I am running a local docker setup of GrayLog (setup according to the quickstart steps in the documentation to test it out and see what it can do.
But I have encountered some issues during setup.
It works fine when it comes to the web interface. No problem reaching it at 127.0.0.1:9000 and setting up various things like inputs and such.
However, when I did try to actually send some data to the input, all I got back is “Empty reply from server” from the curl command.
The input is a GELF HTTP input, listening on 127.0.0.1:12201
And it looks like: bind_address: 127.0.0.1 decompress_size_limit: 8388608 enable_cors: true idle_writer_timeout: 60 max_chunk_size: 65536 number_worker_threads: 2 override_source: <empty> port: 12201 recv_buffer_size: 1048576 tcp_keepalive: false tls_cert_file: <empty> tls_client_auth: disabled tls_client_auth_cert_file: <empty> tls_enable: false tls_key_file: <empty> tls_key_password: ********
The data i am sending is a simple test message that is found from the related documentation curl -v -XPOST http://127.0.0.1:12201/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}'
I even tried editing my firewall, but that didn’t help, as it shouldn’t have affected this anyway.
Anyone have any idea of what might be the cause?
I am fairly sure the answer is somewhere, might even just be me missing something in the setup.
Do it again and see if curl -v gives you a 204 status code. I’ve never used GELF over HTTP before, but in cases like this often there is no need to send a reply beyond a status code, and most likely you will find a 204 No Content reply - which would mean it’s all working
That is one of the things I did.
This is the response.
curl -v -X POST http://127.0.0.1:12201/gelf -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "_foo":"bar"}' Note: Unnecessary use of -X or --request, POST is already inferred. * Trying 127.0.0.1... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 12201 (#0) > POST /gelf HTTP/1.0 > Host: 127.0.0.1:12201 > User-Agent: curl/7.58.0 > Accept: */* > Content-Length: 86 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 86 out of 86 bytes * Empty reply from server * Connection #0 to host 127.0.0.1 left intact curl: (52) Empty reply from server
So there is no 204 no content reply there.
It says it can connect to the local server at the specified port. But it doesn’t accept any input.
The input in the web-interface also doesn’t list any recieved messages at all.
Okay, that’s odd - I’m not familiar at all with GELF/HTTP (we use Beats at my place) so maybe someone else has a solution for you, I’m all out of ideas
When you are starting docker, you are including -p 12201:12201. I know very little about docker but I was reading through the documentation and it stood out. If you are doing all of this inside of the docker instance it shouldn’t matter… but “it shouldn’t matter” always bites me in the
I decided to try sending over GELF TCP just to see what happened, and, well.
It didn’t exactly work, but halfway i guess?
this command echo -n -e '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -vv -w0 127.0.0.1 12201
from the documentation with a nc -vv flag gave me this result Connection to 127.0.0.1 12201 port [tcp/*] succeeded!
So i went on the web-interface to check if i can see any messages to that input. But there was nothing there.
I am starting to think that the issue now lies elsewhere, not with the connection, but with the inputs perhaps.
Going to look into this a bit more.
Hey I was originally running graylog using docker with version 2.4. When I updated my graylog version to 3.0, I started seeing the same or similar issue. Updating to graylog 3.0.1-1 fixed the issue with not receiving the 202 response from graylog when sending a Gelf tcp message to my graylog input. But I was still not seeing the messages until I checked the system requirements and updated my version of mongodb to 3.6.12. http://docs.graylog.org/en/3.0/pages/installation.html#system-requirements
