Graylog OVA issues and questions

(Ovizii) #1

I downloaded and installed the OVA, all worked fine. I then updated to the latest version and still all good. Somewhere along the steps of following and hardening the appliance I ran into the issue that graylog seemed not to be starting anymore.

so I tried: graylog-ctl reconfigure-as-backend which resulte in these 2 lines in my /opt/graylog/conf/graylog.conf

rest_listen_uri = h**p://

web_listen_uri =

as I had also run graylog-ctl local-connect before

with the above configuration inside /var/log/graylog/server/current I see

ERROR Invalid Configuration
Parameter web_listen_uri should be an absolute URI (found

so I went and changed it to:

web_listen_uri = h**p://

which still doesn’t give any positive results. graylog-ctl status shows elasticsearch, etcd, graylog-server and mongodb running which indicates nginx is somehow down.

graylog-ctl tail nginx shows this:

while is graylog’s IP and is its gateway and was the client I was connecting from.

Most important question: is there a command to reset an OVA to its default config?
I’ve read through here but not sure what would fit this scenario: h**p://

Your Environment

  • Graylog Version: latest version after updating the OVA via apt-get
  • Elasticsearch Version: latest version after updating the OVA via apt-get
  • MongoDB Version: latest version after updating the OVA via apt-get

P.S. yes I know that the OVA is not recommend for production so I have read h**p:// and acted accordingly. Also, this OVA is separated via firewall rules so only the necessary ports are accessible from any other machines.

P.P.S. Since I am a new user I am only allowed 2 external links so I replaced a few http occurances with h**p

(Jochen) #2

sudo graylog-ctl cleanse should do the trick.

If you’re using the OVA (or any other appliance based on the Graylog omnibus package), you have to use graylog-ctl for everything. Manual changes to any configuration file will be overwritten by graylog-ctl reconfigure.

The omnibus package cannot be updated via apt-get (or aptitude or apt). Are you sure you didn’t install the official DEB package by accident?

(Ovizii) #3

@jochen thanks, I will try the cleanse option and report back if that fixed my issues.

Well, I used the OVA initially, then I read this link: on how to update the OVA which links to here:

$ wget
$ sudo graylog-ctl stop
$ sudo dpkg -G -i graylog_latest.deb
$ sudo graylog-ctl backup-etcd
$ sudo graylog-ctl reconfigure
$ sudo reboot

So, yes, I am now using the .deb package. Where did I go wrong? I don’t see any other options to update the OVA

(Jochen) #4

Nowhere, but you’re not using APT (apt-get, aptitude, apt) which was indicated in your first post.

I’ve been talking about these:

(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.