Graylog wont start after new installation,

Graylog Central (peer support)
, ,
1

I did an install of Graylog on a server that is only running rsyslog. When I go to start Graylog nothing happens. This is what the command line looks like…

[root@syslog ~]# nano /etc/graylog/server/server.conf
[root@syslog ~]# sudo systemctl stop graylog-server.service
[root@syslog ~]# sudo systemctl start graylog-server.service
[root@syslog ~]#

There is no indication the process has started or anything. I did make sure of the password, it is 18 char. There is an * in the PW is this causing an issue? the other 17 char are letters and numbers.

Any thing I should look at to get this going?

1 Like
2

Which password are you talking about?

Are there any warnings or errors in the logs of Graylog?
:arrow_right: http://docs.graylog.org/en/2.2/pages/configuration/file_location.html

3

The password is the for password_secret

This is the content of log4j2.xml

<?xml version="1.0" encoding="UTF-8"?>
<Configuration packages="org.graylog2.log4j" shutdownHook="disable">
    <Appenders>
        <RollingFile name="rolling-file" fileName="/var/log/graylog-server/server.log" filePattern="/var/log/graylog-server/server.log.%i.gz">
            <PatternLayout pattern="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>
            <Policies>
                <SizeBasedTriggeringPolicy size="50MB"/>
            </Policies>
            <DefaultRolloverStrategy max="10" fileIndex="min"/>
        </RollingFile>

        <!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. -->
        <Memory name="graylog-internal-logs" bufferSize="500"/>
    </Appenders>
    <Loggers>
        <!-- Application Loggers -->
        <Logger name="org.graylog2" level="info"/>
        <Logger name="com.github.joschi.jadconfig" level="warn"/>
        <!-- This emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
        <Logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl" level="error"/>
        <!-- Prevent DEBUG message about Lucene Expressions not found. -->
        <Logger name="org.elasticsearch.script" level="warn"/>
        <!-- Disable messages from the version check -->
        <Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/>
        <!-- Suppress crazy byte array dump of Drools -->
        <Logger name="org.drools.compiler.kie.builder.impl.KieRepositoryImpl" level="warn"/>
        <!-- Silence chatty natty -->
        <Logger name="com.joestelmach.natty.Parser" level="warn"/>
        <!-- Silence Kafka log chatter -->
        <Logger name="kafka.log.Log" level="warn"/>
        <Logger name="kafka.log.OffsetIndex" level="warn"/>
        <!-- Silence useless session validation messages -->
        <Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
        <Root level="warn">
            <AppenderRef ref="rolling-file"/>
            <AppenderRef ref="graylog-internal-logs"/>
        </Root>
    </Loggers>
</Configuration>

There are 6 Plugins: Usage.stats, beats, collector, enterprise-integration, map=widget, pipline-processor all seem to be version 2.2.3

The file: /etc/default/graylog-server does not seem to exist

The /var/log/graylog-server foler contains one file:

2017-07-25T20:06:53.501-05:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.2.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2017-07-25T20:06:53.503-05:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.2.3 [org.graylog.plugins.collector.CollectorPlugin]
2017-07-25T20:06:53.504-05:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.2.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2017-07-25T20:06:53.505-05:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.2.3 [org.graylog.plugins.map.MapWidgetPlugin]
2017-07-25T20:06:53.537-05:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.2.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]

