SSL web interface

Graylog Central (peer support)
1

Hello,
I have as project to set up graylog for my sandwich course
I want to put the interface in https, I am blocked.

i have a server with above: mongodb, elasticsearch and graylog
My server is on internal network and is accesible just in internal
I generated the ssl certificate with the jan script.
I’m not comfortable with API_REST
( My english is not good sorry)

rest_listen_uri = https://192.168.10.1:12900/api/
rest_transport_uri = https://192.168.10.1:9000/api/
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/certfiles/graylog.cert.pem
rest_tls_key_file = /etc/graylog/server/certfiles/graylog.pkcs8-plain.key.pem
rest_tls_key_password = secret


web_listen_uri = https://192.168.10.1:9000/
web_endpoint_uri = https://192.168.10.1:12900/
web_enable_tls = true
web_tls_cert_file = /etc/graylog/server/certfiles/graylog.cert.pem
web_tls_key_file = /etc/graylog/server/certfiles/graylog.pkcs8-plain.key.pem
web_tls_key_password = secret

log

2018-06-04T17:13:30.815+02:00 ERROR [ServerBootstrap] Graylog startup failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}
        at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:740) ~[graylog.jar:?]
        at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:553) ~[graylog.jar:?]
        at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:312) ~[graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:149) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) [graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
2018-06-04T17:13:30.816+02:00 INFO  [Server] SIGNAL received. Shutting down.
2018-06-04T17:13:30.822+02:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2018-06-04T17:13:30.822+02:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2018-06-04T17:13:30.822+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-04T17:13:34.823+02:00 INFO  [GracefulShutdown] Goodbye.
2018-06-04T17:13:57.671+02:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.3 [org.graylog.aws.plugin.AWSPlugin]
2018-06-04T17:13:57.673+02:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-06-04T17:13:57.673+02:00 INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.3 [org.graylog.plugins.cef.CEFInputPlugin]
2018-06-04T17:13:57.674+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.4.3 [org.graylog.plugins.collector.CollectorPlugin]
2018-06-04T17:13:57.675+02:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-06-04T17:13:57.675+02:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.3 [org.graylog.plugins.map.MapWidgetPlugin]
2018-06-04T17:13:57.676+02:00 INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.3 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-06-04T17:13:57.682+02:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-06-04T17:13:57.683+02:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-06-04T17:13:57.983+02:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2018-06-04T17:13:58.176+02:00 INFO  [Version] HV000001: Hibernate Validator 5.1.3.Final
2

Please post the complete log of your Graylog node.

