Graylog web interface is not coming up in 3.0


(Mohd Arif) #1

I have installed graylog 3.0. it seems some configuration are diffrent from graylog2.
web interface is not coming up whenever i am trying browser/curl getting the below output…

HTTP/1.1 200 OK
X-Graylog-Node-ID: 8cf7f4b5-d19f-469e-b1ab-d71e58334d91
X-UA-Compatible: IE=edge
Content-Type: text/html

Date: Wed, 13 Mar 2019 06:00:07 GMT
Content-Length: 1640

Graylog Web Interface
<script src="http://10.140.127.133:9000/graylog/assets/vendor.4024e2a8db732781a971.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/polyfill.567b98aaba093175141f.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/builtins.567b98aaba093175141f.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.2f242956705001cd058c.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/plugin/org.graylog.plugins.enterprise.EnterprisePlugin/plugin.org.graylog.plugins.enterprise.EnterprisePlugin.98ee34386fa407cb6233.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.8ad21418ad38b4d44bb7.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/plugin/org.graylog.aws.AWSPlugin/plugin.org.graylog.aws.AWSPlugin.5485f767f3c63b51dbf4.js"></script>

<script src="http://10.140.127.133:9000/graylog/assets/app.567b98aaba093175141f.js"></script>

it seems graylog is up and running…

<html HTTP/1.1 307 Temporary Redirect Location: http://10.140.127.133:9000/ X-Graylog-Node-ID: 8cf7f4b5-d19f-469e-b1ab-d71e58334d91 X-Runtime-Microseconds: 495 Date: Wed, 13 Mar 2019 06:01:02 GMT Content-Length: 0

Iptables/Firewalld is disabled. selinux is disabled.

here is my server.conf:

> *text is_master = true*
> 
> *node_id_file = /etc/graylog/server/node-id*
> 
> *password_secret  = XXXXXXXXXXXXX*
> 
> 
> *root_password_sha2 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*
> *bin_dir = /usr/share/graylog-server/bin*
> *data_dir = /graylog/graylog-server*
> *plugin_dir = /usr/share/graylog-server/plugin*
> *http_bind_address = 10.140.127.133:9000*
> *http_external_uri = http://10.140.127.133:9000/graylog/*
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *rotation_strategy = count*
> 
> *elasticsearch_max_docs_per_index = 20000000*
> 
> 
> 
> 
> 
> *elasticsearch_max_number_of_indices = 20*
> 
> *retention_strategy = delete*
> 
> *elasticsearch_shards = 4*
> *elasticsearch_replicas = 0*
> 
> *elasticsearch_index_prefix = graylog*
> 
> 
> *allow_leading_wildcard_searches = false*
> 
> *allow_highlighting = false*
> 
> *elasticsearch_analyzer = standard*
> 
> 
> 
> 
> 
> 
> *output_batch_size = 500*
> 
> *output_flush_interval = 1*
> 
> *output_fault_count_threshold = 5*
> *output_fault_penalty_seconds = 30*
> 
> *processbuffer_processors = 5*
> *outputbuffer_processors = 3*
> 
> 
> 
> 
> 
> 
> *processor_wait_strategy = blocking*
> 
> *ring_size = 65536*
> 
> *inputbuffer_ring_size = 65536*
> *inputbuffer_processors = 2*
> *inputbuffer_wait_strategy = blocking*
> 
> *message_journal_enabled = true*
> 
> *message_journal_dir = /graylog/graylog-server/journal*
> 
> 
> 
> 
> *lb_recognition_period_seconds = 3*
> 
> 
> 
> 
> 
> 
> 
> *mongodb_uri = mongodb://localhost/graylog*
> 
> 
> 
> *mongodb_max_connections = 1000*
> 
> *mongodb_threads_allowed_to_block_multiplier = 5*
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *proxied_requests_thread_pool_size = 32*
> 
> 
> *#### Added just for troubleshooting ####*
> *rest_listen_uri = http://10.140.127.133:9000/api/*
> *web_listen_uri = http://10.140.127.133:9000/graylog/*
> *web_endpoint_uri = http://10.140.127.133:9000/api/*

I am using the webserver in front of graylog…

*> ProxyPass /graylog http://10.140.127.133:9000/*
*> ProxyPassReverse /graylog http://10.140.127.133:9000/*

I have changed the default data dir paths I am just wondering may because of that this issue is coming…is there a way to define URI path except default(/).

Thank You


(Jan Doberstein) #2

Please format your posting like mentioned in the this community FAQ for better readability. This way it is more likely that someone will help you in his spare time.

