Graylog2 Using https


(Greg Smith) #1

Hello All,
I am having a problem with https on graylog2.2.3, Currently using CentOS-7.3 all in one graylog2 server. This is a Virtual machine with 8 cores, 10 GB of ram and 1 Tb storage.
I created an Input for Localhost and tested to received messages, completed. No problems.
I attempted to use the following:
http://docs.graylog.org/en/2.2/pages/configuration/https.html

Unfortunately, toward the end of the page I was having problems with JVM to pick up the new trust store. So, I attempted to follow these instructions as shown below;

This work flawlessly, logged in with https://ipaddress:9000/gettingstarted
Some problems were noticed, for example: My Input created for Localhost now shows [0 Running] and I cannot start them (i.e. it errors out “unable to start input”), but I’m receiving messages from localhost on that Input, Kind of weird. The Second Problem noticed is when I navigate to System > Logging see the following;
ff45be84 / test-graylog.enseva-labs.net Has written a total of n/a internal log messages. If I Click on the link “ff45be84 / test-graylog.enseva-labs.net” I receive the following error:
We had trouble fetching some data required to build this page, so here is a picture instead. Error: cannot GET https://ipaddres:9000/api/cluster/ff45be84-46ee-47b5-a46e-5a3fef085c73/jvm (500)

Check your Graylog logs for more information.
Graylog files continue to show the following error;
2017-10-17T21:02:34.077-05:00 WARN [ProxiedResource] Unable to call https://ipaddress:9000/api/system/metrics/multiple on node javax.net.ssl.SSLPeerUnverifiedException: Hostname ipaddress not verified: certificate: sha256/8gOPCINQyuUol2SFmo0WXrP+TBYWeHxgqtp9f9ENct0= DN: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown

I’ve been googling for 5 days trying to figure out how to solve this problem. Any help or direction to solve this problem would be appreciated.
Thank you in advance


Graylog unable to start after the setup of SSL/TLS
(Greg Smith) #2

I fixed my problem. I was trying to use an IP Address instead of FQDN.
I had to do some reconfiguring.

  1. Configure my CentOS 7 Virtual Machine /hosts and /hostname file to a FQDN
  2. Made a PTR record on my DNS Server for my Graylog Server.
  3. Make Certs, I filled out Organizational Unit as FQDN.
  4. Reconfigured my Graylog.conf file as follow;
rest_listen_uri = http://FQDN:9000/api/
web_listen_uri = http://FQDN:9000/

I restarted my Graylog server, everything works as expected.
I should of waited before posting.


(Ganeshbabu Ramamoorthy) #3

Hi @gsmith

I am trying the same setup in one of my Google Cloud Platform and I am getting the same exception in logs when I am trying to navigate some other page in Graylog. I followed this link to setup the SSL

2017-11-02T06:42:22.847Z WARN  [ProxiedResource] Unable to call https://localhost:9000/api/system/metrics/multiple on node <317427ae-de50-4ae6-a100-e9137244d6d8>
javax.net.ssl.SSLPeerUnverifiedException: Hostname: XXXXX not verified:
    certificate: sha256/Q+bQmmOWmFLeDy1Rs80WMVC3AlQI4ihpj+2Y+IL4fAI=
    DN: CN=manik basha, OU=39.164.202.35.bc.googleusercontent.com., O=39.164.202.35.bc.googleusercontent.com., L=mumbai, ST=maharastra, C=IN
    subjectAltNames: []
        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:290) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:251) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:151) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:69) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_144]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_144]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_144]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144]

I have uploaded my Graylog conf file please kindly check and correct me If I am doing anything wrong in the setup.