3 
2018-06-04T21:14:48.820+02:00 INFO  [Server] SIGNAL received. Shutting down.
2018-06-04T21:14:48.828+02:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2018-06-04T21:14:48.829+02:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2018-06-04T21:14:48.829+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-04T21:14:52.830+02:00 INFO  [GracefulShutdown] Goodbye.
2018-06-04T21:15:15.645+02:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.3 [org.graylog.aws.plugin.AWSPlugin]
2018-06-04T21:15:15.648+02:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-06-04T21:15:15.648+02:00 INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.3 [org.graylog.plugins.cef.CEFInputPlugin]
2018-06-04T21:15:15.649+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.4.3 [org.graylog.plugins.collector.CollectorPlugin]
2018-06-04T21:15:15.650+02:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-06-04T21:15:15.650+02:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.3 [org.graylog.plugins.map.MapWidgetPlugin]
2018-06-04T21:15:15.651+02:00 INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.3 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-06-04T21:15:15.657+02:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-06-04T21:15:15.657+02:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-06-04T21:15:15.952+02:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2018-06-04T21:15:16.144+02:00 INFO  [Version] HV000001: Hibernate Validator 5.1.3.Final
2018-06-04T21:15:28.190+02:00 INFO  [InputBufferImpl] Message journal is enabled.
2018-06-04T21:15:28.212+02:00 INFO  [NodeId] Node ID: c910ac4e-778c-4485-bcda-3aa3f93a0580
2018-06-04T21:15:28.400+02:00 INFO  [LogManager] Loading logs.
2018-06-04T21:15:28.445+02:00 INFO  [LogManager] Logs loading complete.
2018-06-04T21:15:28.446+02:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2018-06-04T21:15:28.459+02:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2018-06-04T21:15:28.477+02:00 INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2018-06-04T21:15:28.514+02:00 INFO  [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2018-06-04T21:15:28.525+02:00 INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:2761}] to localhost:27017
2018-06-04T21:15:28.527+02:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 6, 3]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, roundTripTimeNanos=440495}
2018-06-04T21:15:28.531+02:00 INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:2762}] to localhost:27017
2018-06-04T21:15:28.820+02:00 INFO  [AbstractJestClient] Setting server pool to a list of 1 servers: [http://127.0.0.1:9200]
2018-06-04T21:15:28.821+02:00 INFO  [JestClientFactory] Using multi thread/connection supporting pooling connection manager
2018-06-04T21:15:28.892+02:00 INFO  [JestClientFactory] Using custom ObjectMapper instance
2018-06-04T21:15:28.892+02:00 INFO  [JestClientFactory] Node Discovery disabled...
2018-06-04T21:15:28.892+02:00 INFO  [JestClientFactory] Idle connection reaping disabled...
2018-06-04T21:15:29.165+02:00 INFO  [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-06-04T21:15:30.475+02:00 INFO  [RulesEngineProvider] No static rules file loaded.
2018-06-04T21:15:30.663+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-04T21:15:30.673+02:00 INFO  [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
2018-06-04T21:15:30.708+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-04T21:15:30.739+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-04T21:15:30.752+02:00 INFO  [connection] Opened connection [connectionId{localValue:3, serverValue:2763}] to localhost:27017
2018-06-04T21:15:30.771+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-04T21:15:30.787+02:00 WARN  [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
2018-06-04T21:15:30.962+02:00 INFO  [ServerBootstrap] Graylog server 2.4.3+2c41897 starting up
2018-06-04T21:15:30.962+02:00 INFO  [ServerBootstrap] JRE: Oracle Corporation 1.8.0_161 on Linux 3.10.0-693.21.1.el7.x86_64
2018-06-04T21:15:30.962+02:00 INFO  [ServerBootstrap] Deployment: rpm
2018-06-04T21:15:30.963+02:00 INFO  [ServerBootstrap] OS: CentOS Linux 7 (Core) (centos)
2018-06-04T21:15:30.963+02:00 INFO  [ServerBootstrap] Arch: amd64
2018-06-04T21:15:30.966+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-04T21:15:46.001+02:00 INFO  [PeriodicalsService] Starting 25 periodicals ...
2018-06-04T21:15:46.002+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2018-06-04T21:15:46.014+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2018-06-04T21:15:46.015+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2018-06-04T21:15:46.015+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2018-06-04T21:15:46.015+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2018-06-04T21:15:46.019+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2018-06-04T21:15:46.019+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2018-06-04T21:15:46.019+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2018-06-04T21:15:46.020+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2018-06-04T21:15:46.020+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2018-06-04T21:15:46.020+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2018-06-04T21:15:46.021+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2018-06-04T21:15:46.021+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2018-06-04T21:15:46.021+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2018-06-04T21:15:46.021+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2018-06-04T21:15:46.021+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2018-06-04T21:15:46.022+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2018-06-04T21:15:46.024+02:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:2764}] to localhost:27017
2018-06-04T21:15:46.041+02:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:2765}] to localhost:27017
2018-06-04T21:15:46.043+02:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2018-06-04T21:15:46.043+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2018-06-04T21:15:46.043+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2018-06-04T21:15:46.046+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2018-06-04T21:15:46.048+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2018-06-04T21:15:46.048+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2018-06-04T21:15:46.059+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2018-06-04T21:15:46.059+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2018-06-04T21:15:46.064+02:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2018-06-04T21:15:46.066+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@698165c0] STARTING
