New install, failing (invisible) input

Graylog Central (peer support)
1

Greetings,

I have a new Graylog install, and all is going fine now for the most part. I have it up and running, and collecting logs from a remote server.

However, the web interface is complaining that an Input can’t start due to not having permissions (likely to open port 514). My problem isn’t that it can’t open the port, I don’t need that port to be opened, I have it accepting logs on port 9099, but it isn’t displaying that Input so that I can delete it.

Anything I can do about this?

2

How did you install Graylog?
Which inputs are on the System/Inputs page and what’s their status and configuration?
What’s in the logs of your Graylog node(s)?

3

Thanks for replying so quickly!

I installed Graylog from the GL Yum repo on Centos 7. Please see the below screenshot of my Inputs page in the Web interface, and log entries below that.

26 AM
Screen Shot 2017-09-06 at 11.26.26 AM.png1266×631 56.9 KB 

2017-09-06T15:23:45.617Z INFO  [InputStateListener] Input [Syslog UDP/59b0123928b44c0fa85b920f] is now STARTING
2017-09-06T15:23:45.624Z ERROR [NettyTransport] Error in Input [Syslog UDP/59b0123928b44c0fa85b920f] (channel [id: 0x18e5b308])
java.net.SocketException: Permission denied
        at sun.nio.ch.Net.bind0(Native Method) ~[?:1.8.0_141]
        at sun.nio.ch.Net.bind(Net.java:433) ~[?:1.8.0_141]
        at sun.nio.ch.DatagramChannelImpl.bind(DatagramChannelImpl.java:691) ~[?:1.8.0_141]
        at sun.nio.ch.DatagramSocketAdaptor.bind(DatagramSocketAdaptor.java:91) ~[?:1.8.0_141]
        at org.jboss.netty.channel.socket.nio.NioDatagramPipelineSink.bind(NioDatagramPipelineSink.java:129) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioDatagramPipelineSink.eventSunk(NioDatagramPipelineSink.java:77) [graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:779) [graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.bindRequested(SimpleChannelHandler.java:299) [graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:265) [graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591) [graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:784) [graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.bindRequested(SimpleChannelHandler.java:299) [graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:265) [graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591) [graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:582) [graylog.jar:?]
        at org.jboss.netty.channel.Channels.bind(Channels.java:561) [graylog.jar:?]
        at org.jboss.netty.channel.AbstractChannel.bind(AbstractChannel.java:197) [graylog.jar:?]
        at org.jboss.netty.bootstrap.ConnectionlessBootstrap.bind(ConnectionlessBootstrap.java:198) [graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport.launch(NettyTransport.java:136) [graylog.jar:?]
        at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) [graylog.jar:?]
        at org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) [graylog.jar:?]
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_141]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_141]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_141]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_141]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
2017-09-06T15:23:45.624Z ERROR [InputLauncher] The [org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID <59b0123928b44c0fa85b920f> misfired. Reason: Permission denied.
org.graylog2.plugin.inputs.MisfireException: org.graylog2.plugin.inputs.MisfireException: org.jboss.netty.channel.ChannelException: Failed to bind to: /127.0.0.1:515
        at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:156) ~[graylog.jar:?]
        at org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) [graylog.jar:?]
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_141]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_141]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_141]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_141]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
Caused by: org.graylog2.plugin.inputs.MisfireException: org.jboss.netty.channel.ChannelException: Failed to bind to: /127.0.0.1:515
        at org.graylog2.plugin.inputs.transports.NettyTransport.launch(NettyTransport.java:155) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) ~[graylog.jar:?]
        ... 7 more
Caused by: org.jboss.netty.channel.ChannelException: Failed to bind to: /127.0.0.1:515
        at org.jboss.netty.bootstrap.ConnectionlessBootstrap.bind(ConnectionlessBootstrap.java:204) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport.launch(NettyTransport.java:136) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) ~[graylog.jar:?]
        ... 7 more
Caused by: java.net.SocketException: Permission denied
        at sun.nio.ch.Net.bind0(Native Method) ~[?:1.8.0_141]
        at sun.nio.ch.Net.bind(Net.java:433) ~[?:1.8.0_141]
        at sun.nio.ch.DatagramChannelImpl.bind(DatagramChannelImpl.java:691) ~[?:1.8.0_141]
        at sun.nio.ch.DatagramSocketAdaptor.bind(DatagramSocketAdaptor.java:91) ~[?:1.8.0_141]
        at org.jboss.netty.channel.socket.nio.NioDatagramPipelineSink.bind(NioDatagramPipelineSink.java:129) ~[graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioDatagramPipelineSink.eventSunk(NioDatagramPipelineSink.java:77) ~[graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:779) ~[graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.bindRequested(SimpleChannelHandler.java:299) ~[graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:265) ~[graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591) ~[graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendDownstream(DefaultChannelPipeline.java:784) ~[graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.bindRequested(SimpleChannelHandler.java:299) ~[graylog.jar:?]
        at org.jboss.netty.channel.SimpleChannelHandler.handleDownstream(SimpleChannelHandler.java:265) ~[graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:591) ~[graylog.jar:?]
        at org.jboss.netty.channel.DefaultChannelPipeline.sendDownstream(DefaultChannelPipeline.java:582) ~[graylog.jar:?]
        at org.jboss.netty.channel.Channels.bind(Channels.java:561) ~[graylog.jar:?]
        at org.jboss.netty.channel.AbstractChannel.bind(AbstractChannel.java:197) ~[graylog.jar:?]
        at org.jboss.netty.bootstrap.ConnectionlessBootstrap.bind(ConnectionlessBootstrap.java:198) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport.launch(NettyTransport.java:136) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) ~[graylog.jar:?]
        ... 7 more
2017-09-06T15:23:45.626Z INFO  [InputStateListener] Input [Syslog UDP/59b0123928b44c0fa85b920f] is now FAILED
4