############################
# GRAYLOG CONFIGURATION FILE
############################
#
# This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
# Characters that cannot be directly represented in this encoding can be written using Unicode escapes
# as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
# For example, \u002c.
# 
# * Entries are generally expected to be a single line of the form, one of the following:
#
# propertyName=propertyValue
# propertyName:propertyValue
#
# * White space that appears between the property name and property value is ignored,
#   so the following are equivalent:
# 
# name=Stephen
# name = Stephen
#
# * White space at the beginning of the line is also ignored.
#
# * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
#
# * The property value is generally terminated by the end of the line. White space following the
#   property value is not ignored, and is treated as part of the property value.
#
# * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
#   For example:
#
# targetCities=\
#         Detroit,\
#         Chicago,\
#         Los Angeles
#
#   This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
# 
# * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
# 
# * The backslash character must be escaped as a double backslash. For example:
# 
# path=c:\\docs\\doc1
#

# If you are running more than one instances of Graylog server you have to select one of these
# instances as master. The master will perform some periodical tasks that non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
# to use an absolute file path here if you are starting Graylog server from init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret = IxtU2Wjsr7ml6CAICvRzNvkerAXTbvH5dVFmUmCjW2rU0aEnAv7LLwvBVbx3wBN

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc47770bb89b22cdeb4e951

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

# REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
# When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
rest_listen_uri = http://10.128.0.7:9000/api/

# REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
# If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
# this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
# You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
# the scheme, host name or URI.
# This must not contain a wildcard address (0.0.0.0).
rest_transport_uri = https://35.202.164.39:9000/api/

# Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
# If these are disabled, modern browsers will not be able to retrieve resources from the server.
# This is enabled by default. Uncomment the next line to disable it.
#rest_enable_cors = false

# Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
# overall round trip times. This is enabled by default. Uncomment the next line to disable it.
#rest_enable_gzip = false

# Enable HTTPS support for the REST API. This secures the communication with the REST API with
# TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
# next line to enable it.
rest_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the REST API.

rest_tls_cert_file = /etc/graylog/graylog-certificate.pem

# The PKCS#8 private key file in PEM format to use for securing the REST API.
rest_tls_key_file = /etc/graylog/graylog-key.pem

# The password to unlock the private key used for securing the REST API.
rest_tls_key_password = secret

# The maximum size of the HTTP request headers in bytes.
#rest_max_header_size = 8192

# The maximal length of the initial HTTP/1.1 line in bytes.
#rest_max_initial_line_length = 4096

# The size of the thread pool used exclusively for serving the REST API.
#rest_thread_pool_size = 16

# Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
# header. May be subnets, or hosts.
#trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128

# Enable the embedded Graylog web interface.
# Default: true
#web_enable = false

# Web interface listen URI.
# Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement
# for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface.
web_listen_uri = http://10.128.0.7:9000/

# Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.
# Default: $rest_transport_uri
#web_endpoint_uri =

# Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.
# If these are disabled, modern browsers will not be able to retrieve resources from the server.
#web_enable_cors = true

# Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce
# overall round trip times. This is enabled by default. Uncomment the next line to disable it.
#web_enable_gzip = false

# Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
# using TLS to prevent request forgery and eavesdropping.
# This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
web_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the web interface.
web_tls_cert_file =  /etc/graylog/graylog-certificate.pem

# The PKCS#8 private key file in PEM format to use for securing the web interface.
web_tls_key_file =  /etc/graylog/graylog-key.pem

# The password to unlock the private key used for securing the web interface.
web_tls_key_password = secret

# The maximum size of the HTTP request headers in bytes.
#web_max_header_size = 8192

# The maximal length of the initial HTTP/1.1 line in bytes.
#web_max_initial_line_length = 4096

# The size of the thread pool used exclusively for serving the web interface.
#web_thread_pool_size = 16

# List of Elasticsearch hosts Graylog should connect to.
# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
# requires authentication.
#
# Default: http://127.0.0.1:9200
ielasticsearch_hosts = http://35.202.164.39:9200
#http://user:password@node2:19200

# Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port.
#
# Default: 10 Seconds
#elasticsearch_connect_timeout = 10s

# Maximum amount of time to wait for reading back a response from an Elasticsearch server.
#
# Default: 60 seconds
#elasticsearch_socket_timeout = 60s

# Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will
# be tore down.
#
# Default: inf
#elasticsearch_idle_timeout = -1s

# Maximum number of total connections to Elasticsearch.
#
# Default: 20
#elasticsearch_max_total_connections = 20

# Maximum number of total connections per Elasticsearch route (normally this means per
# elasticsearch server).
#
# Default: 2
#elasticsearch_max_total_connections_per_route = 2

# Enable automatic Elasticsearch node discovery through Nodes Info,
# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html
#
# WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield.
#
# Default: false
#elasticsearch_discovery_enabled = true

# Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes,
# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes
#
# Default: empty
#elasticsearch_discovery_filter = rack:42

# Frequency of the Elasticsearch node discovery.
#
# Default: 30s
# elasticsearch_discovery_frequency = 30s

# Enable payload compression for Elasticsearch requests.
#
# Default: false
#elasticsearch_compression_enabled = true

# Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
# when to rotate the currently active write index.
# It supports multiple rotation strategies:
#   - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
#   - "size" per index, use elasticsearch_max_size_per_index below to configure
# valid values are "count", "size" and "time", default is "count"
#
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
#            to your previous 1.x settings so they will be migrated to the database!
rotation_strategy = count

# (Approximate) maximum number of documents in an Elasticsearch index before a new index
# is being created, also see no_retention and elasticsearch_max_number_of_indices.
# Configure this if you used 'rotation_strategy = count' above.
#
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
#            to your previous 1.x settings so they will be migrated to the database!
elasticsearch_max_docs_per_index = 20000000

# (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
# no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
# Configure this if you used 'rotation_strategy = size' above.
#
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
#            to your previous 1.x settings so they will be migrated to the database!
#elasticsearch_max_size_per_index = 1073741824

# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure
#elasticsearch_disable_version_check = true

# Disable message retention on this node, i. e. disable Elasticsearch index rotation.
#no_retention = false

# How many indices do you want to keep?
#
# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
#            to your previous 1.x settings so they will be migrated to the database!
elasticsearch_max_number_of_indices = 20
retention_strategy = delete

# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
#            to your previous settings so they will be migrated to the database!
elasticsearch_shards = 4
elasticsearch_replicas = 0

# Prefix for all Elasticsearch indices and index aliases managed by Graylog.
#
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
#            to your previous settings so they will be migrated to the database!
elasticsearch_index_prefix = graylog

# Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
# Default: graylog-internal
#
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
#            to your previous settings so they will be migrated to the database!
#elasticsearch_template_name = graylog-internal

# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
# be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html
allow_leading_wildcard_searches = false

# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
# should only be enabled after making sure your Elasticsearch cluster has enough memory.
allow_highlighting = false

# Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
# All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
# Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html
# Note that this setting only takes effect on newly created indices.
#
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
#            to your previous settings so they will be migrated to the database!
elasticsearch_analyzer = standard

# Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
# calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
# Default: 1m
#elasticsearch_request_timeout = 1m

# Global timeout for index optimization (force merge) requests.
# Default: 1h
#elasticsearch_index_optimization_timeout = 1h

# Maximum number of concurrently running index optimization (force merge) jobs.
# If you are using lots of different index sets, you might want to increase that number.
# Default: 20
#elasticsearch_index_optimization_jobs = 20

# Time interval for index range information cleanups. This setting defines how often stale index range information
# is being purged from the database.
# Default: 1h
#index_ranges_cleanup_interval = 1h

# Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
# module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
# reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
# that every outputbuffer processor manages its own batch and performs its own batch write calls.
# ("outputbuffer_processors" variable)
output_batch_size = 500

# Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
# batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
# for this time period is less than output_batch_size * outputbuffer_processors.
output_flush_interval = 1

# As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
# over again. To prevent this, the following configuration options define after how many faults an output will
# not be tried again for an also configurable amount of seconds.
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30

# The number of parallel running processors.
# Raise this number if your buffers are filling up.
processbuffer_processors = 5
outputbuffer_processors = 3

