Hi All,
I am a new user of Graylog and have an issue that could use some help with. I have completed the installation following the instructions, but when I attempt to connect to the Web GUI I can’t access it. The connection always gets refused. I have tried to use the default address 127.0.0.1:9000…no luck the connection gets refused. I have changed the address in the server.confg file to 192.168.10.116:9000 and it still gets refused. I have also made sure the UFW has the ports open for 9000 and it’s listening…but that didn’t correct the issue either. The Graylog server/install was performed on a VM Ubuntu 20.04 under Proxmox. Do I need to create a port forward rule on my firewall for port 9000?? Any help would be greatly appreciated!
Thanks,
Josh
Hello && Welcome @Truckin
Since this is a fresh installation and nothing has been modified yet, I believe we can help you with this issue. But first we would need some detailed information about your configuration and perhaps show your Logs files. There maybe something in those log files that would help us point to your issue. 9 times out of 10 the issue can be found in the logs files and that’s probably why you installed a logging server 
. To help you better understand what were look for please have a look at this post
If your posting any log files or configuration files please you the markdown illustrated in the post above
Thanks
Thank you very much for your help! However, this is my first setup of a graylog server. If I can’t access the web gui how would I post the logs for review to determine the cause?
I tried to use this command “sudo nano /etc/graylog/server/log4j2.xml”, but that just opens up a file that has the settings in it I think.
I created a rule in my pfsense firewall to pass port 9000 but that didn’t seem to help either.
Hello,
I was referring to this documentation. It will show you where your log files are.
https://docs.graylog.org/v1/docs/file-locations
That is not your system logs output, that would be for configuring you logs.
I looked at the document again and I think i found the correct path…but nothing is in the log file. I copied the screenshot and pasted it below. So, what am I doing wrong?
Hey there,
We’re going to need some additional details from you. Are mongo and elasticsearch running? If not, then Graylog isn’t going to start and if the service isn’t starting, you should be able to see what’s causing it in /var/log/graylog-server/server.log. If doing a netstat -ntlp shows that :9000 is open and you can connect, then something else is likely happening. However, given that you’re getting a connection refused error, that tells me that 9000 isn’t actually listening (i.e., the port may be open, but the service isn’t accepting connections). Have you tried running something like nc -vz localhost 9000 or nc -vz 192.168.10.116 9000? What does that report?
Hello,
In your graylog configuration file located here /etc/graylog/server/server.conf
Do you have this setting enabled?
http_enable_cors = true
Remember any time you make configuration to Graylog’s configuration file make sure your restart the service
systemctl restart graylog-server
Please check what @aaronsachs suggested and post your results. This will help us, help you.
Thanks
However, it doesn’t look like it corrected the problem. I did restart the service like you suggested.
I see your issue, but to be sure we would need to see your whole graylog configuration file. its hard to see you CLI screen shots This file is located here.
/etc/graylog/server/server.conf
What you can do that would help is execute this command and post it here with </> .in you markdown.
grep -v "^#\|^$" /etc/graylog/server/server.conf
EDIT: I think your configuration file is incorrect
Please double check these instruction
Thanks
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.