Graylog web interface not running

Graylog Central (peer support)
1

I have fresh installed Graylog, but web interface is not working.
Graylog is installed on remote linux machine with graylog.abc.com hostname and I want to get access from my local machine.

curl -i http://graylog.abc.com:9000 and curl -i http://graylog.abc.com:9000/api give normal response

URIs in /etc/graylog/server/server.conf look this way

rest_listen_uri = http://graylog.abc.com:9000/api/
web_listen_uri = http://graylog.abc.com:9000/

Contents of /var/log/graylog-server/server.log from last servise restart:

2017-11-16T13:02:16.467+03:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb
2017-11-16T13:02:17.358+03:00 INFO  [Version] HV000001: Hibernate Validator null
2017-11-16T13:02:31.326+03:00 INFO  [InputBufferImpl] Message journal is enabled.
2017-11-16T13:02:32.122+03:00 INFO  [NodeId] Node ID: 6dac4853-c17a-43cf-9f92-e95617942bfc
2017-11-16T13:02:32.611+03:00 INFO  [LogManager] Loading logs.
2017-11-16T13:02:32.680+03:00 WARN  [Log] Found a corrupted index file, /var/lib/graylog-server/journal/messagejournal-0/00000000000000000000.index, deleting and rebuilding index...
2017-11-16T13:02:32.743+03:00 INFO  [LogManager] Logs loading complete.
2017-11-16T13:02:32.743+03:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2017-11-16T13:02:32.781+03:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2017-11-16T13:02:32.824+03:00 INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2017-11-16T13:02:32.922+03:00 INFO  [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2017-11-16T13:02:32.989+03:00 INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:1}] to localhost:27017
2017-11-16T13:02:32.991+03:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 11]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=708874}
2017-11-16T13:02:33.006+03:00 INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:2}] to localhost:27017
2017-11-16T13:02:33.829+03:00 INFO  [AbstractJestClient] Setting server pool to a list of 1 servers: [http://127.0.0.1:9200]
2017-11-16T13:02:33.830+03:00 INFO  [JestClientFactory] Using multi thread/connection supporting pooling connection manager
2017-11-16T13:02:33.987+03:00 INFO  [JestClientFactory] Using custom ObjectMapper instance
2017-11-16T13:02:33.988+03:00 INFO  [JestClientFactory] Node Discovery disabled...
2017-11-16T13:02:33.988+03:00 INFO  [JestClientFactory] Idle connection reaping disabled...
2017-11-16T13:02:35.039+03:00 INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2017-11-16T13:02:43.386+03:00 INFO  [RulesEngineProvider] No static rules file loaded.
2017-11-16T13:02:43.974+03:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-11-16T13:02:43.987+03:00 INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2017-11-16T13:02:44.023+03:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-11-16T13:02:44.060+03:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-11-16T13:02:44.096+03:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-11-16T13:02:44.129+03:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-11-16T13:02:44.628+03:00 INFO  [ServerBootstrap] Graylog server 2.3.2+3df951e starting up
2017-11-16T13:02:44.629+03:00 INFO  [ServerBootstrap] JRE: Oracle Corporation 1.8.0_151 on Linux 4.13.0-0.bpo.1-amd64
2017-11-16T13:02:44.629+03:00 INFO  [ServerBootstrap] Deployment: deb
2017-11-16T13:02:44.629+03:00 INFO  [ServerBootstrap] OS: Debian GNU/Linux 9 (stretch) (debian)
2017-11-16T13:02:44.629+03:00 INFO  [ServerBootstrap] Arch: amd64
2017-11-16T13:02:44.637+03:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2017-11-16T13:02:44.692+03:00 INFO  [PeriodicalsService] Starting 26 periodicals ...
2017-11-16T13:02:44.693+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2017-11-16T13:02:44.721+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2017-11-16T13:02:44.722+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2017-11-16T13:02:44.726+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2017-11-16T13:02:44.727+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2017-11-16T13:02:44.727+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2017-11-16T13:02:44.730+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2017-11-16T13:02:44.731+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2017-11-16T13:02:44.734+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2017-11-16T13:02:44.736+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2017-11-16T13:02:44.736+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2017-11-16T13:02:44.738+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2017-11-16T13:02:44.739+03:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2017-11-16T13:02:44.741+03:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2017-11-16T13:02:44.746+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2017-11-16T13:02:44.746+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2017-11-16T13:02:44.746+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2017-11-16T13:02:44.803+03:00 INFO  [connection] Opened connection [connectionId{localValue:7, serverValue:6}] to localhost:27017
2017-11-16T13:02:44.804+03:00 INFO  [connection] Opened connection [connectionId{localValue:9, serverValue:8}] to localhost:27017
2017-11-16T13:02:44.808+03:00 INFO  [connection] Opened connection [connectionId{localValue:6, serverValue:5}] to localhost:27017
2017-11-16T13:02:44.809+03:00 INFO  [connection] Opened connection [connectionId{localValue:8, serverValue:7}] to localhost:27017
2017-11-16T13:02:44.810+03:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:4}] to localhost:27017
2017-11-16T13:02:44.811+03:00 INFO  [connection] Opened connection [connectionId{localValue:3, serverValue:3}] to localhost:27017
2017-11-16T13:02:44.828+03:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:9}] to localhost:27017
2017-11-16T13:02:44.828+03:00 INFO  [connection] Opened connection [connectionId{localValue:11, serverValue:11}] to localhost:27017
2017-11-16T13:02:44.828+03:00 INFO  [connection] Opened connection [connectionId{localValue:10, serverValue:10}] to localhost:27017
2017-11-16T13:02:44.866+03:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2017-11-16T13:02:44.866+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2017-11-16T13:02:44.874+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2017-11-16T13:02:44.884+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2017-11-16T13:02:44.903+03:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2017-11-16T13:02:44.915+03:00 INFO  [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] periodical in [300s], polling every [21600s].
2017-11-16T13:02:44.916+03:00 INFO  [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] periodical in [300s], polling every [21600s].
2017-11-16T13:02:45.031+03:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2017-11-16T13:02:45.033+03:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2017-11-16T13:02:45.063+03:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2017-11-16T13:02:46.235+03:00 INFO  [JerseyService] Enabling CORS for HTTP endpoint
2017-11-16T13:03:05.719+03:00 INFO  [NetworkListener] Started listener bound to [graylog.abc.com:9000]
2017-11-16T13:03:05.722+03:00 INFO  [HttpServer] [HttpServer] Started.
2017-11-16T13:03:05.723+03:00 INFO  [JerseyService] Started REST API at <http://graylog.abc.com:9000/api/>
2017-11-16T13:03:05.723+03:00 INFO  [JerseyService] Started Web Interface at <http://graylog.abc.com:9000/>
2017-11-16T13:03:05.724+03:00 INFO  [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=77, KafkaJournal [RUNNING]=92, BufferSynchronizerService [RUNNING]=94, ConfigurationEtagService [RUNNING]=113, InputSetupService [RUNNING]=124, JournalReader [RUNNING]=135, StreamCacheService [RUNNING]=210, LookupTableService [RUNNING]=227, PeriodicalsService [RUNNING]=362, JerseyService [RUNNING]=21037}
2017-11-16T13:03:05.729+03:00 INFO  [ServiceManagerListener] Services are healthy
2017-11-16T13:03:05.732+03:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-11-16T13:03:05.746+03:00 INFO  [ServerBootstrap] Graylog server up and running.

