No messages incoming

I currently have two issues.

1. MongoDB is running on docker and communicating with my graylog instance. Local machine.
   When I reboot, I lose all my inputs and my mongodb docker just keeps growing in size.

2.This is the more serious issue.
I have OSSEC running and forwarding messages to Graylog.
I’ve setup my CEF input and the metrics show as follow:
org.graylog.plugins.cef.input.CEFUDPInput.5b8115d1824bfa0e4084f1d8.incomingMessages

Meter

Total:

20 events

Mean:

0.03 events/second

1 minute avg:

0.16 events/second

5 minute avg:

0.05 events/second

15 minute avg:

0.02 events/second
This means that we are indeed receiving data? Yet when I try to search for the messages on graylog there is nothing.

When I look at the Disk Journal Utilization:
0 unprocessed messages are currently in the journal, in 1 segments.
0 messages have been appended in the last second, 0 messages have been read in the last second.

Index set config shows:

graylog_0 active write index Contains messages up to a few seconds go (272.8KB / 95 messages)

How do I even start debugging this?

First you should fix the MongoDB issue. Aa Graylog is storing all configuration information in MongoDB you loose the configuration when Graylog is not able to connect to the MongoDB.

Your second issue sounds like your Graylog is not able to connect to Elasticsearch or something similar - your Graylog server.log will help you to identify the issue and carve them out.

Depending how you install Graylog the locations can be different: http://docs.graylog.org/en/stable/pages/configuration/file_location.html#default-file-locations

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.