Service stop many time


#1

Hi Guy

My graylog 2.6.4 is service stop many time. How can I check and solve problem ?


(Tess) #2

That fully depends on the cause.

First order of business is to find out what it exactly is that is “stopping”.

  • Are the source hosts still sending their logs? Check per host.
  • Are the inputs in Graylog running without errors? System > Inputs
  • Are the receiver hosts running without problems? System > Nodes
  • How is the Elastic cluster health? System > Overview

And so on… Once you have figured out what is broken, you can start to figure out how to fix it.


#3

Do you start the service manually?
Check you uptime. Are you sure your server doesn’t reboot every time?
Check the graylog’s log.


#4

For more information. I checked host sent log normally.


#5

System -> Node


#6

System - input


(Tess) #7

BOOM! There you go!

Your one active node has >1E6 unprocessed messages. The local buffer/journal is filling up and apparently reaches its breaking point. This means that your connection into ElasticSearch is having problems. Either it’s not working at all, or it’s working part of the time.

Please check the health of your Elastic cluster. On the one hand you’ll find this on System > Overview below the traffic graph. On the other hand you can check Elastic manually or through its logs.


#8

The lifecicle is failed.
Check the graylog’s and elastics’ logs. (As I wrote it before)
You can also check the buffers state under the node.


(Tess) #9

Could you elaborate on that Macko? I think you mean the general dataflow from source, through Graylog into Elastic, correct? Otherwise, I don’t know what you mean by “lifecycle”.


#10

From @momaydopod 's original picture

lifecycle


(Tess) #11

HA! I had never seen that word before :smiley:


(Jan Doberstein) #12

and @momaydopod the Graylog server.log will give you addition information.


(system) closed #13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.