Graylog server WEB interface not starting

Hello guys.
I’ve decided to setup Graylog this way:

• one server with graylog & mongodb (server IP address: 10.200.125.48);
• another server with elasticsearch (server IP address: 10.200.125.49).
  Both server OS is CentOS 7.
  But have error in server.log file and WEB interface doesn’t starting:

2017-03-20T10:49:42.626+03:00 INFO [zen] [graylog-22487182-1142-4dff-9731-352a466f3979] failed to send join request to master [{es-node-1}{NgVm0J_hRRqKXhOLwkiTRA}{10.200.125.49}{10.200.125.49:9300}], reason [RemoteTransportException[[es-node-1][10.200.125.49:9300][internal:discovery/zen/join]]; nested: ConnectTransportException[[graylog-22487182-1142-4dff-9731-352a466f3979][127.0.0.1:9350] connect_timeout[30s]]; nested: NotSerializableExceptionWrapper[connect_exception: Connection refused: /127.0.0.1:9350]; ]

elasticsearch.yml:

cluster.name: graylog
node.name: es-node-1
path.data: /es/data
path.logs: /es/log
network.host: 10.200.125.49
http.port: 9200
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: [“10.200.125.49:9300”]
discovery.zen.minimum_master_nodes: 1

server.conf

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = SOME#######################################
root_password_sha2 = SOME#######################################
root_timezone = Asia/Kuwait
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://10.200.125.48:12900/

rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = graylog
elasticsearch_discovery_zen_ping_unicast_hosts = 10.200.125.49:9300
elasticsearch_analyzer = standard

output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3

processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking

message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal

lb_recognition_period_seconds = 3

mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5

content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json

proxied_requests_thread_pool_size = 32

I supposed there are some errors in my config files but I cannot find them - pls help.

hi,

try something like:

semanage port -a -t http_port_t -p tcp 9200
semanage port -a -t http_port_t -p tcp 9300
semanage port -a -t http_port_t -p tcp 9350
firewall-cmd --zone=internal --add-source=10.200.125.49 --permanent
firewall-cmd --zone=internal --add-port=9200/tcp --permanent
firewall-cmd --zone=internal --add-port=9300/tcp --permanent
firewall-cmd --zone=internal --add-port=9350/tcp --permanent
firewall-cmd --reload

Then the operating system should let the connection through…

I’ve disabled both selinux & firewalld - problem still exist

Elasticsearch server response example from Graylog server’s console:

curl -XGET ‘http://10.200.125.49:9200/_cluster/health?pretty=true’

{
“cluster_name” : “graylog”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 1,
“number_of_data_nodes” : 1,
“active_primary_shards” : 0,
“active_shards” : 0,
“relocating_shards” : 0,
“initializing_shards” : 0,
“unassigned_shards” : 0,
“delayed_unassigned_shards” : 0,
“number_of_pending_tasks” : 0,
“number_of_in_flight_fetch” : 0,
“task_max_waiting_in_queue_millis” : 0,
“active_shards_percent_as_number” : 100.0
}

you could try adding

elasticsearch_transport_tcp_port = 9350

to server.conf

Still no luck

server.log:

2017-03-20T16:34:54.163+03:00 INFO [zen] [graylog-22487182-1142-4dff-9731-352a466f3979] failed to send join request to master [{es-node-1}{VKtPyrkPSjmtNjIzOhwFyQ}{10.200.125.49}{10.200.125.49:9300}], reason [RemoteTransportException[[es-node-1][10.200.125.49:9300][internal:discovery/zen/join]]; nested: ConnectTransportException[[graylog-22487182-1142-4dff-9731-352a466f3979][127.0.0.1:9350] connect_timeout[30s]]; nested: NotSerializableExceptionWrapper[connect_exception: Connection refused: /127.0.0.1:9350]; ]

Resolved by myself (with this thread https://github.com/Graylog2/graylog2-server/issues/2154)
Solution:

in server.conf:

elasticsearch_network_host =10.200.125.48