Graylog2 on AWS


(Rathil Vasani) #1

I have installed graylog2 server on and aws EC2 instance and whole configuring the graylog server configuration file I don’t understand what ip to give so that it will be show on the Web api I used public ip of the instance and the private ip of the instance but the web api is not loading… Also configured the the mongodb and elasticsearch


(Micke Eskilander) #2

Dont know if this is the way to solve it, but I had the same issue on my cloud solution.
Since the public ip is not shown in “ipconfig”.

rest_listen_uri = http://0.0.0.0:9000/api/
web_listen_uri = http://0.0.0.0:9000/

And add:

rest_transport_uri = http://<your-public-ip>:9000/api/

add your public IP here

That did the trick for me.
/etc/graylog/server/server.conf

M


(Shane) #3

Also, you state you configured mongodb and elasticsearch, how exactly did you configure those?


(Rathil Vasani) #4

i configured elasticsearch parameter cluster-name: graylog and didnt do anything to mongodb


(Rathil Vasani) #5

how can access the web api and what ip to put it in the url i have been running the instance on the Terminal


(Shane) #6

As @krossdata suggested, your configuration should be something similar:

rest_listen_uri = http://0.0.0.0:9000/api/
web_listen_uri = http://0.0.0.0:9000/
rest_transport_uri = http://<your-public-ip>:9000/api/

The 0.0.0.0 ip address means it will create a listener on all IPv4 addresses on that machine. If you want Graylog only to listen on a specific IP address you could do something like the following if your ip address for graylog was 192.168.1.10:

rest_listen_uri = http://192.168.1.10:9000/api/
web_listen_uri = http://192.168.1.10:9000/
rest_transport_uri = http://192.168.1.10:9000/api/

You should also have a configuration in your graylog server.conf file that has an entry as such below:

elasticsearch_hosts = http://127.0.0.1:9200

The elasticsearch_hosts configuration should only be listening to 127.0.0.1 if your elasticsearch instance is on the same server as your graylog instance.

If your elasticsearch instance is not on the same server, then you need to adjust the elasticsearch_hosts file in the graylog server.conf file as well as the network_host parameter in your elasticsearch.yml file.


(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.