Detail left out because I am over my 32000 char limit

2017-07-25T20:14:46.573-05:00 INFO  [V20151210140600_ElasticsearchConfigMigration] Migrated "elasticsearch_max_size_per_index" setting: SizeBasedRotationStrategyConfig{type=org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig, maxSize=1073741824}
2017-07-25T20:14:46.591-05:00 INFO  [V20151210140600_ElasticsearchConfigMigration] Migrated "elasticsearch_max_time_per_index" setting: TimeBasedRotationStrategyConfig{type=org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig, rotationPeriod=P1D}
2017-07-25T20:14:46.610-05:00 INFO  [V20151210140600_ElasticsearchConfigMigration] Migrated "elasticsearch_max_number_of_indices" setting: ClosingRetentionStrategyConfig{type=org.graylog2.indexer.retention.strategies.ClosingRetentionStrategyConfig, maxNumberOfIndices=20}
2017-07-25T20:14:46.618-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2017-07-25T20:14:46.631-05:00 INFO  [V20151210140600_ElasticsearchConfigMigration] Migrated "elasticsearch_max_number_of_indices" setting: DeletionRetentionStrategyConfig{type=org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig, maxNumberOfIndices=20}
2017-07-25T20:14:46.647-05:00 INFO  [V20151210140600_ElasticsearchConfigMigration] Migrated "rotation_strategy" and "retention_strategy" setting: IndexManagementConfig{rotationStrategy=org.graylog2.indexer.rotation.strategies.MessageCountRotationStrategy, retentionStrategy=org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy}
2017-07-25T20:14:46.654-05:00 INFO  [V20151210140600_ElasticsearchConfigMigration] Creating searches cluster config: SearchesClusterConfig{queryTimeRangeLimit=PT0S, relativeTimerangeOptions={PT5M=Search in the last 5 minutes, PT15M=Search in the last 15 minutes, PT30M=Search in the last 30 minutes, PT1H=Search in the last 1 hour, PT2H=Search in the last 2 hours, PT8H=Search in the last 8 hours, P1D=Search in the last 1 day, P2D=Search in the last 2 days, P5D=Search in the last 5 days, P7D=Search in the last 7 days, P14D=Search in the last 14 days, P30D=Search in the last 30 days, PT0S=Search in all messages}, surroundingTimerangeOptions={PT1S=1 second, PT5S=5 seconds, PT10S=10 seconds, PT30S=30 seconds, PT1M=1 minute, PT5M=5 minutes}, surroundingFilterFields=[source, gl2_source_input, file, source_file]}
2017-07-25T20:14:46.812-05:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2017-07-25T20:14:47.344-05:00 INFO  [transport] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] publish_address {127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
2017-07-25T20:14:47.370-05:00 INFO  [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] graylog/VWJCzv3yS-291Eb0Q824gQ
2017-07-25T20:14:47.605-05:00 INFO  [V20161116172200_CreateDefaultStreamMigration] Successfully created default stream: All messages
2017-07-25T20:14:47.927-05:00 INFO  [V20161124104700_AddRetentionRotationAndDefaultFlagToIndexSetMigration] Adding rotation_strategy_class <org.graylog2.indexer.rotation.strategies.MessageCountRotationStrategy> to index set <5977ed077013d7704fe1b906>
2017-07-25T20:14:47.927-05:00 INFO  [V20161124104700_AddRetentionRotationAndDefaultFlagToIndexSetMigration] Adding retention_strategy_class <org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy> to index set <5977ed077013d7704fe1b906>
2017-07-25T20:14:48.010-05:00 INFO  [V20161124104700_AddRetentionRotationAndDefaultFlagToIndexSetMigration] Setting index set <5977ed077013d7704fe1b906> as default
2017-07-25T20:14:48.347-05:00 INFO  [V20161125142400_EmailAlarmCallbackMigration] No streams needed to be migrated.
2017-07-25T20:14:48.356-05:00 INFO  [JerseyService] Enabling CORS for HTTP endpoint
2017-07-25T20:14:48.460-05:00 INFO  [connection] Opened connection [connectionId{localValue:20, serverValue:21}] to localhost:27017
2017-07-25T20:14:48.462-05:00 INFO  [connection] Opened connection [connectionId{localValue:19, serverValue:20}] to localhost:27017
2017-07-25T20:14:48.463-05:00 INFO  [connection] Opened connection [connectionId{localValue:18, serverValue:19}] to localhost:27017
2017-07-25T20:14:48.471-05:00 INFO  [connection] Opened connection [connectionId{localValue:17, serverValue:18}] to localhost:27017
2017-07-25T20:14:48.510-05:00 INFO  [connection] Opened connection [connectionId{localValue:14, serverValue:15}] to localhost:27017
2017-07-25T20:14:48.511-05:00 INFO  [connection] Opened connection [connectionId{localValue:16, serverValue:17}] to localhost:27017
2017-07-25T20:14:48.512-05:00 INFO  [connection] Opened connection [connectionId{localValue:15, serverValue:16}] to localhost:27017
2017-07-25T20:14:48.512-05:00 INFO  [connection] Opened connection [connectionId{localValue:13, serverValue:14}] to localhost:27017
2017-07-25T20:14:48.513-05:00 INFO  [connection] Opened connection [connectionId{localValue:12, serverValue:13}] to localhost:27017
2017-07-25T20:14:48.518-05:00 INFO  [connection] Opened connection [connectionId{localValue:11, serverValue:12}] to localhost:27017
2017-07-25T20:14:48.572-05:00 INFO  [V20161125161400_AlertReceiversMigration] No streams needed to be migrated.
2017-07-25T20:14:48.781-05:00 INFO  [V20161130141500_DefaultStreamRecalcIndexRanges] Cluster not connected yet, delaying migration until it is reachable.
