Server log file empty


(Joshua) #1

I’m having an issue implementing SSL with my Graylog Server and am finding that the service isn’t generating any log messages. There’s a server.log file at /var/log/graylog-server/ but it’s completely empty and was created way back in March (presumably when I first deployed this server). There are also 10 archives of logs in that folder that were all created on the same day in March.

When I start the service and check it’s status, I see the messages:

main ERROR Null object returned for RollingFile in Appenders.
main ERROR Unable to locate appender "rolling-file" for logger config "root"

Are these the cause of my missing logs? How should I go about fixing this?


(Jan Doberstein) #2

I guess that your log4j.xml is not really valid and might be tampered in some way.

You should roll back to the original one and check again.

Jan


(Joshua) #3

I’ve seen this file mentioned, but I’ve never configured one. I’ve searched the drive and there are no files with this name. I also don’t see such a file mentioned as an argument mentioned in the init script. Can you think of any place else to check for such a file?


(Jan Doberstein) #4

depending on your installation: http://docs.graylog.org/en/2.4/pages/configuration/file_location.html

The file would look something similar to: https://github.com/Graylog2/graylog-docker/blob/2.4/config/log4j2.xml


(Joshua) #5

Since I do not have this file, should I try to create one? Is there supposed to be one by default? Should it work without this?


(Jan Doberstein) #6

the question is - how did you install Graylog and what version did you run?


(Joshua) #7

I installed from a deb file onto a Ubuntu server. When I first installed, I believe it was version 2.1 but I’ve just recently updated to 2.4.


(Jan Doberstein) #8

this file should be their then - but it might have happened something. I can’t think of. So yes, you should create that from the defaults.

You can extract that out of the .deb package or get if from github.


(Joshua) #9

I took your advice. I went to the Graylog-server GitHub and used what I found there and restarted the service. The two errors in my OP were gone, but still no contents in the log file. I then extracted the original from the deb file and found it was not the same as what I found online. This one has references to the local file, so I’m thinking it’s right. I put it in and restarted the service and now I’m getting the same errors about not being able to locate the rolling file appender.

Perhaps I’m just missing the appender? I don’t know why that would be or how to go about reinstalling it.


(Joshua) #10

Here’s the contents of the file

 <?xml version="1.0" encoding="UTF-8"?>
    <Configuration packages="org.graylog2.log4j" shutdownHook="disable">
    <Appenders>
        <RollingFile name="rolling-file" fileName="/var/log/graylog-server/server.log" filePattern="/var/log/graylog-server/server.log.%i.gz">
            <PatternLayout pattern="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>
            <Policies>
                <SizeBasedTriggeringPolicy size="50MB"/>
            </Policies>
            <DefaultRolloverStrategy max="10" fileIndex="min"/>
        </RollingFile>

        <!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. -->
        <Memory name="graylog-internal-logs" bufferSize="500"/>
    </Appenders>
    <Loggers>
        <!-- Application Loggers -->
        <Logger name="org.graylog2" level="info"/>
        <Logger name="com.github.joschi.jadconfig" level="warn"/>
        <!-- This emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
        <Logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl" level="error"/>
        <!-- Prevent DEBUG message about Lucene Expressions not found. -->
        <Logger name="org.elasticsearch.script" level="warn"/>
        <!-- Disable messages from the version check -->
        <Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/>
        <!-- Suppress crazy byte array dump of Drools -->
        <Logger name="org.drools.compiler.kie.builder.impl.KieRepositoryImpl" level="warn"/>
        <!-- Silence chatty natty -->
        <Logger name="com.joestelmach.natty.Parser" level="warn"/>
        <!-- Silence Kafka log chatter -->
        <Logger name="kafka.log.Log" level="warn"/>
        <Logger name="kafka.log.OffsetIndex" level="warn"/>
        <!-- Silence useless session validation messages -->
        <Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
        <Root level="warn">
            <AppenderRef ref="rolling-file"/>
            <AppenderRef ref="graylog-internal-logs"/>
        </Root>
    </Loggers>
    </Configuration>

(Joshua) #11

I’ve figured it out. The server.log file in /var/log/graylog was owned by root when everything else in the directory was owned by graylog. I deleted the server.log file and restarted the service and it started working. Thanks for the help!


(Jan Doberstein) #12

is that file readable by Graylog? because the appender is in the configuration file present.


(Joshua) #13

Which file are you asking about? log4j2.xml or server.log?


(Jan Doberstein) #14

both - to be exact. Can Graylog read the log4j2.xml ? Can Graylog write to the server.log location?


(system) #15

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.