#outputbuffer_processor_keep_alive_time = 5000
#outputbuffer_processor_threads_core_pool_size = 3
#outputbuffer_processor_threads_max_pool_size = 30

# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
#udp_recvbuffer_sizes = 1048576

# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
# Possible types:
#  - yielding
#     Compromise between performance and CPU usage.
#  - sleeping
#     Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
#  - blocking
#     High throughput, low latency, higher CPU usage.
#  - busy_spinning
#     Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
processor_wait_strategy = blocking

# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
# Must be a power of 2. (512, 1024, 2048, ...)
ring_size = 65536

inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking

# Enable the disk based message journal.
message_journal_enabled = true

# The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
# must not contain any other files than the ones created by Graylog itself.
#
# ATTENTION:
#   If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'
#   in the root directory, you need to create a sub directory for your journal.
#   Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.
message_journal_dir = /var/lib/graylog-server/journal

# Journal hold messages before they could be written to Elasticsearch.
# For a maximum of 12 hours or 5 GB whichever happens first.
# During normal operation the journal will be smaller.
#message_journal_max_age = 12h
#message_journal_max_size = 5gb

#message_journal_flush_age = 1m
#message_journal_flush_interval = 1000000
#message_journal_segment_age = 1h
#message_journal_segment_size = 100mb

# Number of threads used exclusively for dispatching internal events. Default is 2.
#async_eventbus_processors = 2

# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
# shutdown process. Set to 0 if you have no status checking load balancers in front.
lb_recognition_period_seconds = 3

# Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is
# disabled if not set.
#lb_throttle_threshold_percentage = 95

# Every message is matched against the configured streams and it can happen that a stream contains rules which
# take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
# This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
# streams, Graylog limits the execution time for each stream.
# The default values are noted below, the timeout is in milliseconds.
# If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
# that stream is disabled and a notification is shown in the web interface.
#stream_processing_timeout = 2000
#stream_processing_max_faults = 3

# Length of the interval in seconds in which the alert conditions for all streams should be checked
# and alarms are being sent.
#alert_check_interval = 60

# Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
# outputs. The next setting defines the timeout for a single output module, including the default output module where all
# messages end up.
#
# Time in milliseconds to wait for all message outputs to finish writing a single message.
#output_module_timeout = 10000

# Time in milliseconds after which a detected stale master node is being rechecked on startup.
#stale_master_timeout = 2000

# Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
#shutdown_timeout = 30000

# MongoDB connection string
# See https://docs.mongodb.com/manual/reference/connection-string/ for details
mongodb_uri = mongodb://localhost/graylog

# Authenticate against the MongoDB server
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog

# Use a replica set instead of a single host
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog

# Increase this value according to the maximum connections your MongoDB server can handle from a single client
# if you encounter MongoDB connection problems.
mongodb_max_connections = 1000

# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
# then 500 threads can block. More than that and an exception will be thrown.
# http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
mongodb_threads_allowed_to_block_multiplier = 5

# Drools Rule File (Use to rewrite incoming log messages)
# See: http://docs.graylog.org/en/2.1/pages/drools.html
#rules_file = /etc/graylog/server/rules.drl

# Email transport
#transport_email_enabled = false
#transport_email_hostname = mail.example.com
#transport_email_port = 587
#transport_email_use_auth = true
#transport_email_use_tls = true
#transport_email_use_ssl = true
#transport_email_auth_username = you@example.com
#transport_email_auth_password = secret
#transport_email_subject_prefix = [graylog]
#transport_email_from_email = graylog@example.com

# Specify and uncomment this if you want to include links to the stream in your stream alert mails.
# This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
#transport_email_web_interface_url = https://graylog.example.com

# The default connect timeout for outgoing HTTP connections.
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
# Default: 5s
#http_connect_timeout = 5s

# The default read timeout for outgoing HTTP connections.
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
# Default: 10s
#http_read_timeout = 10s

