Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
Settings in /etc/default/graylog-server are not applied
2. Describe your environment:
-
OS Information: Ubuntu 22.04
-
Package Version: Graylog 6.0.6+4aa664f
-
Service logs, configurations, and environment variables:
root@graylog:/etc/graylog/server# cat /etc/default/graylog-server
Path to a custom java executable. By default the java executable of the
bundled JVM is used.
#JAVA=/usr/bin/java
Default Java options for heap and garbage collection.
GRAYLOG_SERVER_JAVA_OPTS=“-Xms4g -Xmx4g -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow”
Avoid endless loop with some TLSv1.3 implementations.
GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Djdk.tls.acknowledgeCloseNotify=true”
Fix for log4j CVE-2021-44228
GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true”
GRAYLOG_SERVER_JAVA_OPTS=“-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts”
Pass some extra args to graylog-server. (i.e. “-d” to enable debug mode)
GRAYLOG_SERVER_ARGS=“”
Program that will be used to wrap the graylog-server command. Useful to
support programs like authbind.
GRAYLOG_COMMAND_WRAPPER=“”
3. What steps have you already taken to try and solve the problem?
Changed JVM options, restarted graylog-server service
4. How can the community help?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]
What setting are you setting in /etc/default/graylog-server that does not apply? its difficult to tell with the formatting. If you do paste your existing /etc/default/graylog-server file can you enclose in a code block?
For example:
```
code
```
I think you are saying you set -Xms4g -Xmx4g but your graylog node still only shows 1g heap? Can you paste in a code block?
EDIT: i think whats happening is this line GRAYLOG_SERVER_JAVA_OPTS=“-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts” is overwriting the existing contents of GRAYLOG_SERVER_JAVA_OPTS. Note previous lines look like:
GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Djdk.tls.acknowledgeCloseNotify=true”
Which is appending new text to the existing variable.
root@graylog:/etc/default# cat graylog-server
# Path to a custom java executable. By default the java executable of the
# bundled JVM is used.
#JAVA=/usr/bin/java
# Default Java options for heap and garbage collection.
GRAYLOG_SERVER_JAVA_OPTS="-Xms4g -Xmx4g -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow"
# Avoid endless loop with some TLSv1.3 implementations.
GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Djdk.tls.acknowledgeCloseNotify=true"
# Fix for log4j CVE-2021-44228
GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts"
# Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
GRAYLOG_SERVER_ARGS=""
# Program that will be used to wrap the graylog-server command. Useful to
# support programs like authbind.
GRAYLOG_COMMAND_WRAPPER=""
You are right, I have added like this and it is working
root@graylog:/etc/default# cat graylog-server
# Path to a custom java executable. By default the java executable of the
# bundled JVM is used.
#JAVA=/usr/bin/java
# Default Java options for heap and garbage collection.
GRAYLOG_SERVER_JAVA_OPTS="-Xms4g -Xmx4g -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow"
# Avoid endless loop with some TLSv1.3 implementations.
GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Djdk.tls.acknowledgeCloseNotify=true"
# Fix for log4j CVE-2021-44228
GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
**GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts"**
# Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
GRAYLOG_SERVER_ARGS=""
# Program that will be used to wrap the graylog-server command. Useful to
# support programs like authbind.
GRAYLOG_COMMAND_WRAPPER=""
Thanks,
1 Like