2017-07-25T20:14:48.838-05:00 INFO  [connection] Opened connection [connectionId{localValue:27, serverValue:28}] to localhost:27017
2017-07-25T20:14:48.838-05:00 INFO  [connection] Opened connection [connectionId{localValue:26, serverValue:27}] to localhost:27017
2017-07-25T20:14:48.842-05:00 INFO  [connection] Opened connection [connectionId{localValue:25, serverValue:26}] to localhost:27017
2017-07-25T20:14:48.843-05:00 INFO  [connection] Opened connection [connectionId{localValue:24, serverValue:25}] to localhost:27017
2017-07-25T20:14:48.852-05:00 INFO  [connection] Opened connection [connectionId{localValue:23, serverValue:24}] to localhost:27017
2017-07-25T20:14:48.852-05:00 INFO  [connection] Opened connection [connectionId{localValue:22, serverValue:23}] to localhost:27017
2017-07-25T20:14:48.856-05:00 INFO  [connection] Opened connection [connectionId{localValue:21, serverValue:22}] to localhost:27017
2017-07-25T20:14:50.435-05:00 WARN  [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] waited for 3s and no initial state was set by the discovery
2017-07-25T20:14:50.436-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] started
2017-07-25T20:14:51.612-05:00 INFO  [service] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] detected_master {Lady Octopus}{EHhP9TaDR8Cf1N62UmINig}{127.0.0.1}{127.0.0.1:9300}, added {{Lady Octopus}{EHhP9TaDR8Cf1N62UmINig}{127.0.0.1}{127.0.0.1:9300},}, reason: zen-disco-receive(from master [{Lady Octopus}{EHhP9TaDR8Cf1N62UmINig}{127.0.0.1}{127.0.0.1:9300}])
2017-07-25T20:14:56.189-05:00 INFO  [MongoIndexSet] Did not find an deflector alias. Setting one up now.
2017-07-25T20:14:56.253-05:00 INFO  [MongoIndexSet] There is no index target to point to. Creating one now.
2017-07-25T20:14:56.347-05:00 INFO  [MongoIndexSet] Cycling from <none> to <graylog_0>.
2017-07-25T20:14:56.348-05:00 INFO  [MongoIndexSet] Creating target index <graylog_0>.
2017-07-25T20:14:59.237-05:00 INFO  [Indices] Created Graylog index template "graylog-internal" in Elasticsearch.
2017-07-25T20:15:00.210-05:00 INFO  [MongoIndexSet] Waiting for allocation of index <graylog_0>.
2017-07-25T20:15:00.453-05:00 INFO  [MongoIndexSet] Index <graylog_0> has been successfully allocated.
2017-07-25T20:15:00.453-05:00 INFO  [MongoIndexSet] Pointing index alias <graylog_deflector> to new index <graylog_0>.
2017-07-25T20:15:00.506-05:00 INFO  [MongoIndexSet] Successfully pointed index alias <graylog_deflector> to index <graylog_0>.
2017-07-25T20:15:10.155-05:00 INFO  [jvm] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] [gc][young][22][3] duration [703ms], collections [1]/[1.4s], total [703ms]/[1.7s], memory [453.1mb]->[126.2mb]/[972.8mb], all_pools {[young] [360.3mb]->[7.1mb]/[409.6mb]}{[survivor] [51.1mb]->[37.5mb]/[51.1mb]}{[old] [41.6mb]->[81.5mb]/[512mb]}
2017-07-25T20:15:19.622-05:00 INFO  [NetworkListener] Started listener bound to [127.0.0.1:9000]
2017-07-25T20:15:19.624-05:00 INFO  [HttpServer] [HttpServer] Started.
2017-07-25T20:15:19.624-05:00 INFO  [JerseyService] Started REST API at <http:// 127.0.0.1:9000/api/>
2017-07-25T20:15:19.624-05:00 INFO  [JerseyService] Started Web Interface at <http:// 127.0.0.1:9000/>
2017-07-25T20:15:19.626-05:00 INFO  [ServiceManagerListener] Services are healthy
2017-07-25T20:15:19.628-05:00 INFO  [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=380, BufferSynchronizerService [RUNNING]=382, KafkaJournal [RUNNING]=395, JournalReader [RUNNING]=511, StreamCacheService [RUNNING]=681, InputSetupService [RUNNING]=715, ConfigurationEtagService [RUNNING]=769, PeriodicalsService [RUNNING]=783, IndexerSetupService [RUNNING]=5734, JerseyService [RUNNING]=33618}
2017-07-25T20:15:19.629-05:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-07-25T20:15:19.633-05:00 INFO  [ServerBootstrap] Graylog server up and running.
2017-07-25T20:16:47.889-05:00 INFO  [Server] SIGNAL received. Shutting down.
2017-07-25T20:16:47.893-05:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2017-07-25T20:16:47.893-05:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2017-07-25T20:16:51.958-05:00 INFO  [Buffers] Waiting until all buffers are empty.
2017-07-25T20:16:51.961-05:00 INFO  [Buffers] All buffers are empty. Continuing.
2017-07-25T20:16:51.966-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] stopping ...
2017-07-25T20:16:51.967-05:00 INFO  [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2017-07-25T20:16:51.981-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.AlertScannerThread].
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>.
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2017-07-25T20:16:51.982-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2017-07-25T20:16:51.983-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2017-07-25T20:16:51.984-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical].
2017-07-25T20:16:51.984-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] complete, took <0ms>.
2017-07-25T20:16:51.984-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical].
2017-07-25T20:16:51.984-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] complete, took <0ms>.
