Local Inputs not running and not starting and existing event dissapear

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

Hello, I have implemented HTTPS for my Graylog server with an Enterprise license (it is still being tested with a trial). The web UI is accessible using HTTPS, but I cannot see my existing event. The local input is also not running.

I sent the Palo Alto log using Syslog UDP 1514 to Graylog, but nothing happened. Meanwhile, when I switch back to HTTP, everything works.

2. Describe your environment:

  • OS Information:
    Ubuntu 24.04

  • Package Version:
    ii graylog-6.1-repository 1-1 all Package to install Graylog 6.1 GPG key and repository
    ii graylog-datanode 6.1.2-1 amd64 Graylog data node
    ii graylog-enterprise 6.1.2-1 amd64 Graylog Enterprise Server
    ii mongodb-database-tools 100.10.0 amd64 mongodb-database-tools package provides tools for working with the MongoDB server:
    ii mongodb-mongosh 2.3.3 amd64 MongoDB Shell CLI REPL Package
    hi mongodb-org 8.0.3 amd64 MongoDB open source document-oriented database system (metapackage)
    ii mongodb-org-database 8.0.3 amd64 MongoDB open source document-oriented database system (metapackage)
    ii mongodb-org-database-tools-extra 8.0.3 amd64 Extra MongoDB database tools
    ii mongodb-org-mongos 8.0.3 amd64 MongoDB sharded cluster query router
    ii mongodb-org-server 8.0.3 amd64 MongoDB database server
    ii mongodb-org-shell 8.0.3 amd64 MongoDB shell client
    ii mongodb-org-tools 8.0.3 amd64 MongoDB tools

  • Service logs, configurations, and environment variables:
    2024-11-12T15:03:59.905Z WARN [ProxiedResource] Failed to call API on node , cause: None of the TrustManagers trust this certificate chain. (duration: 8 ms)
    2024-11-12T15:04:00.429Z WARN [ProxiedResource] Failed to call API on node , cause: None of the TrustManagers trust this certificate chain. (duration: 8 ms)

3. What steps have you already taken to try and solve the problem?

These are my server.conf

http_enable_tls = true
http_enable = true
http_bind_address = 0.0.0.0:9000

The X.509 certificate chain file in PEM format to use for securing the HTTP interface.

http_tls_cert_file = /etc/ssl/certs/10.xx.xx.xxx.pem

The PKCS#8 private key file in PEM format to use for securing the HTTP interface.

http_tls_key_file = /etc/ssl/certs/10.xx.xx.xxx-key.pem

4. How can the community help?
How do we make the local input run with HTTPS, and how do we see the existing events? In general, I have no idea how to solve this, I tried several ways but still had no luck (

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Hello @yvel08,

This sounds like with TLS enabled the node is unable to call itself via the api, did any certs you created get added to the java key store and does that cert contain the correct SAN’s?

This guide on enabling TLS within Graylog should help, specifically the Java Key Store section.

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.