I’m using VirtualBox, for testing wazuh and I’m using the graylog.
On the first start of graylog it was running ok, but after few minutes it failed to run and the port 9000 is not running even though I already set the http bind address to 0.0.0.0:9000.
● graylog-server.service - Graylog server
Loaded: loaded (/lib/systemd/system/graylog-server.service; disabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2023-09-16 14:15:19 UTC; 5s ago
Docs: http://docs.graylog.org/
Process: 20377 ExecStart=/usr/share/graylog-server/bin/graylog-server (code=exited, status=1/FAILURE)
Main PID: 20377 (code=exited, status=1/FAILURE)
CPU: 5.223s
Sep 16 14:15:19 wazuh systemd[1]: graylog-server.service: Main process exited, code=exited, status=1/FAILURE
Sep 16 14:15:19 wazuh systemd[1]: graylog-server.service: Failed with result ‘exit-code’.
Sep 16 14:15:19 wazuh systemd[1]: graylog-server.service: Consumed 5.223s CPU time.
When I check the /var/log/graylog-server/server.log, I see the below log. So, then I change the message_journal_max_size to 12gb, but still the issue persist and upon checking the server.log, and every time I increase it, it keep asking for additional storage.
2023-09-16T14:05:51.581Z ERROR [PreflightCheckService] Preflight check failed with error: Journal directory </var/lib/graylog-server/journal> has not enough free space (1027 MB) available. You need to provide additional 11260 MB to contain ‘message_journal_max_size = 12288 MB’