Second network interface

Graylog Central (peer support)
1

I have installed the ova in my VMware environement and the system is(was) running fine. Now I wish to receive (syslog) messages from an other vlan where there is no routing to my VM. I installed a second network interface with a fixed IP address and now I can ping to the host en from the host to the graylog VM.

When I now try to connect to the webinterface (port 80) I get:
“”"

Server currently unavailable

We are experiencing problems connecting to the Graylog server running on http://192.168.17.74:9000/api/ . Please verify that the server is healthy and working correctly.

You will be automatically redirected to the previous page once we can connect to the serve
“”"

I walked trough the FAQ and the manual and besides the fact the config files are NOT in the place where they said I can’t find a solution for this.

2

Heyo @erbaplue,

as this message suggests:

your Graylog API is not reachable.

What are the IP addresses of your two interfaces? I guess you’ll have to change your rest_listen_uri in the server.conf to the wildcard 0.0.0.0 for Graylog to listen on all interfaces. But remember to set rest_transport_uri to an ip address or hostname that your other Graylog nodes can reach :slight_smile:

Greetings,
Philipp

PS: I hope I got this right: The second interface is on your Graylog host, correct? :slight_smile:

3

the question you need to answer before anybody can help:

Do you want to visit the Web interface on both VLANs or did you want to send in data on both VLANs?

The first is not possible with the OVA and you need to build a custom setup that enables you to make the needed configuration. For the second you do not need to have the Web interface reachable - just configure your inputs to listen globally and the ports will be reachable on all configured network interfaces.

Graylog would just need a restart after you have added additional interfaces.

1 Like
4

The first IP from the graylog VM is 10.5.0.6, the IP that is shown is on the graylog VM and is in a vlan where no clients could come.

Howe could I best change these settings (The config files are NOT in the place where the documentation http://docs.graylog.org/en/2.4/pages/configuration/file_location.html#default-file-location says, the folder /etc/graylog/server/ does not exist)

5

I wish to visit the web interface over the primary (10.5.0.6) interface. The second is only needed as an input.

6

You’re running the OVA, so have a look at the appropriate part of the documentation page: :slight_smile:
http://docs.graylog.org/en/2.4/pages/configuration/file_location.html#omnibus-package

See @jan’s answer:

And remember to set the *_listen_* config lines to your needed IP :slight_smile:

Greetings,
Philipp

7

OK, now I’m coming a bit further.
Finding the right place on the page is always a good thing. I changed:

rest_listen_uri = http://10.5.0.6:9000/api
web_listen_uri = http://10.5.0.6:9000/

and now when I connect with http://10.5.0.6:9000 I get my web interface but with http://10.5.0.6/ it says
"

Graylog is restarting…

"

8

Please ignore my last message, I found the nginx config file and changed proxy_pass http://10.5.0.6:9000;
Now it works fine.

Many thanks for the professional and quick help

1 Like
9

as you are using the OVA / omnibus your changes will be reverted on the graylog-ctl reconfigure call.

You should use the script to configure your Graylog ( http://docs.graylog.org/en/2.4/pages/configuration/graylog_ctl.html ), or all manual changes will be gone once in a while (on updates for example).

10

I did the changes for the listen now with the graylog-ctl and they work (as expected) but for the nginx changes I tried set-external-ip but this is not working.
I also think that with the OVA the configuration possibilities are rather low. Since I use the OVA for a POC I don’t consider this as a real problem.

11

I also think that with the OVA the configuration possibilities are rather low. Since I use the OVA for a POC I don’t consider this as a real problem.

That is what the OVA is built for - for production you should make your custom installation.

12

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.