2017-07-25T20:16:51.984-05:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2017-07-25T20:16:51.984-05:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2017-07-25T20:16:51.995-05:00 INFO  [GracefulShutdown] Goodbye.
2017-07-25T20:16:52.005-05:00 INFO  [JournalReader] Stopping.
2017-07-25T20:16:52.013-05:00 INFO  [JerseyService] Shutting down HTTP listener at <http://127.0.0.1:9000/api/>
2017-07-25T20:16:52.074-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] stopped
2017-07-25T20:16:52.075-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] closing ...
2017-07-25T20:16:52.079-05:00 INFO  [LogManager] Shutting down.
2017-07-25T20:16:52.104-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] closed
2017-07-25T20:16:52.120-05:00 INFO  [LogManager] Shutdown complete.
2017-07-25T20:16:52.165-05:00 INFO  [NetworkListener] Stopped listener bound to [127.0.0.1:9000]
2017-07-25T20:16:52.166-05:00 INFO  [ServiceManagerListener] Services are now stopped.
2017-07-25T20:17:01.899-05:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.2.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2017-07-25T20:17:01.904-05:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.2.3 [org.graylog.plugins.collector.CollectorPlugin]
2017-07-25T20:17:01.905-05:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.2.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2017-07-25T20:17:01.906-05:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.2.3 [org.graylog.plugins.map.MapWidgetPlugin]
2017-07-25T20:17:01.916-05:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.2.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2017-07-25T20:17:01.937-05:00 INFO  [CmdLineTool] Loaded plugin: Anonymous Usage Statistics 2.2.3 [org.graylog.plugins.usagestatistics.UsageStatsPlugin]
2017-07-25T20:17:02.465-05:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2017-07-25T20:17:02.830-05:00 INFO  [Version] HV000001: Hibernate Validator null
2017-07-25T20:17:08.825-05:00 INFO  [InputBufferImpl] Message journal is enabled.
2017-07-25T20:17:08.895-05:00 INFO  [NodeId] Node ID: 85a0735a-3fa9-4750-b7df-2f40050bdc78
2017-07-25T20:17:09.950-05:00 INFO  [LogManager] Loading logs.
2017-07-25T20:17:10.077-05:00 INFO  [LogManager] Logs loading complete.
2017-07-25T20:17:10.078-05:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2017-07-25T20:17:10.527-05:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2017-07-25T20:17:10.551-05:00 INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2017-07-25T20:17:10.602-05:00 INFO  [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2017-07-25T20:17:10.638-05:00 INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:29}] to localhost:27017
2017-07-25T20:17:10.640-05:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 15]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=722037}
2017-07-25T20:17:10.648-05:00 INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:30}] to localhost:27017
2017-07-25T20:17:11.247-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] version[2.4.4], pid[28992], build[fcbb46d/2017-01-03T11:33:16Z]
2017-07-25T20:17:11.247-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] initializing ...
2017-07-25T20:17:11.254-05:00 INFO  [plugins] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] modules [], plugins [graylog-monitor], sites []
2017-07-25T20:17:15.211-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] initialized
2017-07-25T20:17:15.324-05:00 INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2017-07-25T20:17:19.059-05:00 INFO  [RulesEngineProvider] No static rules file loaded.
2017-07-25T20:17:20.113-05:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-07-25T20:17:20.127-05:00 INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2017-07-25T20:17:20.531-05:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-07-25T20:17:20.725-05:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-07-25T20:17:20.939-05:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-07-25T20:17:21.278-05:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2017-07-25T20:17:23.937-05:00 INFO  [connection] Opened connection [connectionId{localValue:3, serverValue:31}] to localhost:27017
2017-07-25T20:17:24.142-05:00 INFO  [ServerBootstrap] Graylog server 2.2.3+7adc951 starting up
2017-07-25T20:17:24.142-05:00 INFO  [ServerBootstrap] JRE: Oracle Corporation 1.8.0_141 on Linux 3.10.0-514.26.2.el7.x86_64
2017-07-25T20:17:24.142-05:00 INFO  [ServerBootstrap] Deployment: rpm
2017-07-25T20:17:24.143-05:00 INFO  [ServerBootstrap] OS: CentOS Linux 7 (Core) (centos)
2017-07-25T20:17:24.143-05:00 INFO  [ServerBootstrap] Arch: amd64
2017-07-25T20:17:24.151-05:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2017-07-25T20:17:24.511-05:00 INFO  [PeriodicalsService] Starting 26 periodicals ...
2017-07-25T20:17:24.511-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2017-07-25T20:17:24.525-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] starting ...
