graylog server.
[1]: Starting Graylog server...


sudo systemctl status mongod.service

● mongod.service - SYSV: Mongo is a scalable, document-oriented database.
   Loaded: loaded (/etc/rc.d/init.d/mongod; bad; vendor preset: disabled)
   Active: active (running) since Tue 2018-01-23 19:09:34 EST; 5min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1090 ExecStart=/etc/rc.d/init.d/mongod start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/mongod.service
           └─2375 /usr/bin/mongod -f /etc/mongod.conf
Jan 23 19:08:51 syslog.cme.com systemd[1]: Starting SYSV: Mongo is a scalable, document-oriented database....
[1136]: pam_unix(runuser:session): session opened for user mongod by (uid=0)
(1136]: pam_unix(runuser:session): session closed for user mongod
(1090]: Starting mongod: [  OK  ]
[1]: Started SYSV: Mongo is a scalable, document-oriented database..


sudo systemctl status elasticsearch.service

● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-01-23 19:08:52 EST; 7min ago
     Docs: http://www.elastic.co
  Process: 1088 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
 Main PID: 1097 (java)
   CGroup: /system.slice/elasticsearch.service
           └─1097 /bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=t...

[1]: Starting Elasticsearch...
[1]: Started Elasticsearch.

(Jochen) #2

Why can’t you confirm that?
How exactly did you install Graylog?
What’s the complete configuration of the Graylog node?

Which logs did you check?
What’s the complete content of these logs?
Also take a look at http://docs.graylog.org/en/2.4/pages/configuration/file_location.html.


(Jan Doberstein) #3

Did you checked if you have a firewall between your browser and the Graylog server that might block access to port 9000 ?


(Bill Villers) #4

I believe so. But, being a newbie to Linux, I am not certain. I ran the following commands as mentioned in the docs:

  1. Allow the web server to access the network: sudo setsebool -P httpd_can_network_connect 1
  2. Allow using MongoDB’s default port (27017/tcp): sudo semanage port -a -t mongod_port_t -p tcp 27017

#5

semanage etc. configure SELinux. Firewall is configured in CentOS with firewall-cmd. If you want to restrict access to the web interface to specific networks, you can define a zone. If not, you can use --zone=public and add the port. Remember to run firewall-cmd --reload after configuring.


(Shane) #6

Installed, carefully, Graylog v.2.4 (I think – can’t confirm) onto CentOS v.7.x

Check your /var/log/yum.log file to see which version of Graylog was last updated. A simple command like the one below should work:

grep graylog /var/log/yum.log

Also can you run a simple netstat -ano and verify that you have port 9000 listening on your IP address that you are trying to access the graylog app on?

Also firewalld can be kind of a pain for someone a bit newer to linux. Here’s a guide to go back to iptables as well as how to configure it:



#7

:sunglasses: I find firewall-cmd easier than iptables. Adding a rule to allow the port 9000 just takes one command + the reload command.


(Bill Villers) #8

I re-installed everything beginning with CentOS 7.

The change, in the new install, was that I allowed DHCP to assign IP, etc.

Now, from within the server, I can successfully hit:
http://127.0.0.1:9000

Now, 2 new problems.

  1. Username/pwd does not allow login. I tried the default, admin/admin. Also, I changed the encrypted password, echo -n MyPa$$w0rd | sha256sum
  2. I cannot hit from outside the server.

(Bill Villers) #9

server.log entry:

          [SessionsResource] Invalid username or password for user "admin"

(Jochen) #10

You probably have a “special character” in your password which is interpreted by the shell, e. g. “$” is such a special character.

You can try using “8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918” in root_password_sha2, which is the SHA-256 hash for the word “admin”.

That’s probably because 127.0.0.1 is the loopback interface.


(Bill Villers) #11

Thank you everyone.

The Graylog system is accessible from all nodes on the network.

I re-ip’d in the server.conf file successfully.

reset the password successfully, “You can try using “8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918” in root_password_sha2, which is the SHA-256 hash for the word “admin”.”

And, set firewall setting successfully, firewall-cmd --zone=public --add-port=9000/tcp --permanent

All is good. Ticket is closed.

Thanks again for the excellent help.


(system) #12

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.