Hello, I installed a Graylog cluster 4.3. The Web Interface is up. I checked conf files for Graylog on all servers and mongo and elastic are running without issue.
4 Servers. 3 all running Graylog, Mongo and Elastic. 4th server is Load Balancer and HAPROXY.
I read a ton of documentation but cannot determine how to add 2 more nodes and have them appear in the web interface. I know maybe I have to add all the nodes and their IP’s in one conf file? I just do not know where or how.
If someone can direct me to instructions on how to add another Graylog node to the Cluster I would be super happy. I just started with Linux and was told to build a Graylog cluster with no prior knowledge and experience. I am surprised the Cluster is even working. lol
I can post any config file if requested. Thank you.
My understanding is that all graylog nodes connecting tot he same mongo instance are registered as part of the same cluster. Can you confirm that all Graylog nodes have the graylog-server service started and running and that the API is accessible for each node (e.g. http://hostname:9000/api , or whatever your API url is)?
Are you able to reach the web/api interface on each individual node? Are there any errors in the server.log on any of the 3 graylog nodes?
Thank you so much for your reply. Yes system/nodes. I can only access the API from the first Graylog server I installed. That is also the only node I see. When I try to go to the api of another graylog server, I get a connection refused error. I think you are right. It has to do with the Mongod. I do not think I set it up properly. Graylog, Elastic and Mongod are showing green status on each of the 3 servers. I attempted to create a replica set earlier during initial setup. I am sorry I completely new at Linux. I was told “Learn Linux and create a Graylog cluster” You have no idea the amount of stress this project has caused me. Non-IT people think all computer stuff is the same. If you can configure a network then you can create a Graylog Cluster no problem. Lol Thank you again for your time.
I totally understand. Graylog was actually one of the first projects i worked on about 10 years ago as a way to get more hands on experience with linux and it has been quite a journey!
It sounds like the other graylog nodes may not be running are may be encountering errors.
Some ideas or things you can check:
verify your mongod server can accept external connections. By default, for security reasons, mongo only listens on localhost (127.0.0.1) and cannot except connections from other servers. See Configuration File Options. The setting you’ll want to set is
net:
bindIp: 0.0.0.0
verify each graylog server is configured to connect to the same mongodb server/instance. This is in the server.conf file.
mongodb://servername.domain.tld:27017/graylog
Beyond that, can you share the last 100 lines or so of the server.log (defaults to /var/log/graylog-server/server.log) on the failing graylog nodes? Generally this log will have either messages that say exactly what is wrong, or clues that point to what is wrong.
You have no idea how much I appreciate your help. I set the bind ip to 0.0.0.0 and configured the server.conf for both nodes that were missing. I open up Graylog and now I see 3 nodes! Thank you so much Drew. I realize since I am still learning I will run into some issues down the road. Any information or advice regarding Graylog would be greatly appreciated. Thank you again. Time to continue and see how it goes. Thank you!