2018-06-04T21:15:46.066+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@20847581] STARTING
2018-06-04T21:15:46.066+02:00 WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-06-04T21:15:46.066+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@7b79658e] STARTING
2018-06-04T21:15:46.070+02:00 WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-06-04T21:15:46.065+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <tor-exit-node/5ac37ce361a3b445286ea5cc/@698165c0>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: TOR service is disabled, not starting TOR exit addresses adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.tor.TorExitNodeDataAdapter.doStart(TorExitNodeDataAdapter.java:73) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-04T21:15:46.072+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0/@5550f3bc>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-04T21:15:46.065+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <spamhaus-drop/5ac37ce361a3b445286ea5cf/@20847581>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Spamhaus service is disabled, not starting (E)DROP adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.spamhaus.SpamhausEDROPDataAdapter.doStart(SpamhausEDROPDataAdapter.java:68) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-04T21:15:46.075+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd/@456eaf21>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-04T21:15:46.084+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7bec57db] STARTING
2018-06-04T21:15:46.084+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7bec57db] RUNNING
2018-06-04T21:15:46.084+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@7b79658e] RUNNING
2018-06-04T21:15:46.084+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5550f3bc] STARTING
2018-06-04T21:15:46.084+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5550f3bc] RUNNING
2018-06-04T21:15:46.085+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@698165c0] RUNNING
2018-06-04T21:15:46.085+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@3166c2db] STARTING
2018-06-04T21:15:46.085+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@3166c2db] RUNNING
2018-06-04T21:15:46.085+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@20847581] RUNNING
2018-06-04T21:15:46.085+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@456eaf21] STARTING
2018-06-04T21:15:46.085+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@456eaf21] RUNNING
2018-06-04T21:15:46.115+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b] STARTING
2018-06-04T21:15:46.117+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b] RUNNING
2018-06-04T21:15:46.118+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@67d371f4] STARTING
2018-06-04T21:15:46.118+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@67d371f4] RUNNING
2018-06-04T21:15:46.118+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@24ceb996] STARTING
2018-06-04T21:15:46.118+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@24ceb996] RUNNING
2018-06-04T21:15:46.118+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@4da8b463] STARTING
2018-06-04T21:15:46.118+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@4da8b463] RUNNING
2018-06-04T21:15:46.119+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@64ac1930] STARTING
2018-06-04T21:15:46.119+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@64ac1930] RUNNING
2018-06-04T21:15:46.127+02:00 INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-ip/5ac37ce461a3b445286ea5d4 [@44b581ac] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b], data adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5550f3bc]
2018-06-04T21:15:46.127+02:00 INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-domains/5ac37ce461a3b445286ea5d5 [@5ce3262f] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b], data adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@456eaf21]
2018-06-04T21:15:46.128+02:00 INFO  [LookupTableService] Starting lookup table tor-exit-node-list/5ac37ce461a3b445286ea5d6 [@1df9a4e0] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b], data adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@698165c0]
2018-06-04T21:15:46.128+02:00 INFO  [LookupTableService] Starting lookup table whois/5ac37ce461a3b445286ea5d7 [@38e750f] using cache whois-cache/5ac37ce361a3b445286ea5c9 [@64ac1930], data adapter whois/5ac37ce461a3b445286ea5d2 [@3166c2db]
2018-06-04T21:15:46.128+02:00 INFO  [LookupTableService] Starting lookup table otx-api-domain/5ac37ce461a3b445286ea5d8 [@6b5e3c33] using cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@24ceb996], data adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7bec57db]
2018-06-04T21:15:46.128+02:00 INFO  [LookupTableService] Starting lookup table spamhaus-drop/5ac37ce461a3b445286ea5d9 [@2e49ad29] using cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@67d371f4], data adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@20847581]
2018-06-04T21:15:46.128+02:00 INFO  [LookupTableService] Starting lookup table otx-api-ip/5ac37ce461a3b445286ea5da [@7e47d2a4] using cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@4da8b463], data adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@7b79658e]
2018-06-04T21:15:46.289+02:00 ERROR [ServiceManager] Service JerseyService [FAILED] has failed in the STARTING state.
java.io.IOException: overrun, bytes = 1197
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_161]
        at org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) ~[graylog.jar:?]
        at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:98) ~[graylog.jar:?]
        at org.graylog2.shared.initializers.JerseyService.buildSslEngineConfigurator(JerseyService.java:382) ~[graylog.jar:?]
        at org.graylog2.shared.initializers.JerseyService.startUpApi(JerseyService.java:206) ~[graylog.jar:?]
        at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService.java:140) ~[graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-04T21:15:46.292+02:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Failed [LB:DEAD]