2017-07-25T20:17:24.527-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2017-07-25T20:17:24.527-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2017-07-25T20:17:24.528-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2017-07-25T20:17:24.530-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2017-07-25T20:17:24.532-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2017-07-25T20:17:24.534-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2017-07-25T20:17:24.535-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2017-07-25T20:17:24.538-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2017-07-25T20:17:24.538-05:00 INFO  [IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks.
2017-07-25T20:17:24.538-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2017-07-25T20:17:24.539-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2017-07-25T20:17:24.541-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2017-07-25T20:17:24.542-05:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2017-07-25T20:17:24.548-05:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2017-07-25T20:17:24.553-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2017-07-25T20:17:24.555-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2017-07-25T20:17:24.557-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2017-07-25T20:17:24.600-05:00 INFO  [connection] Opened connection [connectionId{localValue:10, serverValue:38}] to localhost:27017
2017-07-25T20:17:24.604-05:00 INFO  [connection] Opened connection [connectionId{localValue:9, serverValue:37}] to localhost:27017
2017-07-25T20:17:24.606-05:00 INFO  [connection] Opened connection [connectionId{localValue:8, serverValue:36}] to localhost:27017
2017-07-25T20:17:24.611-05:00 INFO  [connection] Opened connection [connectionId{localValue:7, serverValue:35}] to localhost:27017
2017-07-25T20:17:24.618-05:00 INFO  [connection] Opened connection [connectionId{localValue:6, serverValue:34}] to localhost:27017
2017-07-25T20:17:24.620-05:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:33}] to localhost:27017
2017-07-25T20:17:24.630-05:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:32}] to localhost:27017
2017-07-25T20:17:24.744-05:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2017-07-25T20:17:24.745-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2017-07-25T20:17:24.755-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2017-07-25T20:17:24.797-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2017-07-25T20:17:24.843-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2017-07-25T20:17:24.861-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] periodical in [300s], polling every [21600s].
2017-07-25T20:17:24.862-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] periodical in [300s], polling every [21600s].
2017-07-25T20:17:24.924-05:00 INFO  [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.
2017-07-25T20:17:24.929-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2017-07-25T20:17:25.002-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2017-07-25T20:17:25.103-05:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2017-07-25T20:17:25.426-05:00 INFO  [transport] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] publish_address {127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
2017-07-25T20:17:25.465-05:00 INFO  [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] graylog/E15OBXAgRJ2_A1fAxYLdQQ
2017-07-25T20:17:25.509-05:00 INFO  [V20161130141500_DefaultStreamRecalcIndexRanges] Cluster not connected yet, delaying migration until it is reachable.
2017-07-25T20:17:25.890-05:00 INFO  [JerseyService] Enabling CORS for HTTP endpoint
2017-07-25T20:17:28.510-05:00 WARN  [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] waited for 3s and no initial state was set by the discovery
2017-07-25T20:17:28.510-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] started
2017-07-25T20:17:29.708-05:00 INFO  [service] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] detected_master {Lady Octopus}{EHhP9TaDR8Cf1N62UmINig}{127.0.0.1}{127.0.0.1:9300}, added {{Lady Octopus}{EHhP9TaDR8Cf1N62UmINig}{127.0.0.1}{127.0.0.1:9300},}, reason: zen-disco-receive(from master [{Lady Octopus}{EHhP9TaDR8Cf1N62UmINig}{127.0.0.1}{127.0.0.1:9300}])
2017-07-25T20:17:50.160-05:00 INFO  [NetworkListener] Started listener bound to [127.0.0.1:9000]
2017-07-25T20:17:50.162-05:00 INFO  [HttpServer] [HttpServer] Started.
2017-07-25T20:17:50.163-05:00 INFO  [JerseyService] Started REST API at <http:// 127.0.0.1:9000/api/>
2017-07-25T20:17:50.163-05:00 INFO  [JerseyService] Started Web Interface at <http:// 127.0.0.1:9000/>
2017-07-25T20:17:50.165-05:00 INFO  [ServiceManagerListener] Services are healthy
2017-07-25T20:17:50.167-05:00 INFO  [ServerBootstrap] Services started, startup times in ms: {ConfigurationEtagService [RUNNING]=251, OutputSetupService [RUNNING]=324, BufferSynchronizerService [RUNNING]=387, KafkaJournal [RUNNING]=442, JournalReader [RUNNING]=617, StreamCacheService [RUNNING]=650, InputSetupService [RUNNING]=732, PeriodicalsService [RUNNING]=820, IndexerSetupService [RUNNING]=5437, JerseyService [RUNNING]=25914}
2017-07-25T20:17:50.174-05:00 INFO  [ServerBootstrap] Graylog server up and running.
2017-07-25T20:17:50.175-05:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]

