Graylog OVA issues and questions

Graylog Central (peer support)
1

I downloaded and installed the OVA, all worked fine. I then updated to the latest version and still all good. Somewhere along the steps of following http://docs.graylog.org/en/2.3/pages/installation/virtual_machine_appliances.html?highlight=ova and hardening the appliance I ran into the issue that graylog seemed not to be starting anymore.

so I tried: graylog-ctl reconfigure-as-backend which resulte in these 2 lines in my /opt/graylog/conf/graylog.conf

rest_listen_uri = h**p://0.0.0.0:9000/api

web_listen_uri = 192.168.99.2

as I had also run graylog-ctl local-connect before

with the above configuration inside /var/log/graylog/server/current I see


ERROR Invalid Configuration
Parameter web_listen_uri should be an absolute URI (found 192.168.99.2)

so I went and changed it to:

web_listen_uri = h**p://192.168.99.2/

which still doesn’t give any positive results. graylog-ctl status shows elasticsearch, etcd, graylog-server and mongodb running which indicates nginx is somehow down.

graylog-ctl tail nginx shows this:
image
while 192.168.99.2 is graylog’s IP and 192.168.99.0 is its gateway and 192.168.0.2 was the client I was connecting from.

Most important question: is there a command to reset an OVA to its default config?
I’ve read through here but not sure what would fit this scenario: h**p://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html

Your Environment

  • Graylog Version: latest version after updating the OVA via apt-get
  • Elasticsearch Version: latest version after updating the OVA via apt-get
  • MongoDB Version: latest version after updating the OVA via apt-get

P.S. yes I know that the OVA is not recommend for production so I have read h**p://docs.graylog.org/en/2.3/pages/securing.html#securing-graylog and acted accordingly. Also, this OVA is separated via firewall rules so only the necessary ports are accessible from any other machines.

P.P.S. Since I am a new user I am only allowed 2 external links so I replaced a few http occurances with h**p

2

sudo graylog-ctl cleanse should do the trick.

If you’re using the OVA (or any other appliance based on the Graylog omnibus package), you have to use graylog-ctl for everything. Manual changes to any configuration file will be overwritten by graylog-ctl reconfigure.

The omnibus package cannot be updated via apt-get (or aptitude or apt). Are you sure you didn’t install the official DEB package by accident?

3

@jochen thanks, I will try the cleanse option and report back if that fixed my issues.

Well, I used the OVA initially, then I read this link: http://docs.graylog.org/en/2.3/pages/installation/virtual_machine_appliances.html?highlight=ova#update-ova-to-latest-version on how to update the OVA which links to here: http://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html#upgrade-graylog-omnibus

$ wget https://packages.graylog2.org/releases/graylog-omnibus/ubuntu/graylog_latest.deb
$ sudo graylog-ctl stop
$ sudo dpkg -G -i graylog_latest.deb
$ sudo graylog-ctl backup-etcd
$ sudo graylog-ctl reconfigure
$ sudo reboot

So, yes, I am now using the .deb package. Where did I go wrong? I don’t see any other options to update the OVA

4

Nowhere, but you’re not using APT (apt-get, aptitude, apt) which was indicated in your first post.

I’ve been talking about these: http://docs.graylog.org/en/2.3/pages/installation/operating_system_packages.html#deb-apt

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.