2018-06-04T21:15:46.293+02:00 ERROR [InputSetupService] Not starting any inputs because lifecycle is: Failed [LB:DEAD]
2018-06-04T21:15:46.297+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.AlertScannerThread].
2018-06-04T21:15:46.298+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>.
2018-06-04T21:15:46.298+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2018-06-04T21:15:46.298+02:00 INFO  [LogManager] Shutting down.
2018-06-04T21:15:46.303+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@24ceb996] STOPPING, was RUNNING
2018-06-04T21:15:46.303+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@4da8b463] STOPPING, was RUNNING
2018-06-04T21:15:46.304+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@4da8b463] TERMINATED, was STOPPING
2018-06-04T21:15:46.304+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b] STOPPING, was RUNNING
2018-06-04T21:15:46.304+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@36cea10b] TERMINATED, was STOPPING
2018-06-04T21:15:46.304+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@67d371f4] STOPPING, was RUNNING
2018-06-04T21:15:46.304+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@67d371f4] TERMINATED, was STOPPING
2018-06-04T21:15:46.303+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@24ceb996] TERMINATED, was STOPPING
2018-06-04T21:15:46.305+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@64ac1930] STOPPING, was RUNNING
2018-06-04T21:15:46.305+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@64ac1930] TERMINATED, was STOPPING
2018-06-04T21:15:46.298+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2018-06-04T21:15:46.306+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2018-06-04T21:15:46.307+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2018-06-04T21:15:46.308+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2018-06-04T21:15:46.308+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.TrafficCounterCalculator].
2018-06-04T21:15:46.308+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.TrafficCounterCalculator] complete, took <0ms>.
2018-06-04T21:15:46.308+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2018-06-04T21:15:46.308+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2018-06-04T21:15:46.309+02:00 INFO  [JournalReader] Stopping.
2018-06-04T21:15:46.311+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5550f3bc] STOPPING, was RUNNING
2018-06-04T21:15:46.313+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@5550f3bc] TERMINATED, was STOPPING
2018-06-04T21:15:46.313+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7bec57db] STOPPING, was RUNNING
2018-06-04T21:15:46.312+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@7b79658e] STOPPING, was RUNNING
2018-06-04T21:15:46.314+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@7b79658e] TERMINATED, was STOPPING
2018-06-04T21:15:46.314+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@20847581] STOPPING, was RUNNING
2018-06-04T21:15:46.314+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@20847581] TERMINATED, was STOPPING
2018-06-04T21:15:46.313+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@3166c2db] STOPPING, was RUNNING
2018-06-04T21:15:46.315+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@3166c2db] TERMINATED, was STOPPING
2018-06-04T21:15:46.317+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@698165c0] STOPPING, was RUNNING
2018-06-04T21:15:46.317+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@698165c0] TERMINATED, was STOPPING
2018-06-04T21:15:46.317+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7bec57db] TERMINATED, was STOPPING
2018-06-04T21:15:46.318+02:00 INFO  [Buffers] Waiting until all buffers are empty.
2018-06-04T21:15:46.320+02:00 INFO  [Buffers] All buffers are empty. Continuing.
2018-06-04T21:15:46.320+02:00 INFO  [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2018-06-04T21:15:46.438+02:00 INFO  [LogManager] Shutdown complete.
2018-06-04T21:15:46.439+02:00 INFO  [LookupDataAdapterRefreshService] Stopping 0 jobs
2018-06-04T21:15:46.440+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@456eaf21] STOPPING, was RUNNING
2018-06-04T21:15:46.440+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@456eaf21] TERMINATED, was STOPPING
2018-06-04T21:15:46.441+02:00 INFO  [ServiceManagerListener] Services are now stopped.
2018-06-04T21:15:46.441+02:00 ERROR [ServerBootstrap] Graylog startup failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}
        at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:740) ~[graylog.jar:?]
        at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:553) ~[graylog.jar:?]
        at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:312) ~[graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:149) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) [graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
2018-06-04T21:15:46.443+02:00 INFO  [Server] SIGNAL received. Shutting down.
2018-06-04T21:15:46.448+02:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2018-06-04T21:15:46.448+02:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2018-06-04T21:15:46.449+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-04T21:15:50.450+02:00 INFO  [GracefulShutdown] Goodbye.
2018-06-04T21:16:13.426+02:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.3 [org.graylog.aws.plugin.AWSPlugin]
2018-06-04T21:16:13.429+02:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-06-04T21:16:13.429+02:00 INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.3 [org.graylog.plugins.cef.CEFInputPlugin]
2018-06-04T21:16:13.430+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.4.3 [org.graylog.plugins.collector.CollectorPlugin]
2018-06-04T21:16:13.430+02:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-06-04T21:16:13.431+02:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.3 [org.graylog.plugins.map.MapWidgetPlugin]
2018-06-04T21:16:13.432+02:00 INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.3 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-06-04T21:16:13.438+02:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-06-04T21:16:13.438+02:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-06-04T21:16:13.735+02:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2018-06-04T21:16:13.927+02:00 INFO  [Version] HV000001: Hibernate Validator 5.1.3.Final

