Graylog Plugin for TRUENAS as JAIL

Installed the AWESOOOME pre-cooked version of Graylog, available as a “plugin” on TrueNAS / FreeNAS. Not so much of a “plugin” as it is a FreeBSD jail.

Everything is working great… BUT… Here’s my questioin:

Where can I add a mount point to preserve the log data if/when the jail gets corrupted or destroyed or deleted?

Usually for jails, you can create a dataset in your ZFS pool and attach it to a mount point in the jail… this way if the jail ever got deleted, or if you messed up the config real bad, you could at least preserve the data. Ideally, I’d mount right at /var/log, but there’s data in every folder already.

Any ideas?

Until then, I’m going to enjoy the software as it is!

SOLVED

I’m such a dumb@$$. So, for anyone else with the issue, do this… before you click “install” scroll to the bottom and open the “custom properties” of the jail. Enter the name of YOUR dataset where it says zfs_jail_dataset, and enter /var/log where it says jail_zfs_mountpoint.

1 Like

Hello,
That’s for posting your fix.

HI, I was looking for the exact same thing. However /var/log contain only the logs of the services (elasticsearch and graylog), not the actual logs they collected/received.

I think the path we’re looking for to keep the DBs of Elasticsearch and Graylog, would be:

  • /var/db/elasticsearch
  • /var/db/graylog
  • /var/db/mongodb

I’m trying now. Would need to create those subdirs in your dataset, move the data from the iocage from these directories to the ones you created in your dataset, mount the paths and restart your jail.

Or create them beforehand and speficy them when installing the plugin. I’m trying now.

1 Like

After fidling a bit, I was able to make it work. Here’s what I did, if anyone is interested:

1- created a dataset for graylog, called “graylog

2- install plugin “Graylog”

3- Stop graylog jail

4- in truenas CLI, copy the following dirs from the jail to the Dataset
a) cp -rp /mnt/Disk/iocage/jails/graylog/root/var/db/elasticsearch /mnt/Disk/graylog/.
b) cp -rp /mnt/Disk/iocage/jails/graylog/root/var/db/graylog /mnt/Disk/graylog/.
c) cp -rp /mnt/Disk/iocage/jails/graylog/root/var/db/mongodb /mnt/Disk/graylog/.
→ where “Disk” is my pool, and /mnt/Disk/graylog my dataset

5- Update permissions to all in mongodb:
a) chmod a+rwx /mnt/Disk/graylog/mongodb

6- do this command: iocage get -r enforce_statfs
in order for elasticsearch to work, this property in your graylog jail needs to be set to “1”. Mine was set to “2”

7- edit /mnt/Disk/iocage/jails/graylog/config.json, and add the following line:
a) “enforce_statfs”: “1”,
b) save and exit

8- running “iocage get -r enforce_statfs” again should show the property now set to “1”

9- Now, start your jail back up. Should be good to go, after it sets up everything.

10- doing a “tail -f /mnt/Disk/iocage/jails/graylog/root/var/log/graylog/server.log” should show you how everything is going.
When it hits “.InputSetupService [eventbus-handler-1] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]”, you should be able to log in.

Good luck!

2 Likes

Hello && Welcome

Thanks for posting a HowTo.