# The default write timeout for outgoing HTTP connections.
# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
# Default: 10s
#http_write_timeout = 10s

# HTTP proxy for outgoing HTTP connections
#http_proxy_uri =

# Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
# on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
# cycled indices.
#
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
#            to your previous settings so they will be migrated to the database!
#disable_index_optimization = true

# Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
# on heavily used systems with large indices, but it will decrease search performance. The default is 1.
#
# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
#            to your previous settings so they will be migrated to the database!
#index_optimization_max_num_segments = 1

# The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
# will be generated to warn the administrator about possible problems with the system. Default is 1 second.
#gc_warning_threshold = 1s

# Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
#ldap_connection_timeout = 2000

# Disable the use of SIGAR for collecting system stats
#disable_sigar = false

# The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
#dashboard_widget_default_cache_time = 10s

# Automatically load content packs in "content_packs_dir" on the first start of Graylog.
#content_packs_loader_enabled = true

# The directory which contains content packs which should be loaded on the first start of Graylog.
content_packs_dir = /usr/share/graylog-server/contentpacks

# A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
# the first start of Graylog.
# Default: empty
content_packs_auto_load = grok-patterns.json

# For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number
# of threads available for this. Increase it, if '/cluster/*' requests take long to complete.
# Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users.
proxied_requests_thread_pool_size = 32

My Google cloud VM has two IP’s internal & external… I have configured internal IP
rest_listen_uri = http://X.XXX.XX.X:9000/api/
web_listen_uri = http://XX.XXX.XX.X:9000/

Configured External IP in rest_transport_uri = https://X.XXX.XX.X:9000/api/

Please correct me if I am doing anything wrong and if possible can you please share your graylog.conf for reference.

Thanks,
Ganeshbabu R


(Greg Smith) #4

@Ganeshbabu

This is what help solve my issues as shown below;
I’m running CentOS 7.3, All in one Graylog Server.

This site is how I setup my Test environment. I used the same Version of elasticsearch and MongoDb

Then I used this to make my Certs.

Just an FYI, I made a backup of my JVM trust store (cacerts) prior to any configurations.

  1. I had to make sure my graylog server has a PTR record in the Domain DNS server. You should be able to ping your Graylog FQDN
  2. My rest_listen_uri and web_listen_uri as shown below (i.e. I used FQDN instead of IP Address);
    rest_listen_uri = http://test-graylog.net:9000/api/
    web_listen_uri = http://test-graylog.net:9000/api/

Side NOTE:
I set my Graylog server root_timezone = America/Chicago

Is there supposed to be an “i” in-front of ielasticsearch_hosts ?

Hope that helps…


(Ganeshbabu Ramamoorthy) #5

@gsmith

Is there supposed to be an “i” in-front of ielasticsearch_hosts ?

No while copy paste I made a mistake.

I am using Google cloud VM and I mentioned it has two IP’s (Internal & external IP address)

Since Google cloud VM “FDQN” or hostname are not accessible in the web interface and through external IP address only I am able to access it.

I tried by using the Public IP address but not able to do it and however I am getting the error in logs,

2017-11-07T12:20:56.321Z WARN  [ProxiedResource] Unable to call https://35.192.107.138:9000/api/system/metrics/multiple on node <12bd94c6-bd85-4640-a0ea-22d439d08c7b>
javax.net.ssl.SSLPeerUnverifiedException: Hostname 35.192.107.138 not verified:
    certificate: sha256/dCeFF9ZLi0kLikrKOct1YCj5BG1K3J3CRzIaZxcR7yo=
    DN: CN=35.192.107.138, OU=35.192.107.138, O=35.192.107.138, L=mumbai, ST=maharastra, C=IN
    subjectAltNames: []
        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:290) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:251) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:151) ~[graylog.jar:?]

My Google cloud console

Did you get any chance to try it in Google cloud Instance?