When I go to “server-addr:9000/api/” server-addr:9000/ Nothing comes up in my browser at all.

Any help would be most welcome!!!

4

I’m not sure why this should be important…

Yes, because the Graylog REST API and the web interface were started on http://127.0.0.1:9000, which is the loopback interface and only accessible on the very same machine.

Please read http://docs.graylog.org/en/2.2/pages/configuration/web_interface.html and check your Graylog configuration file.

5

Can the rest_transport_uri be a url, or does it have to be an IP?

6

It’s possible to use a FQDN in the URI. Just make sure that the host name can be properly resolved on the system running Graylog.

7

I fixed the server.conf:

REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.

When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.

rest_listen_uri = http:// 127.0.0.1:9000/api/
{Space after the http:// and this line are not in the actual conf file. Just there to get around not being able to post more thn two links}

REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri

is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.

If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on

this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)

You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting

the scheme, host name or URI.

This must not contain a wildcard address (0.0.0.0).

rest_transport_uri = http:// 10.10.10.54:9000/api/
{Space after the http:// and this line are not in the actual conf file. Just there to get around not being able to post more thn two links}

Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.

If these are disabled, modern browsers will not be able to retrieve resources from the server.

This is enabled by default. Uncomment the next line to disable it.

#rest_enable_cors = false

Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce

overall round trip times. This is enabled by default. Uncomment the next line to disable it.

#rest_enable_gzip = false

Enable HTTPS support for the REST API. This secures the communication with the REST API with

TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the

next line to enable it.

#rest_enable_tls = true

Still can not get in, also checked the log file, there is no reference to 10.10.10.54…
Last part of log file:
2017-07-26T05:48:41.930-05:00 INFO [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2017-07-26T05:48:41.979-05:00 INFO [V20161130141500_DefaultStreamRecalcIndexRanges] Cluster not connected yet, delaying migration until it is reachable.
2017-07-26T05:48:42.572-05:00 INFO [transport] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] publish_address {127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
2017-07-26T05:48:42.584-05:00 INFO [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] graylog/uYZCjb3wTGKL9F8lQ3G3mg
2017-07-26T05:48:42.667-05:00 INFO [JerseyService] Enabling CORS for HTTP endpoint
2017-07-26T05:48:45.600-05:00 WARN [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] waited for 3s and no initial state was set by the discovery
2017-07-26T05:48:45.600-05:00 INFO [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] started
2017-07-26T05:48:45.941-05:00 INFO [service] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] detected_master {Arkady Rossovich}{7ZqiaEQNRFGTUb0MN1_4bw}{127.0.0.1}{127.0.0.1:9300}, added {{Arkady Rossovich}{7ZqiaEQNRFGTUb0MN1_4bw}{127.0.0.1}{127.0.0.1:9300},}, reason: zen-disco-receive(from master [{Arkady Rossovich}{7ZqiaEQNRFGTUb0MN1_4bw}{127.0.0.1}{127.0.0.1:9300}])
2017-07-26T05:49:11.281-05:00 INFO [NetworkListener] Started listener bound to [127.0.0.1:9000]
2017-07-26T05:49:11.283-05:00 INFO [HttpServer] [HttpServer] Started.
2017-07-26T05:49:11.283-05:00 INFO [JerseyService] Started REST API at http://127.0.0.1:9000/api/
2017-07-26T05:49:11.284-05:00 INFO [JerseyService] Started Web Interface at http://127.0.0.1:9000/
2017-07-26T05:49:11.286-05:00 INFO [ServiceManagerListener] Services are healthy
2017-07-26T05:49:11.288-05:00 INFO [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=762, BufferSynchronizerService [RUNNING]=835, KafkaJournal [RUNNING]=854, ConfigurationEtagService [RUNNING]=877, StreamCacheService [RUNNING]=880, InputSetupService [RUNNING]=925, JournalReader [RUNNING]=971, PeriodicalsService [RUNNING]=1134, IndexerSetupService [RUNNING]=5153, JerseyService [RUNNING]=30462}
2017-07-26T05:49:11.299-05:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-07-26T05:49:11.319-05:00 INFO [ServerBootstrap] Graylog server up and running.

8

That limit doesn’t apply if you’re using proper formatting for text snippets. Please edit your post accordingly.

Example:

```
Text
```
9

Well, you might want to check your “fixed” Graylog configuration file again.

Hint: rest_listen_uri and web_listen_uri.

10

Thank you thank you thank you! Getting father. I am now getting a response when I try to connect, but I am getting an error message:
Error message
cannot GET http://10.10.10.54:9000/api/ (404)

11

Please provide all necessary information.

12

That is what comes up with I go to 10.10.10.54:9000/api/
I can send you anything that will help, Which log file do you need?

Here is the end of server.log:

