Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
Attempting to install the Open Threat Exchange - Threat Intel PluginLa
After clicking instal I receive the following error:
Error
Installing content pack failed with status: FetchError: There was an error fetching a resource: Internal Server Error. Additional information: Failed to install content pack <ebb6c11e-bcff-4686-aaac-6cfafc7b441e/6>. Could not install Content Pack with ID: ebb6c11e-bcff-4686-aaac-6cfafc7b441e
2. Describe your environment:
- OS Information:
Docker compose on arm64 on 8GB Raspberry Pi running 64bit Debian 12
version: "3.8"
services:
# mongodb:
# image: "mongo:5.0"
# image: "mongo:4.2"
# image: mongo:4.4.13
# image: mongo:latest
# volumes:
# - "mongodb_data:/data/db"
# restart: "on-failure"
opensearch:
image: "opensearchproject/opensearch:2.4.0"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- "discovery.type=single-node"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=true"
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
volumes:
- "os_data:/usr/share/opensearch/data"
restart: "on-failure"
graylog:
hostname: "server"
# image: "${GRAYLOG_IMAGE:-graylog/graylog:5.1.5}"
image: "${GRAYLOG_IMAGE:-graylog/graylog-enterprise:5.2.1}"
depends_on:
opensearch:
condition: "service_started"
# mongodb:
# condition: "service_started"
entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh"
environment:
GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://192.168.0.30:27017/graylog"
ports:
- "5044:5044/tcp" # Beats
- "5140:5140/udp" # Syslog
- "5140:5140/tcp" # Syslog
- "5555:5555/tcp" # RAW TCP
- "5555:5555/udp" # RAW TCP
- "9000:9000/tcp" # Server API
- "12201:12201/tcp" # GELF TCP
- "12201:12201/udp" # GELF UDP
#- "10000:10000/tcp" # Custom TCP port
#- "10000:10000/udp" # Custom UDP port
- "13301:13301/tcp" # Forwarder data
- "13302:13302/tcp" # Forwarder config
volumes:
- ./data:/usr/share/graylog/data
# - "graylog_data:/usr/share/graylog/data/data"
# - "graylog_journal:/usr/share/graylog/data/journal"
restart: "on-failure"
volumes:
# mongodb_data:
os_data:
# graylog_data:
# graylog_journal:
- Package Version:
5.2.1 - Service logs, configurations, and environment variables:
as per docker compose
I would happily provide logs, but I cant find any. If I can advice where to look it would be super.
3. What steps have you already taken to try and solve the problem?
Tried to install my own content pack, that worked ok.
4. How can the community help?
Please help me work out if it my config and advise, or a bug.
Im new to graylog
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]
