One out of three receiver hosts showed 0 connections

Totally_Not_A_Robot · November 21, 2018, 6:35am

Hi guys, just wanted to share something I’ve run into today.

My Graylog cluster consists of four boxen: one serves as the GUI frontend, the other three are spread across the network, to receive data from logging agents. I’ve kept an eye on System > Nodes and System > Inputs for a few days now and noticed that one out of the three receivers consistently had “Active Connections: 0 (0 total)”. That struck me as odd, because:

The cluster has been running for more than a week.
The collector configurations are set to “load balancing: true”, with all three receiver hosts listed as BEATS receivers.
No errors were being shown for the receivers, or the nodes.

There was no indication that there was something really wrong… That is, until I turned to /var/log/graylog-server/server.log on the host without incoming connections. This logfile was consistently spamming Java errors:

WARN [AbstractNioSelector] Failed to initialize an accepted socket.
java.io.IOException: extra data given to DerValue constructor
  at sun.security.util.DerValue.init(DerValue.java:384)
  at sun.security.util.DerValue.<init>(DerValue.java:294)
  at java.crypto.EncryptePrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:84)
  at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec (...)
  at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(...)

Suggesting there was an issue with the TLS private key for that particular BEATS receiver.

Going over the Input configuration again, I noticed the following which was the cause of the problems:

TLS Cert File: /etc/graylog/server/node1.crt
TLS Private Key File: /etc/graylog/server/node1.crt

While setting up the input, I had inadvertently copy/pasted the certificate filename into the box for the private key! Changing it to the following fixed it.

TLS Private Key File: /etc/graylog/server/node1.pem

I would have expected an error to show up in the GUI, warning me that the input wasn’t running. But I’m glad I found the cause after all. I hope this post may be helpful to others who run into the same situation .

jan · November 21, 2018, 8:41am

you might want to open a feature request in Github that such a setting should be checked.

Totally_Not_A_Robot · November 21, 2018, 8:59am

ACK, will get on that as soon as possible.

Totally_Not_A_Robot · November 22, 2018, 7:43am

Done

https://github.com/Graylog2/graylog2-server/issues/5305

Thanks for your help!

system · December 6, 2018, 7:43am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate/TLS Issue Graylog Central (peer support)	15	4593	June 24, 2020
Looking for help with some errors we're receiving on our Windows TLS - [AbstractTcpTransport] Graylog Central (peer support)	4	368	October 18, 2023
TLS Client Authentication: "No certificate data found" Graylog Central (peer support)	6	4107	March 19, 2019
Certificate problem, and maybe other issues Graylog Central (peer support)	40	2424	May 17, 2022
Error After 3.0 Upgrade Graylog Central (peer support)	2	836	March 21, 2019

One out of three receiver hosts showed 0 connections

Related Topics