You should re-read the web settings configuration and their meaning: http://docs.graylog.org/en/3.0/pages/configuration/server.conf.html#web-rest-api


(Mohd Arif) #3

I have read it but not able to get it working.
That would be great if you can give me some clue when this type of errors comes. I am suspecting this is a known issue.
I did not get like how format the post as FAQ.

-Arif


(Jan Doberstein) #4

You make the wrong settings. But I’m not able to help and spot the problem because of the format of your posting.

Using simple markdown - or the symbols above your text area - helps other to make your pile of text readable.

http_bind_address = 10.140.127.133:9000
http_external_uri = http://10.140.127.133:9000/graylog/

your setting here do not make sense, maybe removing the /graylog/ or complete http_external_uri will make it work.


(Mohd Arif) #5

I tried above suggestion but no luck…

I used debug option in chrome… and got below error message:

F    ailed to load resource: net::ERR_CONNECTION_TIMED_OUT
    vendor.4024e2a8db732781a971.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    polyfill.567b98aaba093175141f.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    builtins.567b98aaba093175141f.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.2f242956705001cd058c.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    plugin.org.graylog.plugins.enterprise.EnterprisePlugin.98ee34386fa407cb6233.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    plugin.org.graylog.plugins.collector.CollectorPlugin.8ad21418ad38b4d44bb7.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    plugin.org.graylog.enterprise.integrations.EnterpriseIntegrationsPlugin.455a3ba4d8726dc3c224.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
    plugin.org.graylog.aws.AWSPlugin.5485f767f3c63b51dbf4.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT 

same error i am getting with curl in localhost…

Thank You


(Mohd Arif) #6

image


(Jan Doberstein) #7

Sorry to say, but you are not supportive that someone who is not you can understand your problem.


(Mohd Arif) #8

can you show me any post that is well formatted. so i will use the same format. so you guys might able to understand my problem.

Actually the problem is graylog plugins is not loading as per the attached screenshot.


(Mohd Arif) #9

I have tried to format it. Please let me know if you understand it well.
Actually, the problem is whenever i am browsing the http://10.140.127.133:9000 it is trying load the script on web page and chrome is marking that script unsafe. indirectly web-interface is not available.

http://10.140.127.133:9000:

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="http://10.140.127.133:9000/assets/favicon.png">

  </head>
  <body>
    <script src="http://10.140.127.133:9000/config.js"></script>

    <script src="http://10.140.127.133:9000/assets/vendor.4024e2a8db732781a971.js"></script>

    <script src="http://10.140.127.133:9000/assets/polyfill.567b98aaba093175141f.js"></script>

    <script src="http://10.140.127.133:9000/assets/builtins.567b98aaba093175141f.js"></script>

    <script src="http://10.140.127.133:9000/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.2f242956705001cd058c.js"></script>

    <script src="http://10.140.127.133:9000/assets/plugin/org.graylog.plugins.enterprise.EnterprisePlugin/plugin.org.graylog.plugins.enterprise.EnterprisePlugin.98ee34386fa407cb6233.js"></script>

    <script src="http://10.140.127.133:9000/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.8ad21418ad38b4d44bb7.js"></script>

    <script src="http://10.140.127.133:9000/assets/plugin/org.graylog.enterprise.integrations.EnterpriseIntegrationsPlugin/plugin.org.graylog.enterprise.integrations.EnterpriseIntegrationsPlugin.455a3ba4d8726dc3c224.js"></script>

    <script src="http://10.140.127.133:9000/assets/plugin/org.graylog.aws.AWSPlugin/plugin.org.graylog.aws.AWSPlugin.5485f767f3c63b51dbf4.js"></script>

    <script src="http://10.140.127.133:9000/assets/app.567b98aaba093175141f.js"></script>

  </body>

(Jan Doberstein) #10

the source is unsafe because of your browser marks pages with http (and not httpS) as unsafe locations.


(Mohd Arif) #11

is their any known issues like that? I am suspecting something wrong in config because i am getting the same error with curl.

I am using the webserver in front of graylog as i have mentioned before.


#12

is port 9000 listening on the server? What flavor of Linux are you running? Centos 7 you can run "netstat -pan | grep LIST and see what ports are listening. You could also try to telnet from your machine your trying to hit the webpage from and see if the port is allowed… telnet 10.140.127.133 9000 make sure the local firewall is disabled and not running


(Mohd Arif) #13

Thank You!!!
This issue is resolved.
Actually, it was more like Apache proxy issue it was not forwarding request from https to http and blocking the content on web browser.

I am directly able to access as

http://:9000/api

currently working to setup https.

-Arif