Graylog Web GUI Issue

Hi All,
I am a new user of Graylog and have an issue that could use some help with. I have completed the installation following the instructions, but when I attempt to connect to the Web GUI I can’t access it. The connection always gets refused. I have tried to use the default address…no luck the connection gets refused. I have changed the address in the server.confg file to and it still gets refused. I have also made sure the UFW has the ports open for 9000 and it’s listening…but that didn’t correct the issue either. The Graylog server/install was performed on a VM Ubuntu 20.04 under Proxmox. Do I need to create a port forward rule on my firewall for port 9000?? Any help would be greatly appreciated!

Hello && Welcome @Truckin

Since this is a fresh installation and nothing has been modified yet, I believe we can help you with this issue. But first we would need some detailed information about your configuration and perhaps show your Logs files. There maybe something in those log files that would help us point to your issue. 9 times out of 10 the issue can be found in the logs files and that’s probably why you installed a logging server :slight_smile:. To help you better understand what were look for please have a look at this post

If your posting any log files or configuration files please you the markdown illustrated in the post above


Thank you very much for your help! However, this is my first setup of a graylog server. If I can’t access the web gui how would I post the logs for review to determine the cause?
I tried to use this command “sudo nano /etc/graylog/server/log4j2.xml”, but that just opens up a file that has the settings in it I think.

I created a rule in my pfsense firewall to pass port 9000 but that didn’t seem to help either.


I was referring to this documentation. It will show you where your log files are.

That is not your system logs output, that would be for configuring you logs.

I looked at the document again and I think i found the correct path…but nothing is in the log file. I copied the screenshot and pasted it below. So, what am I doing wrong?

Hey there,

We’re going to need some additional details from you. Are mongo and elasticsearch running? If not, then Graylog isn’t going to start and if the service isn’t starting, you should be able to see what’s causing it in /var/log/graylog-server/server.log. If doing a netstat -ntlp shows that :9000 is open and you can connect, then something else is likely happening. However, given that you’re getting a connection refused error, that tells me that 9000 isn’t actually listening (i.e., the port may be open, but the service isn’t accepting connections). Have you tried running something like nc -vz localhost 9000 or nc -vz 9000? What does that report?

1 Like


In your graylog configuration file located here /etc/graylog/server/server.conf
Do you have this setting enabled?

http_enable_cors = true
Remember any time you make configuration to Graylog’s configuration file make sure your restart the service

systemctl restart graylog-server

Please check what @aaronsachs suggested and post your results. This will help us, help you.


gsmith I assume I should enable that. So I have.

However, it doesn’t look like it corrected the problem. I did restart the service like you suggested.

I also ran the commands you stated and this was the output…

I see your issue, but to be sure we would need to see your whole graylog configuration file. its hard to see you CLI screen shots This file is located here.


What you can do that would help is execute this command and post it here with </> .in you markdown.

grep -v "^#\|^$" /etc/graylog/server/server.conf

EDIT: I think your configuration file is incorrect
Please double check these instruction

HowTo Configuration File


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.