Installation help


#1

Hey All,

I’ve tried a few guides to get graylog running, but I gave up. I came back to the problem a while later and I think I’m working against my self now. Ubuntu 16.04

I want to access from http://graylog.ccc-asimov.ccc.local/ ip address is 192.168.123.9

Mongo and elastic seem to be working, the web page is giving me error. currently “Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.” but I’ve had many errors.


cat /etc/graylog/server/server.conf
# If you are running more than one instances of graylog2-server you have to select one of these
# instances as master. The master will perform some periodical tasks that non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
# to use an absolute file path here if you are starting graylog2-server from init scripts or similar.
node_id_file = /etc/graylog/server/node-id


password_secret =i3U...iD

# The default root user is named 'admin'
#root_username = admin


root_password_sha2 =6...8cf82



# The time zone setting of the root user.
# The configured time zone must be parseable by http://www.joda.org/joda-time/apidocs/org/joda/time/DateTimeZone.html#forID-java.lang.String-
# Default is UTC
root_timezone = -5

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

#rest_listen_uri =
web_listen_uri = http://192.168.123.9:9000
#web_listen_uri =



# REST API listen URI. Must be reachable by other graylog2-server nodes if you run a cluster.
rest_listen_uri = http://192.168.123.9:9000/api
#rest_lsiten_uri = http://192.168.123.9:12900/

rest_transport_uri = http://192.168.123.9:12900/



rotation_strategy = count

elasticsearch_max_docs_per_index = 20000000




elasticsearch_max_number_of_indices = 20


retention_strategy = delete

# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
elasticsearch_shards = 1
elasticsearch_replicas = 0

# Prefix for all Elasticsearch indices and index aliases managed by Graylog.
elasticsearch_index_prefix = graylog2

# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
# be enabled with care. See also: https://www.graylog.org/documentation/general/queries/
allow_leading_wildcard_searches = false

# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
# should only be enabled after making sure your Elasticsearch cluster has enough memory.
allow_highlighting = false



#elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300, 192.168.123.9:9300


# Note that this setting only takes effect on newly created indices.
elasticsearch_analyzer = standard


output_batch_size = 500

output_flush_interval = 1


output_fault_count_threshold = 5
output_fault_penalty_seconds = 30

# The number of parallel running processors.
# Raise this number if your buffers are filling up.
processbuffer_processors = 5
outputbuffer_processors = 3



processor_wait_strategy = blocking

# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
# Start server with --statistics flag to see buffer utilization.
# Must be a power of 2. (512, 1024, 2048, ...)
ring_size = 65536

inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking

# Enable the disk based message journal.
message_journal_enabled = true

# The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
# must not contain any other files than the ones created by Graylog itself.
message_journal_dir = /var/lib/graylog-server/journal


# Number of threads used exclusively for dispatching internal events. Default is 2.
#async_eventbus_processors = 2


dead_letters_enabled = false

# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
# shutdown process. Set to 0 if you have no status checking load balancers in front.
lb_recognition_period_seconds = 3

#
# MongoDB connection string
# See http://docs.mongodb.org/manual/reference/connection-string/ for details
mongodb_uri = mongodb://localhost/graylog2



mongodb_max_connections = 100


# http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
mongodb_threads_allowed_to_block_multiplier = 5


load from Elasticsearch
#

apache config

sudo cat /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
    ServerName graylog.ccc-asimov.ccc.local
    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    <Location />
        RequestHeader set X-Graylog-Server-URL "http://graylog.ccc-asimov.ccc.local/api/"
        ProxyPass http://127.0.0.1:9000/
        ProxyPassReverse http://127.0.0.1:9000/
    </Location>

</VirtualHost>
sudo cat /etc/graylog/web/web.conf
# graylog2-server REST URIs (one or more, comma separated) For example: "http://127.0.0.1:12900/,http://127.0.0.1:12910/"
graylog2-server.uris="http://127.0.0.1:12900/
# graylog2-server.uris="http://192.168.123.9:12900/"


application.secret="i3...coiD"


application.global=lib.Global

I hate endless logs, but I’ve really been trying…

==> /var/log/apache2/error.log <==
[Thu Mar 29 13:47:23.972962 2018] [proxy:error] [pid 13918] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:9000 (127.0.0.1) failed
[Thu Mar 29 13:47:23.973021 2018] [proxy:error] [pid 13918] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Thu Mar 29 13:47:23.973031 2018] [proxy_http:error] [pid 13918] [client 192.168.123.21:52819] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Mar 29 13:47:24.979008 2018] [proxy:error] [pid 13916] AH00940: HTTP: disabled connection for (127.0.0.1)

(Jan Doberstein) #2

what Version of Graylog did you run? This Config look like it is a very ancient version!

You should wipe out whatever you have and start again with the official step-by-step guide: http://docs.graylog.org/en/2.4/pages/installation/os/ubuntu.html


(Jochen) #3

Maybe take another look at these settings.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.