Regards,
Ganeshbabu R


(Greg Smith) #6

@Ganeshbabu
Sorry I don’t use Google Cloud. I just started using Graylog2 this past year so I’m not to familiar with some configurations.
Also I only work within our private network. I do know using a FQDN help out in most cases.
-Greg


(Ganeshbabu Ramamoorthy) #7

Yes @gsmith

Also I only work within our private network. I do know using a FQDN help out in most cases.

For my private network Graylog is working fine with HTTPS and I am trying to do the same HTTPS setup in public network but the certificate and key pem files generated using this documentation is not working and its throwing hostname is not verified.

Thanks,
Ganeshbabu R


(Jan Doberstein) #8

did the certificate include the private and the public hostname and ip address?


(Ganeshbabu Ramamoorthy) #9

@jan

did the certificate include the private and the public hostname and ip address?

Yes I include the hostname & IP address while generating the certificate and I followed this script

Below are my google cloud VM details,

Private IP : - 10.128.0.9
Public IP :- 104.198.57.170
Hostname : - graylogssl

Below is the commands I used to generate graylog-certificate.pem & graylog-key.pem files and I included all the steps, Please kindly check once and correct me where I am doing wrong. I have been struggling this setup in Google VM for long time.

Generating certificate & key using script

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# bash create_ssl_certs.sh -h graylogssl -i 10.128.0.9
This script will generate a SSL certificate with the following settings:
CN Hostname = graylogssl
subjectAltName = DNS:graylogssl,IP:10.128.0.9

the following files are written to the current directory:
  - graylogssl.pkcs5-plain.key.pem
  - graylogssl.pkcs8-plain.key.pem
  - graylogssl.pkcs8-encrypted.key.pem
    with the password: secret

Generating keystore.jks using keytool

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# keytool -genkey -alias 10.128.0.9 -keyalg RSA -validity 365 -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  graylogssl
What is the name of your organizational unit?
  [Unknown]:  server
What is the name of your organization?
  [Unknown]:  graylog
What is the name of your City or Locality?
  [Unknown]:  mumbai
What is the name of your State or Province?
  [Unknown]:  maharastra
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=graylogssl, OU=server, O=graylog, L=mumbai, ST=maharastra, C=IN correct?
  [no]:  yes

Enter key password for <10.128.0.9>
        (RETURN if same as keystore password):
Re-enter new password:

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".



Check the certificate in keystore.jks

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# keytool -list -v -keystore keystore.jks -alias 10.128.0.9
Enter keystore password:
Alias name: 10.128.0.9
Creation date: Nov 15, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=graylogssl, OU=server, O=graylog, L=mumbai, ST=maharastra, C=IN
Issuer: CN=graylogssl, OU=server, O=graylog, L=mumbai, ST=maharastra, C=IN
Serial number: 15318758
Valid from: Wed Nov 15 16:59:24 UTC 2017 until: Thu Nov 15 16:59:24 UTC 2018
Certificate fingerprints:
         MD5:  0B:F9:28:13:44:27:AB:4B:F1:AE:3B:4F:73:E8:A4:60
         SHA1: 99:D2:A8:BC:13:DB:F4:DE:ED:CE:9C:63:A0:B4:A3:F5:28:6D:7E:E4
         SHA256: CA:49:F8:BC:D3:F6:13:C2:73:27:B4:5E:7A:10:F3:4B:E0:20:24:AC:17:F3:EF:0D:48:1E:0B:0D:93:1A:CF:1D
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DE BC 99 DB D2 F4 05 54   70 FC CC CD D1 27 2B D4  .......Tp....'+.
0010: 35 E1 BA 86                                        5...
]
]


Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".

jks format converted to pkcs12 format

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
Importing keystore keystore.jks to keystore.p12...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias 10.128.0.9 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled



openssl can export the x509 certificate to pem encoding

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# openssl pkcs12 -in keystore.p12 -nokeys -out graylog-certificate.pem
Enter Import Password:
MAC verified OK
root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs#


private key can export to pem encoding

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# openssl pkcs12 -in keystore.p12 -nocerts -out graylog-pkcs5.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs#