According to this thread Graylog wont start after new installation, my server.conf looks the same although it’s still not working. Pls halp.

2

what error do you get ?? how are you trying to access it ??

3

Web interface is not working. I mean http://graylog.abc.com:9000 is not opening in browser.

4

curl -i http://graylog.abc.com:9000 and curl -i http://graylog.abc.com:9000/api give normal response

what is that response?

To the API the response should be something like:

http GET https://graylog.example.com/api
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 239
Content-Type: application/json
Date: Thu, 16 Nov 2017 13:57:23 GMT
Server: nginx/1.10.3
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Graylog-Node-ID: 71ab6aaa-cb39-46be-9dac-4ba99fed3d66
X-Runtime-Microseconds: 1012

{
    "cluster_id": "3adaf799-1551-4239-84e5-6ed939b56f62",
    "node_id": "71ab6aaa-cb39-46be-9dac-4ba99fed3d66",
    "tagline": "Manage your logs in the dark and have lasers going and make it look like you're from space!",
    "version": "2.4.0-beta.2+2364772"
}

and to the Webinterface something like:

http GET https://graylog.example.com
HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 16 Nov 2017 13:57:18 GMT
Server: nginx/1.10.3
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Graylog-Node-ID: 58c57924-808a-4fa7-be09-63ca551628cd
X-UA-Compatible: IE=edge