Tried to post a reply with screenshot and log entries. Akismet has hidden it.

5

This is indeed strange. Are you running more than 1 Graylog node?

Please post the output of the following cURL commands (with http://graylog.example.com:9000/api/ replaced by the actual URI of the Graylog REST API and your admin user credentials):

# curl -u admin:password -H 'Accept: application/json' 'http://graylog.example.com:9000/api/system/inputs?pretty=true'
# curl -u admin:password -H 'Accept: application/json' 'http://graylog.example.com:9000/api/system/inputs/59b0123928b44c0fa85b920f?pretty=true'

# curl -u admin:password -H 'Accept: application/json' 'http://graylog.example.com:9000/api/system/inputstates?pretty=true'
# curl -u admin:password -H 'Accept: application/json' 'http://graylog.example.com:9000/api/system/inputstates/59b0123928b44c0fa85b920f?pretty=true'
6

See output of those commands below.

{
  "inputs" : [ {
    "title" : "Test",
    "global" : false,
    "name" : "Raw/Plaintext UDP",
    "content_pack" : null,
    "created_at" : "2017-09-06T15:41:50.113Z",
    "type" : "org.graylog2.inputs.raw.udp.RawUDPInput",
    "creator_user_id" : "admin",
    "attributes" : {
      "override_source" : null,
      "recv_buffer_size" : 262144,
      "bind_address" : "104.239.241.187",
      "port" : 9099
    },
    "static_fields" : { },
    "node" : "eff73833-092d-4362-b700-5d124b14d4d1",
    "id" : "59b0110628b44c0fa85b90bf"
  } ],
  "total" : 1
}

{
  "type" : "ApiError",
  "message" : "Input <59b0123928b44c0fa85b920f> not found!"
}

Seems it doesn’t exist, but Graylog still thinks it does for some reason.

7

Sorry, I didn’t see the second set of lines.

curl -u admin:\<redacted\> -H 'Accept: application/json' 'http://\<redacted\>:9000/api/system/inputsstates/59b0123928b44c0fa85b920f?pretty=true'
{"type":"ApiError","message":"HTTP 404 Not Found"}

curl -u admin:\<redacted\> -H 'Accept: application/json' 'http://\<redacted\>:9000/api/system/inputsstates?pretty=true'

{"type":"ApiError","message":"HTTP 404 Not Found"}
8

Are you sure you’ve been looking at the correct log file?
Is there more than one Graylog instance running on that system?

9

Just the one Graylog instance running. It’s the only thing on this box created just for Graylog. (Other than, of course Mongo and ES required for running Graylog.) . I’m looking at /var/log/graylog-server/server.log

If there’s another log file I should know about, please let me know.

10

Just wanted to let everyone know that the issue was just that after an error is fixed, the red error icon at the head of the page doesn’t go away by itself. So, sorry the issue was all me.

This issue can be closed.

1 Like
11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.