Just installed Graylog on a Ubuntu VM, Not Working

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Everything is setup PER documents with the IP of the VM set as the HTTP bind but i still cannot connect to it. I can confirm via ubuntu’s services that graylog-server is indeed running.

2. Describe your environment:

  • OS Information:
    Ubuntu 20.04

  • Package Version:

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

I’ve rebuilt the VM 3 times, no dice.
Changing ports and opening ports made no difference.

4. How can the community help?

Am i doing something wrong? Is anyone able to look over my setup to let me know if i missed something?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

You can post your server config file for review. Make sure it is obfuscated and formatted with the </> tool.

There are some tips on commands for troubleshooting and on how to post information here. It’s hard to help troubleshoot without configurations or logs. :smiley:

Thanks for the reply!

Unfortunately my VM is not accessible from my windows environment so i cannot get the config file. But the ONLY thing that I’ve changed is the HTTP bind to the Linux VM’s IP. and set a password secret and the sha256 of my password. other than that its completely stock.

Hard to diagnose why a car doesn’t run without actually looking at it … hmmm remember CarTalk with Click and Clack the Tappit Brothers?

Do you have IP tables enabled, if so are the configured correctly? If you can’t get to the VM to pull the config file, how are you getting to it to catch the Graylog GUI? Is the same separating mechanism causing the problem? Have you looked a the Graylog server logs?

1 Like

I have seen this cause problems with browsers before - it could be as simple as setting this to true:

http_enable_cors = true

Sadly that did nothing

do you see anything in the log files?

tail -f /var/log/graylog-server/server.log

I would go back through the config files and rather than assuming the defaults, I would explicitly put in relevant information. Graylog is not even seeing it’s elastic server…which wouldn’t stop login but it does mean your config is not correct in multiple ways.

Might be worth providing a bit more information.

What versions of the components did you install? Java/MongoDB/Elasticsearch? Is everything installed on the same server?

The logs do seem to indicate an issue with Elasticsearch, is it running?

FWIW, I’m assuming this is a test/eval box, but I can’t think of any reason that you would ever need to post your password_secret, or root_password_sha2. So I would suggest changing those at some point.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.