I’ve noticed some of the errors you pointed out, but didn’t know by which side to take the issue.
You’re right about the TLS cert, it may be self-signed, because I didn’t manage to get TLS working properly inside of Graylog using the config file, so I’m using a reverse proxy in front of the graylog server.
I’ll begin by trying to get the server cert working using the Graylog documentation, and I’ll post my returns here.
I also looked around for the SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder" error.
I red many topics talking about this error on several Graylog instances & other software since ~2017.
From what I understood, there are many jars to add to the server, but I can’t manage to find where they have to be put, and in which config file I have to decalre their presence.
→ It is written that, if any of the required *.jar files is missing, or if the software is not installed the default setting is to report this error on the logs.
I tried the locate . -name *slf4j* from the / directory, but nothin happens. It might be something needed by a plugin. This topic talks about the aws plugin but I don’t use it so it seems a bit weird…
I desactivated the not-used lookup tables, data adapters and caches used by the Open Threat Exchange plugin that I don’t use for the moment.
Looking more closely into the logs & journalctl created after restarting the 4.3.5, I don’t have the following messages anymore. That’s great !
In the /var/log/graylog-server/server.log file, I don’t have any [ERROR] or [WARN] line since the restart. I don’t really understand why simply desactivating some unused plugins - that are in Graylog by default - seems to have been solved the issue but I’m glad this worked !
Now I’ll see if this also solves the initial Office 365 input issue… I hope so !
