Graylog on docker not start

config folder look lik:
drwxrwxrwx 2 755 1100 4096 Mar 12 15:12 config
and gralog start with this error:
chown: changing ownership of ‘/usr/share/graylog/data/config’: Operation not permitted
Warning can not change owner to graylog:graylog
http://servername:9000/api says unable to connect and
curl http://servername:9000 says:
Failed to connect to datalog port 9000: Connection refused
The firewall is disabled
netstat -tupln | grep 9000
tcp6 0 0 :::9000 :::* LISTEN -

i change the config file to 1100:1100 and now http://servername:9000
We are experiencing problems connecting to the Graylog server running on Please verify that the server is healthy and working correctly.

You will be automatically redirected to the previous page once we can connect to the server.

and detail:
Error message
Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Original Request
Status code
Full error message
Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.

i have following error in graylog log
ERROR: org.graylog2.indexer.cluster.Cluster - Couldn’t read cluster health for indices [graylog_*] (Could not connect to

what is your configuration look like?
what graylog version did you start?

i used the compose file from the
graylog is version 3.0 and elastic is 6.6.1

here is compose file

version: '2'
    image: mongo:3
      - /graylog/data/db:/data/db
      - /graylog/elasticsearch:/usr/share/elasticsearch/data
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        soft: -1
        hard: -1
    mem_limit: 1g
    image: graylog/graylog:3.0
      - /graylog/data/journal:/usr/share/graylog/data/journal
      - /graylog/config:/usr/share/graylog/data/config
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=415160ff57f6bb5a592ba347d4c992a1a489437180fe4b228d31d72091f76fb3
#      - GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - GRAYLOG_WEB_ENDPOINT_URI=http://"servername:9000/api
#      - GRAYLOG_HTTP_EXTERNAL_URI=http://servername:9000/api
#      - GRAYLOG_HTTP_PUBLISH_URI=http://servername:9000/api
      - mongodb:mongo
      - elasticsearch
      - mongodb
      - elasticsearch
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 514:514
      # Syslog UDP
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
    driver: local
    driver: local
    driver: local

please make your posting readable with markup like mentioned in the FAQ

ok sorry:
it’s graylog version 3.0 and elasticsearch version 6.6.1 mongo version 3

it’s work now. problem was group id and permission. graylog has 1100 as group and mango 999 and elastic just unix user permission.

i mount mongo volumes like: - /graylog/data/db:/data/db
and /graylog/data/db has: drwxr-xr-x 2 999 root 4096 Mar 13 09:33 db
i can’t see any file in db directories. it’s look like the mount, is not correct.
From docker logs for mango i found the following error:

I NETWORK [initandlisten] waiting for connections on port 27017
2019-03-13T09:52:37.067+0000 I NETWORK [listener] connection accepted from #1 (1 connection now open)
2019-03-13T09:52:37.076+0000 I NETWORK [conn1] received client metadata from conn1: { driver: { name: “mongo-java-driver”, version: “unknown” }, os: { type: “Linux”, name: “Linux”, architecture
2019-03-13T09:52:37.106+0000 I NETWORK [listener] connection accepted from #2 (2 connections now open).

What is wrong?

what is the software mango you are talking about?

I mean mongo. this is just typo. :slight_smile:

Guy I fixed your formatting - please do this your own in the future.

You did not read well the documentation, you mixed in settings from Graylog prior to Version 3.0 what will make it fail to run.

Please re-read the docs and correct your docker compose file

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.