I just set up my Graylog server on AWS, and so far, I can access the WebUI, etc. However, I’m not able to even send a test message to Graylog. I set SELinux (CentOS 7 system) to permissive, I’m not running FirewallD, and my Lightsail firewall is allowing all TCP and UDP traffic my from my home’s IP.
Even when I try to connect from localhost, I get the following message:
echo "Hello Graylog, let's be friends." | nc -w 1 -u 127.0.0.1 9099
Ncat: Connection refused.
2020-08-11T14:54:19.660Z WARN [ProxiedResource] Unable to call http://glog.mygreatserver.com:9000/api/system/metrics/multiple on node <d74bfe23-e7a3-4c11-85a2-4949820ca5aa>: connect timed out
2020-08-11T14:54:25.662Z WARN [ProxiedResource] Unable to call http://glog.mygreatserver.com:9000/api/system/metrics/multiple on node <d74bfe23-e7a3-4c11-85a2-4949820ca5aa>: connect timed out
2020-08-11T14:57:40.025Z WARN [LicenseChecker] License violation - Detected irregular traffic records
I also ran a port scan on the server
Port Scanning host: 23.17.127.191
Open TCP Port: 22 ssh
Open TCP Port: 111 sunrpc
Open TCP Port: 9000 cslistener
I’m not sure what I haven’t configured correctly, so any insights would be greatly appreciated!
Can you share more details about your environment? Since you’re sending it to localhost, then I assume you operate on the host where Graylog is running, so it’s not clear why you are referring to some firewalls and home IPs.
First, please show output of lsof -Pni :9099
(assuming 9099 is your Input port, please share Input configuration also)
Then additionally I would check the following:
iptables-save
ip r
ip -c -br -4 a
