systemctl status graylog-server.service shows a warning:
graylog-server.service - Graylog server
Loaded: loaded (/lib/systemd/system/graylog-server.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-05-03 17:47:38 CEST; 4min 18s ago
Docs: http://docs.graylog.org/
Main PID: 8790 (graylog-server)
Tasks: 105 (limit: 4662)
Memory: 774.3M
CGroup: /system.slice/graylog-server.service
├─8790 /bin/sh /usr/share/graylog-server/bin/graylog-server
└─8809 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -jar -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb /usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np
May 03 17:47:38 master03 systemd[1]: Started Graylog server.
May 03 17:47:38 master03 graylog-server[8790]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
May 03 17:47:38 master03 graylog-server[8790]: WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
May 03 17:47:41 master03 graylog-server[8790]: WARNING: An illegal reflective access operation has occurred
May 03 17:47:41 master03 graylog-server[8790]: WARNING: Illegal reflective access by com.google.inject.assistedinject.FactoryProvider2$MethodHandleWrapper (file:/usr/share/graylog-server/graylog.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
May 03 17:47:41 master03 graylog-server[8790]: WARNING: Please consider reporting this to the maintainers of com.google.inject.assistedinject.FactoryProvider2$MethodHandleWrapper
May 03 17:47:41 master03 graylog-server[8790]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
May 03 17:47:41 master03 graylog-server[8790]: WARNING: All illegal access operations will be denied in a future release
Check if graylog web interface listen on port 9000. Apache is used as reverse proxy, so graylog interface is reachable on port HTTP/HTTPS, check your apache reverse proxy configration, if you see default apache welcome page…
May 05 16:09:45 master03 elasticsearch[7005]: at org.elasticsearch.cli.Command.main(Command.java:90)
May 05 16:09:45 master03 elasticsearch[7005]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116)
May 05 16:09:45 master03 elasticsearch[7005]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
May 05 16:09:45 master03 elasticsearch[7005]: 2020-05-05 16:09:45,673 main ERROR Null object returned for RollingFile in Appenders.
May 05 16:09:45 master03 elasticsearch[7005]: 2020-05-05 16:09:45,673 main ERROR Unable to locate appender “rolling” for logger config “root”
May 05 16:09:45 master03 elasticsearch[7005]: 2020-05-05 16:09:45,674 main ERROR Unable to locate appender “index_indexing_slowlog_rolling” for logger config "index.indexing.sl
May 05 16:09:45 master03 elasticsearch[7005]: 2020-05-05 16:09:45,674 main ERROR Unable to locate appender “index_search_slowlog_rolling” for logger config "index.search.slowlo
May 05 16:09:45 master03 elasticsearch[7005]: 2020-05-05 16:09:45,674 main ERROR Unable to locate appender “deprecation_rolling” for logger config "org.elasticsearch.deprecatio
May 05 16:09:45 master03 systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
May 05 16:09:45 master03 systemd[1]: elasticsearch.service: Failed with result ‘exit-code’.
However I cannot find an x-pack version that works .
You can’t run Input on port 514b by default, because graylog run as a normal user, which couldn’t listenon lower port than 1024. So best option is to change Input port to e.g. 1514 and setup syslog-ng to forward logs to this port (instead of default 1514).