2017-07-26T06:31:17.453-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2017-07-26T06:31:17.463-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2017-07-26T06:31:17.464-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2017-07-26T06:31:17.466-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2017-07-26T06:31:17.467-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2017-07-26T06:31:17.468-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2017-07-26T06:31:17.471-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2017-07-26T06:31:17.473-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2017-07-26T06:31:17.473-05:00 INFO  [IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks.
2017-07-26T06:31:17.473-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2017-07-26T06:31:17.474-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2017-07-26T06:31:17.477-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2017-07-26T06:31:17.478-05:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2017-07-26T06:31:17.484-05:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2017-07-26T06:31:17.486-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2017-07-26T06:31:17.487-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2017-07-26T06:31:17.489-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2017-07-26T06:31:17.518-05:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:5}] to localhost:27017
2017-07-26T06:31:17.519-05:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:4}] to localhost:27017
2017-07-26T06:31:17.523-05:00 INFO  [connection] Opened connection [connectionId{localValue:10, serverValue:10}] to localhost:27017
2017-07-26T06:31:17.529-05:00 INFO  [connection] Opened connection [connectionId{localValue:9, serverValue:9}] to localhost:27017
2017-07-26T06:31:17.534-05:00 INFO  [connection] Opened connection [connectionId{localValue:8, serverValue:8}] to localhost:27017
2017-07-26T06:31:17.536-05:00 INFO  [connection] Opened connection [connectionId{localValue:7, serverValue:7}] to localhost:27017
2017-07-26T06:31:17.539-05:00 INFO  [connection] Opened connection [connectionId{localValue:6, serverValue:6}] to localhost:27017
2017-07-26T06:31:17.678-05:00 INFO  [IndexerClusterCheckerThread] Indexer not fully initialized yet. Skipping periodic cluster check.
2017-07-26T06:31:17.790-05:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2017-07-26T06:31:17.790-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2017-07-26T06:31:17.818-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2017-07-26T06:31:17.832-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2017-07-26T06:31:17.866-05:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2017-07-26T06:31:17.897-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] periodical in [300s], polling every [21600s].
2017-07-26T06:31:17.902-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] periodical in [300s], polling every [21600s].
2017-07-26T06:31:18.087-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2017-07-26T06:31:18.207-05:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2017-07-26T06:31:18.474-05:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2017-07-26T06:31:18.511-05:00 INFO  [V20161130141500_DefaultStreamRecalcIndexRanges] Cluster not connected yet, delaying migration until it is reachable.
2017-07-26T06:31:18.565-05:00 INFO  [transport] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] publish_address {127.0.0.1:9350}, bound_addresses {[::1]:9350}, {127.0.0.1:9350}
2017-07-26T06:31:18.574-05:00 INFO  [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] graylog/DYo-IBbwRvm4_nnmw24bOw
2017-07-26T06:31:18.986-05:00 INFO  [JerseyService] Enabling CORS for HTTP endpoint
2017-07-26T06:31:21.598-05:00 INFO  [jvm] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] [gc][young][3][2] duration [849ms], collections [1]/[1.8s], total [849ms]/[1s], memory [450.6mb]->[95.5mb]/[972.8mb], all_pools {[young] [396.6mb]->[16.6mb]/[409.6mb]}{[survivor] [51.1mb]->[51.1mb]/[51.1mb]}{[old] [2.7mb]->[27.7mb]/[512mb]}
2017-07-26T06:31:21.782-05:00 WARN  [discovery] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] waited for 3s and no initial state was set by the discovery
2017-07-26T06:31:21.783-05:00 INFO  [node] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] started
2017-07-26T06:31:22.235-05:00 INFO  [service] [graylog-85a0735a-3fa9-4750-b7df-2f40050bdc78] detected_master {Mary "Skeeter" MacPherran}{oack1z3sS5egWM08YqAspg}{127.0.0.1}{127.0.0.1:9300}, added {{Mary "Skeeter" MacPherran}{oack1z3sS5egWM08YqAspg}{127.0.0.1}{127.0.0.1:9300},}, reason: zen-disco-receive(from master [{Mary "Skeeter" MacPherran}{oack1z3sS5egWM08YqAspg}{127.0.0.1}{127.0.0.1:9300}])
2017-07-26T06:31:45.743-05:00 INFO  [NetworkListener] Started listener bound to [127.0.0.1:9000]
2017-07-26T06:31:45.745-05:00 INFO  [HttpServer] [HttpServer] Started.
2017-07-26T06:31:45.746-05:00 INFO  [JerseyService] Started REST API at <http://127.0.0.1:9000/api/>
2017-07-26T06:31:51.775-05:00 INFO  [NetworkListener] Started listener bound to [10.10.10.54:9000]
2017-07-26T06:31:51.776-05:00 INFO  [HttpServer] [HttpServer-1] Started.
2017-07-26T06:31:51.776-05:00 INFO  [JerseyService] Started Web Interface at <http://10.10.10.54:9000/>
2017-07-26T06:31:51.777-05:00 INFO  [ServiceManagerListener] Services are healthy
2017-07-26T06:31:51.779-05:00 INFO  [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=189, BufferSynchronizerService [RUNNING]=191, KafkaJournal [RUNNING]=203, ConfigurationEtagService [RUNNING]=227, JournalReader [RUNNING]=372, StreamCacheService [RUNNING]=373, InputSetupService [RUNNING]=376, PeriodicalsService [RUNNING]=902, IndexerSetupService [RUNNING]=4878, JerseyService [RUNNING]=34387}
2017-07-26T06:31:51.827-05:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-07-26T06:31:51.832-05:00 INFO  [ServerBootstrap] Graylog server up and running.
13

To be honest, I don’t know how I should make myself clearer than what I wrote before:

I guess you also didn’t read the part of the Graylog documentation I’ve linked to before:
http://docs.graylog.org/en/2.2/pages/configuration/web_interface.html

14

I did read it, The documentation is a little confusing for a newbee, I expect it will make more sense when I know what is supposed to go where.