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="/assets/favicon.png">

  </head>
  <body>
    <script src="/config.js"></script>

    <script src="/assets/vendor.56d5bac4b190ce381a7d.js"></script>

    <script src="/assets/polyfill.7274e9222d07ea893176.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.8b5e6b36b529870b7b82.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.pipelineprocessor.ProcessorPlugin/plugin.org.graylog.plugins.pipelineprocessor.PipelineProcessorPlugin.3f52a8554767cdef0878.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.map.MapWidgetPlugin/plugin.org.graylog.plugins.map.MapWidgetPlugin.06dd140c82562e555693.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.license.LicensePlugin/plugin.org.graylog.plugins.license.LicensePlugin.ccdceee51efa78f5eb34.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin/plugin.org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin.8271f95f4b8864a91caa.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.4785b5a5c8038fe77f85.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.auditlog.AuditLogPlugin/plugin.org.graylog.plugins.auditlog.AuditLogPlugin.26994ef3611c5299fbeb.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.archive.ArchivePlugin/plugin.org.graylog.plugins.archive.ArchivePlugin.91e84b2abd595e6dffed.js"></script>

    <script src="/assets/plugin/org.graylog.aws.plugin.AWSPlugin/plugin.org.graylog.aws.plugin.AWSPlugin.20d46b141070d70e5d24.js"></script>

    <script src="/assets/app.7274e9222d07ea893176.js"></script>

  </body>
</html>
5

webinterface:

HTTP/1.1 200 OK
X-UA-Compatible: IE=edge
X-Graylog-Node-ID: 6dac4853-c17a-43cf-9f92-e95617942bfc
Content-Type: text/html
Date: Thu, 16 Nov 2017 14:08:40 GMT
Content-Length: 1316

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="/assets/favicon.png">

  </head>
  <body>
    <script src="/config.js"></script>

    <script src="/assets/vendor.ab8f49e0e782eae99198.js"></script>

    <script src="/assets/polyfill.e83b3dfb1898222fd83b.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.pipelineprocessor.ProcessorPlugin/plugin.org.graylog.plugins.pipelineprocessor.Pip                                             elineProcessorPlugin.54b3d0ec48cf21479ac0.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.map.MapWidgetPlugin/plugin.org.graylog.plugins.map.MapWidgetPlugin.1844ee17febe31d                                             c0551.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin/plugin.org.graylog.plugins.ente                                             rprise_integration.EnterpriseIntegrationPlugin.6174e551785d65068d4a.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.287                                             7139cd3f598ce5020.js"></script>

    <script src="/assets/app.e83b3dfb1898222fd83b.js"></script>

  </body>
</html>

api:

HTTP/1.1 200 OK
X-Graylog-Node-ID: 6dac4853-c17a-43cf-9f92-e95617942bfc
X-Runtime-Microseconds: 23083
Content-Type: application/json
Date: Thu, 16 Nov 2017 14:08:47 GMT
Content-Length: 232

{"cluster_id":"52a8b1db-4272-4470-8761-5795dc73e1f5","node_id":"6dac4853-c17a-43cf-9f92-e95617942bfc","version":"2.3.2+3df951e","tagline":"Manage your logs in the dark and have lasers going and make it look like you're from space!"}

Quite smth like, but not exactly

6

On which machine are you running these commands?

What does that mean exactly?

7

I run these commands on remote linux server graylog.abc.com and try to get access to it from my local machine browser.
I’ve made kibana accessible this way, and it worked.

8

What’s the result if you run these commands on your machine (the one with the web browser)?

9

I didn’t install graylog and ES on my machine and I’m not supposed to. Do I really need it?

10

I was talking about the cURL commands.

11

Yes, from my machine it’s
Failed to connect to graylog.abc.com port 9000: Connection refused

12

And what’s your conclusion from this?

If I were you, I would check if there’s a firewall (packet filter) blocking access to port 9000/tcp on the machine running Graylog.

13

Well.

$netstat -l
tcp6       0      0 graylog.abc.com:9000 [::]:*                  LISTEN
tcp6       0      0 localhost:9200          [::]:*                  LISTEN

$ sudo iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
$ /sbin/iptables-save

Still the same. Did I miss something?

14

Maybe. I don’t know the network environment you’re operating in.

Maybe graylog.abc.com resolves to another IP address on that machine than on your client. Maybe routing to graylog.abc.com is broken in your network.

Either way, Graylog is running and probably is fine. You need to find out why your network requests don’t get through.

15

Solved.
Worked with IP address instead of graylog.abc.com in server.conf.
Thank you very much, @jochen!

16

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.