Ports not showing open in graylog server


(Pratik Regmi) #1

Hello,

Its a fresh install in centos 7. i cannot see port 9000 open in my server. My configuration are as:

firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh dhcpv6-client http https
ports: 9000/tcp 12900/tcp 1514/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

SElinux is disabled

elasticsearch, graylog-server and mongod is running

curl -i http://Server-IP:9000/
curl: (7) Failed connect to serverIP:9000; Connection refused

Regards,
Pratik


(Jochen) #2

What’s the complete configuration of Graylog and Elasticsearch?
What’s in the logs of Graylog and Elasticsearch?
What’s the output of the following command:

# netstat -tplen

(Justas) #3

I guess you added the port: firewall-cmd --add-port=9000/tcp --permanent. This requires firewall restart unless you issue two commands:
firewall-cmd --add-port=9000/tcp --permanent
firewall-cmd --add-port=9000/tcp


(Pratik Regmi) #4

Configuration are same as per the link https://devops.profitbricks.com/tutorials/install-and-configure-graylog-server-on-centos-7-1/

I have the below logs as

tail -n 100 /var/log/elasticsearch/graylog.log.2017-10-01 
[2017-10-01 01:00:39,241][WARN ][monitor.jvm              ] [Talisman] [gc][young][122869][8] duration [7.7s], collections [1]/[8.3s], total [7.7s]/[1.5m], memory [87.1mb]->[21.5mb]/[1015.6mb], all_pools {[young] [66.5mb]->[956.3kb]/[66.5mb]}{[survivor] [972.5kb]->[933.1kb]/[8.3mb]}{[old] [19.6mb]->[19.6mb]/[940.8mb]}
[2017-10-01 10:44:06,261][WARN ][monitor.jvm              ] [Talisman] [gc][young][157233][9] duration [7.1s], collections [1]/[7.5s], total [7.1s]/[1.6m], memory [87.1mb]->[22.6mb]/[1015.6mb], all_pools {[young] [66.5mb]->[1.2mb]/[66.5mb]}{[survivor] [933.1kb]->[1.7mb]/[8.3mb]}{[old] [19.6mb]->[19.6mb]/[940.8mb]}
[2017-10-01 20:40:13,678][WARN ][monitor.jvm              ] [Talisman] [gc][young][192359][10] duration [12.2s], collections [1]/[1s], total [12.2s]/[1.8m], memory [88mb]->[88mb]/[1015.6mb], all_pools {[young] [66.5mb]->[66.5mb]/[66.5mb]}{[survivor] [1.7mb]->[1.3mb]/[8.3mb]}{[old] [19.6mb]->[19.6mb]/[940.8mb]}

my netstat shows below:

 netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      962/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1089/master         
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      1118/mongod         
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      975/java            
tcp6       0      0 ::1:9200                :::*                    LISTEN      975/java            
tcp6       0      0 :::80                   :::*                    LISTEN      965/httpd           
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      975/java            
tcp6       0      0 ::1:9300                :::*                    LISTEN      975/java            
tcp6       0      0 :::22                   :::*                    LISTEN      962/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      1089/master       

What am i missing???


(Pratik Regmi) #5

Hello jaskis,

I have tried both. I rebooted the server too. But no change.


(Justas) #6

Looks like the webserver never goes up. You need to look into logs at the time the graylog server was started or restart the server to see the same logs. It will show why it does act this way.


(Jochen) #7

These GC times are extremely unhealhty. They should be in the sub-second range but take over 10 seconds in your case.

What are the specs of the machine running Graylog?
What’s in the logs of the Graylog node?
:arrow_right: http://docs.graylog.org/en/2.3/pages/configuration/file_location.html


(Jochen) #8

This article seems outdated. Please set up Graylog according to the official documentation:
http://docs.graylog.org/en/2.3/pages/installation/os/centos.html


(Pratik Regmi) #9

Hello jochen,

I am using CentOS Linux release 7.4.1708 (Core). Other specs are:

lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 44
Model name: Intel® Xeon® CPU E5620 @ 2.40GHz
Stepping: 2
CPU MHz: 2400.085
BogoMIPS: 4800.17
Hypervisor vendor: VMware
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 12288K
NUMA node0 CPU(s): 0
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm epb dtherm arat

free -m
total used free shared buff/cache available
Mem: 488 425 7 0 56 34
Swap: 1023 597 426

tailf /var/log/graylog-server/server.log
2017-10-03T10:29:19.084+05:45 INFO [connection] Opened connection [connectionId{localValue:1, serverValue:12841}] to localhost:27017
2017-10-03T10:29:19.089+05:45 INFO [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 2, 17]}, minWireVersion=0, maxWireVersion=4, maxDocumentSize=16777216, roundTripTimeNanos=2328494}
2017-10-03T10:29:19.112+05:45 INFO [connection] Opened connection [connectionId{localValue:2, serverValue:12842}] to localhost:27017
2017-10-03T10:29:20.361+05:45 INFO [NodeId] Node ID: 3eab92f3-e48a-4e57-ba32-0722542d704c
2017-10-03T10:29:20.931+05:45 INFO [node] [graylog-3eab92f3-e48a-4e57-ba32-0722542d704c] version[2.3.2], pid[11426], build[b9e4a6a/2016-04-21T16:03:47Z]
2017-10-03T10:29:20.931+05:45 INFO [node] [graylog-3eab92f3-e48a-4e57-ba32-0722542d704c] initializing …
2017-10-03T10:29:20.950+05:45 INFO [plugins] [graylog-3eab92f3-e48a-4e57-ba32-0722542d704c] modules [], plugins [graylog-monitor], sites []
2017-10-03T10:29:28.218+05:45 INFO [node] [graylog-3eab92f3-e48a-4e57-ba32-0722542d704c] initialized
2017-10-03T10:29:29.067+05:45 INFO [Version] HV000001: Hibernate Validator 5.2.4.Final
2017-10-03T10:29:30.154+05:45 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .

Going through the link you provided everything are in their specified path.

Thanks.


(Jochen) #10

That’s not enough memory for Graylog and Elasticsearch. Please use a VM with at least 4 GB of memory.


(Pratik Regmi) #11

Hello Jochen,

I have managed the memory and had a fresh install in new machine. http://<serverip>:9000 loads the web interface but i dont know which credentials to use. I tried user:admin and password:(ciphered and deciphered form of root_password_sha2 ). It didnot work. Please suggest.

Thanks.


(Jochen) #12

I assume that you’ve made some mistake when creating the SHA-256 hash of the password.

Try again and make sure that the password doesn’t include a newline character (i. e. use echo -n '...' | sha256sum and don’t forget the -n parameter).


(Pratik Regmi) #13

Hey Jochen,

You were correct. i tried echo -n Hello@123 | sha256sum
99f2bdf9942653ab32d9dfa0b43c72c3fbbb9679450fd965c590c224897b848a -

i have copied the whole chiphered to server.conf but it didnt work. Later i tried only with 99f2bdf9942653ab32d9dfa0b43c72c3fbbb9679450fd965c590c224897b848a

It is working fine now. Thankyou so much for the help.

Regards


(system) #14

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.