I have got it to the point it Graylog is asking for login, but then getting a Cannot POST error.
Here is my server.config without the passwords:

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = *********************************
ash value into the following line
root_password_sha2 = ***********************************************************
#root_email = “”
#root_timezone = UTC

Set plugin directory here (relative or absolute)

plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://127.0.0.1:9000/api/
rest_transport_uri = http://10.10.10.54:9000/
#rest_enable_cors = false
#rest_enable_gzip = false
#rest_enable_tls = true
#rest_tls_cert_file = /path/to/graylog.crt
#rest_tls_key_file = /path/to/graylog.key
#rest_tls_key_password = secret
#rest_max_header_size = 8192
#rest_max_initial_line_length = 4096
#rest_thread_pool_size = 16
#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
#web_enable = false
web_listen_uri = http://10.10.10.54:9000/
#web_endpoint_uri =
#web_enable_cors = false
#web_enable_gzip = false
#web_enable_tls = true
#web_tls_cert_file = /path/to/graylog-web.crt
#web_tls_key_file = /path/to/graylog-web.key
#web_tls_key_password = secret
#web_max_header_size = 8192
#web_max_initial_line_length = 4096
#web_thread_pool_size = 16
#elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
#elasticsearch_max_size_per_index = 1073741824
#elasticsearch_max_time_per_index = 1d
#elasticsearch_disable_version_check = true
#no_retention = false
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
#elasticsearch_template_name = graylog-internal
allow_leading_wildcard_searches = false
allow_highlighting = false
#elasticsearch_cluster_name = graylog
#elasticsearch_node_name_prefix = graylog-
#elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
#elasticsearch_discovery_zen_ping_unicast_hosts = 198.51.100.23:9300, 198.51.100.42:9300
#elasticsearch_node_master = false
#elasticsearch_node_data = false
#elasticsearch_transport_tcp_port = 9350
#elasticsearch_http_enabled = false
#elasticsearch_cluster_discovery_timeout = 5000
#elasticsearch_network_host =
#elasticsearch_network_bind_host =
#elasticsearch_network_publish_host =
#elasticsearch_discovery_initial_state_timeout = 3s
elasticsearch_analyzer = standard
#elasticsearch_request_timeout = 1m
#elasticsearch_index_optimization_timeout = 1h
#elasticsearch_index_optimization_jobs = 20
#index_ranges_cleanup_interval = 1h
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
#outputbuffer_processor_keep_alive_time = 5000
#outputbuffer_processor_threads_core_pool_size = 3
#outputbuffer_processor_threads_max_pool_size = 30
#udp_recvbuffer_sizes = 1048576
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
#message_journal_max_age = 12h
#message_journal_max_size = 5gb
#message_journal_flush_age = 1m
#message_journal_flush_interval = 1000000
#message_journal_segment_age = 1h
#message_journal_segment_size = 100mb
#async_eventbus_processors = 2
lb_recognition_period_seconds = 3
#lb_throttle_threshold_percentage = 95
#stream_processing_timeout = 2000
#stream_processing_max_faults = 3
#alert_check_interval = 60
#output_module_timeout = 10000
#stale_master_timeout = 2000
#shutdown_timeout = 30000
mongodb_uri = mongodb://localhost/graylog
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
#rules_file = /etc/graylog/server/rules.drl

Email transport

#transport_email_enabled = false
#transport_email_hostname = mail.example.com
#transport_email_port = 587
#transport_email_use_auth = true
#transport_email_use_tls = true
#transport_email_use_ssl = true
#transport_email_auth_username = you@example.com
#transport_email_auth_password = secret
#transport_email_subject_prefix = [graylog]
#transport_email_from_email = graylog@example.com
#transport_email_web_interface_url = https://graylog.example.com
#http_connect_timeout = 5s
#http_read_timeout = 10s
#http_write_timeout = 10s
#http_proxy_uri =
#disable_index_optimization = true
#index_optimization_max_num_segments = 1
#gc_warning_threshold = 1s
#ldap_connection_timeout = 2000
#disable_sigar = false
#dashboard_widget_default_cache_time = 10s
#content_packs_loader_enabled = true
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32

1 Like
15

Please read my previous post again, word for word.

I gave you a hint which two settings to check and change.

16

I am pretty sure my problems are with the following:

rest_listen_uri = http://127.0.0.1:9000/api/
rest_transport_uri = http://10.10.10.54:9000/
web_listen_uri = http://10.10.10.54:9000/api/

I have tried all sorts of combinations of settings, all give me the same result. Let me ask you these two questions;
Are all three uri supposed to look at 10.10.10.54 and 127.0.0.1? Or should they all be looking at just one IP (10.10.10.54)
Are all three supposed to be different ‘port/path’ conbinations, or are a couple of them supposed to bt the same, all the same??

17
  • rest_listen_uri defines the network interface (and URI) the Graylog REST API binds to (hint! hint! hint!)
  • rest_transport_uri defines the URI which is published for other Graylog nodes and can override rest_listen_uri (but doesn’t have to).
  • web_listen_uri defines the network interface (and URI) the Graylog web interface binds to

rest_listen_uri and web_listen_uri MUST NOT be identical.

In your case, I’d use the following settings:

rest_listen_uri = http://10.10.10.54:9000/api/
# DO NOT SET rest_transport_uri
web_listen_uri = http://10.10.10.54:9000/
18

Ah HA! That worked like a charm. Knew I was missing something. The way I was reading the documentation was the listen and the transport for REST had to be filled in. I am in Graylog now and getting servers to send it data. Now the real fun begins.

Thank you for all your help!

19

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.