Inputs appear as not running

Yeah that was a classic example of not thinking this trough…
This is the curl output:

$ curl -k -v -i https://graylog.example.com:9001/api/
*   Trying 10.8.0.43...
* Connected to graylog.example.com (10.8.0.43) port 9001 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 694 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification SKIPPED
*        server certificate status verification SKIPPED
*        common name: graylog.example.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: C=DE,ST=Saxony,L=Leipzig,O=Example AG,OU=IT,CN=graylog.example.com,EMAIL=t.user@example.com
*        start date: Fri, 30 Jun 2017 10:36:33 GMT
*        expire date: Sat, 30 Jun 2018 10:36:33 GMT
*        issuer: C=DE,ST=Saxony,L=Leipzig,O=Example AG,OU=IT,CN=graylog.example.com,EMAIL=t.user@example.com
*        compression: NULL
* ALPN, server did not agree to a protocol
> GET /api/ HTTP/1.1
> Host: graylog.example.com:9001
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
HTTP/1.1 307 Temporary Redirect
< Location: https://graylog.example.com:9001/
Location: https://graylog.example.com:9001/
< X-Graylog-Node-ID: 2e5b7b01-4bbb-4c31-9d58-609a26bcf698
X-Graylog-Node-ID: 2e5b7b01-4bbb-4c31-9d58-609a26bcf698
< X-Runtime-Microseconds: 1030
X-Runtime-Microseconds: 1030
< Date: Mon, 03 Jul 2017 12:42:46 GMT
Date: Mon, 03 Jul 2017 12:42:46 GMT
< Content-Length: 0
Content-Length: 0

<
* Connection #0 to host graylog.example.com left intact

The log is really really big. There are several hundred lines, mainly because the mentioned warning messages reappear a couple of times.
These are the last couple of lines from the log after a bunch of mongo related log messages:

2017-07-03 12:44:25,585 INFO : org.glassfish.grizzly.http.server.NetworkListener - Started listener bound to [0.0.0.0:9000]
2017-07-03 12:44:25,588 INFO : org.glassfish.grizzly.http.server.HttpServer - [HttpServer] Started.
2017-07-03 12:44:25,589 INFO : org.graylog2.shared.initializers.JerseyService - Started REST API at <https://0.0.0.0:9000/api/>
2017-07-03 12:44:25,589 INFO : org.graylog2.shared.initializers.JerseyService - Started Web Interface at <https://0.0.0.0:9000/>
2017-07-03 12:44:25,594 INFO : org.graylog2.shared.initializers.ServiceManagerListener - Services are healthy
2017-07-03 12:44:25,595 INFO : org.graylog2.bootstrap.ServerBootstrap - Services started, startup times in ms: {BufferSynchronizerService [RUNNING]=29, OutputSetupService [RUNNING]=33, InputSetupService [RUNNING]=46, KafkaJournal [RUNNING]=58, ConfigurationEtagService [RUNNING]=74, StreamCacheService [RUNNING]=100, JournalReader [RUNNING]=122, PeriodicalsService [RUNNING]=245, IndexerSetupService [RUNNING]=3800, JerseyService [RUNNING]=19762}
2017-07-03 12:44:25,599 INFO : org.graylog2.shared.initializers.InputSetupService - Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2017-07-03 12:44:25,606 INFO : org.graylog2.bootstrap.ServerBootstrap - Graylog server up and running.
2017-07-03 12:44:25,695 INFO : org.graylog2.inputs.InputStateListener - Input [Syslog TCP/58d27486c414790001ce211c] is now STARTING
2017-07-03 12:44:25,700 INFO : org.graylog2.inputs.InputStateListener - Input [GELF TCP/58c2ce5b4cedfd0001d55fb9] is now STARTING
2017-07-03 12:44:25,712 INFO : org.graylog2.plugin.inputs.transports.AbstractTcpTransport - Enabled TLS for input [GELF TCP/58c2ce5b4cedfd0001d55fb9]. key-file="/usr/share/graylog/data/config/certs/graylog-ca.key.pem" cert-file="/usr/share/graylog/data/config/certs/graylog-ca.pem"
2017-07-03 12:44:25,740 WARN : org.graylog2.plugin.inputs.transports.NettyTransport - receiveBufferSize (SO_RCVBUF) for input SyslogTCPInput{title=TCP TLS Input SYSLOG, type=org.graylog2.inputs.syslog.tcp.SyslogTCPInput, nodeId=2e5b7b01-4bbb-4c31-9d58-609a26bcf698} should be 1048576 but is 212992.
2017-07-03 12:44:25,748 INFO : org.graylog2.inputs.InputStateListener - Input [Syslog TCP/58d27486c414790001ce211c] is now RUNNING
2017-07-03 12:44:25,777 WARN : org.graylog2.plugin.inputs.transports.NettyTransport - receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=GELF TLS Windows, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=2e5b7b01-4bbb-4c31-9d58-609a26bcf698} should be 1048576 but is 212992.
2017-07-03 12:44:25,782 INFO : org.graylog2.inputs.InputStateListener - Input [GELF TCP/58c2ce5b4cedfd0001d55fb9] is now RUNNING

If you really need the complete log, I need to provide it via some alternative way. This is clearly to much to post here.
And I double checked the config file for the web_enable_tls and rest_enable_tls are activated.

Maybe think about the correct URIs a little bit further? :wink:

1 Like

Yeah, I think it should be 9001 instead of 9000. But the settings are in the conf file which is inside of the container. How should the container know to connect to 9001 instead of 9000. I thought the connections to the REST API are happening inside of the container. Or am I wrong here?

I works now. I thought about this a bit more this morning and tried the following setting in my graylog.conf file:

rest_listen_uri = https://0.0.0.0:9000/api/
web_listen_uri = https://0.0.0.0:9000/
rest_transport_uri = https://graylog.example.com:9001/api/

The message count is now working and the inputs appear as running.

Thanks a lot jochen!!!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.