Graylog only supports pkcs8 private key with pem encoding

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# openssl pkcs8 -in graylog-pkcs5.pem -topk8 -out graylog-key.pem
Enter pass phrase for graylog-pkcs5.pem:
Enter Encryption Password:
Verifying - Enter Encryption Password:
root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs#

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# head graylog-key.pem graylog-certificate.pem
==> graylog-key.pem <==
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6TAbBgkqhkiG9w0BBQMwDgQI8ut69w4peiQCAggABIIEyEbnJjf6d+68hNy6
CIM4+JOzhmrBqS3GxFszle6fAGYABeqOrl25NTTSUoo6Q9hZk+sM7JFGZOLaLAdo
wSmfU0pw8SbuX+FSPtLayahShSlwXJ51wVfQ4sZANrv4NnyEf7L7I2neF2az8Vnh
36hLLzaEV7qU2ymw8GhTZ+QDeXMHoEq2LVJKZ92duQbNiSraCw5hpm2MyXL85ujE
goUZJnJCkwtCBopsuaYCyt85pw6sIGB5jpGEddPK+kq5o6i32WhTJGTwxYNjns/g
Cgihx2AwHTxtvMXv1Vcx9Hk4klo7WcZHpLmUXUpvzNsP61hrSIaxdTkj3iEErAVC
umkak+/cD12f+f49Kp6QAOvGaBCM4kv9CnIJFV7ANn8Uaz10HhKmIkASEFt7Rgv0
ui9QEYA/PPJ+FHT9XBILru15EU7G0S0ItxmV68bzTdrdtaNmq6eX5UXX4GJwaCl4
GjyuqGxk3TAPIkSe+KS7/iksyq5hKe9SH3ahJ0EuuT+MD68bpmRAlb7LK0AgbBTd

==> graylog-certificate.pem <==
Bag Attributes
    friendlyName: 10.128.0.9
    localKeyID: 54 69 6D 65 20 31 35 31 30 37 36 35 33 30 36 39 31 35
subject=/C=IN/ST=maharastra/L=mumbai/O=graylog/OU=server/CN=graylogssl
issuer=/C=IN/ST=maharastra/L=mumbai/O=graylog/OU=server/CN=graylogssl
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIEFTGHWDANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJJ
TjETMBEGA1UECBMKbWFoYXJhc3RyYTEPMA0GA1UEBxMGbXVtYmFpMRAwDgYDVQQK
EwdncmF5bG9nMQ8wDQYDVQQLEwZzZXJ2ZXIxEzARBgNVBAMTCmdyYXlsb2dzc2ww
HhcNMTcxMTE1MTY1OTI0WhcNMTgxMTE1MTY1OTI0WjBrMQswCQYDVQQGEwJJTjET


pkcs8 private key file and x509 certificate are added in the graylog configuration file

Adding a self signed certificate to jvm trust store

original keystore copied with the following command,
cp -a "/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts" /home/graylogssl/bartwickelmaschine/create_self_signed_ssl_certs/cacerts.jks


Add the self signed certificate to keystore

keytool -import -trustcacerts -file graylog-certificate.pem -alias 10.128.0.9 -keystore /home/graylogssl/bartwickelmaschine/create_self_signed_ssl_certs/cacerts.jks
Enter keystore password:
Owner: CN=graylogssl, OU=server, O=graylog, L=mumbai, ST=maharastra, C=IN
Issuer: CN=graylogssl, OU=server, O=graylog, L=mumbai, ST=maharastra, C=IN
Serial number: 15318758
Valid from: Wed Nov 15 16:59:24 UTC 2017 until: Thu Nov 15 16:59:24 UTC 2018
Certificate fingerprints:
         MD5:  0B:F9:28:13:44:27:AB:4B:F1:AE:3B:4F:73:E8:A4:60
         SHA1: 99:D2:A8:BC:13:DB:F4:DE:ED:CE:9C:63:A0:B4:A3:F5:28:6D:7E:E4
         SHA256: CA:49:F8:BC:D3:F6:13:C2:73:27:B4:5E:7A:10:F3:4B:E0:20:24:AC:17:F3:EF:0D:48:1E:0B:0D:93:1A:CF:1D
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DE BC 99 DB D2 F4 05 54   70 FC CC CD D1 27 2B D4  .......Tp....'+.
0010: 35 E1 BA 86                                        5...
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore

To verify the self signed certificate added to the keystore

root@graylogssl:~/bartwickelmaschine/create_self_signed_ssl_certs# keytool -keystore /home/graylogssl/bartwickelmaschine/create_self_signed_ssl_certs/cacerts.jks -storepass changeit -list | grep 10.128.0.9 -A1
10.128.0.9, Nov 15, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 99:D2:A8:BC:13:DB:F4:DE:ED:CE:9C:63:A0:B4:A3:F5:28:6D:7E:E4

In order to pick the new trust store it has to be added in the jvm parameter

GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/home/graylogssl/bartwickelmaschine/create_self_signed_ssl_certs/cacerts.jks -Djavax.net.ssl.trustStorePassword=changeit"

Graylog server logs after logged into the Graylog UI

2017-11-15T17:22:12.590Z INFO  [JerseyService] Started REST API at <https://graylogssl:9000/api/>
2017-11-15T17:22:12.590Z INFO  [JerseyService] Started Web Interface at <https://graylogssl:9000/>
2017-11-15T17:22:12.595Z INFO  [ServerBootstrap] Services started, startup times in ms: {OutputSetupService [RUNNING]=21, BufferSynchronizerService [RUNNING]=31, KafkaJournal [RUNNING]=33, InputSetupService [RUNNING]=52, ConfigurationEtagService [RUNNING]=90, StreamCacheService [RUNNING]=90, JournalReader [RUNNING]=95, LookupTableService [RUNNING]=106, PeriodicalsService [RUNNING]=317, JerseyService [RUNNING]=19912}
2017-11-15T17:22:12.598Z INFO  [ServiceManagerListener] Services are healthy
2017-11-15T17:22:12.603Z INFO  [ServerBootstrap] Graylog server up and running.
2017-11-15T17:22:12.604Z INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-11-15T17:26:01.686Z WARN  [ProxiedResource] Unable to call https://104.198.57.170:9000/api/system/metrics/multiple on node <12bd94c6-bd85-4640-a0ea-22d439d08c7b>
javax.net.ssl.SSLPeerUnverifiedException: Hostname 104.198.57.170 not verified:
    certificate: sha256/9ExcxssbAdQSzmnw0rTS/JpBdENCKVYjpnqIYWEYOv8=
    DN: CN=graylogssl, OU=server, O=graylog, L=mumbai, ST=maharastra, C=IN
    subjectAltNames: []
        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:290) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:251) ~[graylog.jar:?]
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:151) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121) ~[graylog.jar:?]
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100) ~[graylog.jar:?]
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) ~[graylog.jar:?]
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) ~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:69) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
        at org.graylog2.shared.rest.resources.ProxiedResource.lambda$getForAllNodes$0(ProxiedResource.java:76) ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_151]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_151]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_151]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]

Note:- I tried giving the both hostname & private IP address in rest_transport_uri but I am getting the error as “This site cannot be reached”. Using external IP only the Google cloud VM are able access in web interface.

Please kindly advice

Thanks,
Ganeshbabu R


(Jan Doberstein) #10

if you use the following command:

bash create_ssl_certs.sh -h graylogssl -i 10.128.0.9

it does not include the information you give above:

Private IP : - 10.128.0.9
Public IP :- 104.198.57.170
Hostname : - graylogssl

the call for the script should be something like:

bash create_ssl_certs.sh -h graylogssl -i 10.128.0.9 -i 104.198.57.170 -m 

to include the public ip.


(system) #11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.