it’s good there are all the logs you need ?

4

Make sure that the private key and the X.509 certificate are in a format which is supported by Graylog.
:arrow_right: http://docs.graylog.org/en/2.4/pages/configuration/https.html

5

Together with that statement of the configuration file

and the comment from the documentation regarding the JVM truststore it should be clear what is needed at what location

http://docs.graylog.org/en/2.4/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store

additional the URL you use to connect to Graylog (exclude the port) should be in your certificate present.

6

I redid the maniplution with one new certificat with the script.
i generat a certificat -h https -i 192.168.10.1 -s secretpassword

result: 
https.cert.pem https.pkcs8-encrypted.key.pem https.pkcs5-plain.key.pem  https.pkcs8-plain.key.pem

after i adding a the certificate to the JVM trust store i dot that :

i dot the symbolic link
cp -a /usr/lib/jvm/jre-openjdk/lib/security/cacerts /etc/graylog/server/certfiles/https/cacerts.jks

after i import the certificat :
keytool -importcert -keystore  cacert.jks -storepass secretpassword -alias graylog-self-signed -file graylog.ifs.cert.pem

and i look if this is good:
keytool -keystore cacerts.jks -storepass secretpassword -list | grep graylog-self-signed -A1
result; 
graylog-self-signed, 5 juin 2018, trustedCertEntry,
Empreinte du certificat (SHA1) :

now on my server.conf

web_listen_uri = https://192.168.10.1:9000/
web_endpoint_uri = https://192.168.10.1:12900/
web_enable_tls = true
web_tls_cert_file = /etc/graylog/server/certfiles/https/https.cert.pem
web_tls_key_file = /etc/graylog/server/certfiles/https/https.pkcs8-plain.key.pem
web_tls_key_password = secretpassword

rest_listen_uri = https://192.168.10.1:12900/api/
rest_transport_uri = https://192.168.10.1:9000/api/
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/certfiles/https.cert.pem
rest_tls_key_file = /etc/graylog/server/certfiles/https.pkcs8-plain.key.pem
rest_tls_key_password = secretpassword

log



2018-06-05T10:27:05.285+02:00 INFO  [ServerBootstrap] Deployment: rpm
2018-06-05T10:27:05.285+02:00 INFO  [ServerBootstrap] OS: CentOS Linux 7 (Core) (centos)
2018-06-05T10:27:05.285+02:00 INFO  [ServerBootstrap] Arch: amd64
2018-06-05T10:27:05.287+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-05T10:27:20.323+02:00 INFO  [PeriodicalsService] Starting 25 periodicals ...
2018-06-05T10:27:20.324+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
2018-06-05T10:27:20.324+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
2018-06-05T10:27:20.324+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
2018-06-05T10:27:20.331+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
2018-06-05T10:27:20.331+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
2018-06-05T10:27:20.342+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
2018-06-05T10:27:20.350+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
2018-06-05T10:27:20.350+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
2018-06-05T10:27:20.355+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
2018-06-05T10:27:20.355+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
2018-06-05T10:27:20.355+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
2018-06-05T10:27:20.358+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
2018-06-05T10:27:20.359+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
2018-06-05T10:27:20.359+02:00 INFO  [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
2018-06-05T10:27:20.359+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
2018-06-05T10:27:20.361+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
2018-06-05T10:27:20.365+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
2018-06-05T10:27:20.390+02:00 INFO  [connection] Opened connection [connectionId{localValue:5, serverValue:7768}] to localhost:27017
2018-06-05T10:27:20.390+02:00 INFO  [connection] Opened connection [connectionId{localValue:4, serverValue:7767}] to localhost:27017
2018-06-05T10:27:20.394+02:00 INFO  [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
2018-06-05T10:27:20.394+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
2018-06-05T10:27:20.395+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
2018-06-05T10:27:20.399+02:00 INFO  [connection] Opened connection [connectionId{localValue:6, serverValue:7769}] to localhost:27017
2018-06-05T10:27:20.399+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
2018-06-05T10:27:20.399+02:00 INFO  [connection] Opened connection [connectionId{localValue:7, serverValue:7770}] to localhost:27017
2018-06-05T10:27:20.400+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
2018-06-05T10:27:20.401+02:00 INFO  [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
2018-06-05T10:27:20.402+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
2018-06-05T10:27:20.412+02:00 INFO  [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
2018-06-05T10:27:20.422+02:00 INFO  [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
2018-06-05T10:27:20.426+02:00 WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-06-05T10:27:20.431+02:00 WARN  [OTXDataAdapter] OTX API key is missing. Make sure to add the key to allow higher request limits.
2018-06-05T10:27:20.434+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd/@62f4dc8>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-05T10:27:20.460+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <tor-exit-node/5ac37ce361a3b445286ea5cc/@5fca3542>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: TOR service is disabled, not starting TOR exit addresses adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.tor.TorExitNodeDataAdapter.doStart(TorExitNodeDataAdapter.java:73) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-05T10:27:20.463+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <spamhaus-drop/5ac37ce361a3b445286ea5cf/@4129f99>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Spamhaus service is disabled, not starting (E)DROP adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.spamhaus.SpamhausEDROPDataAdapter.doStart(SpamhausEDROPDataAdapter.java:68) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-05T10:27:20.470+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@4129f99] STARTING
2018-06-05T10:27:20.470+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@4129f99] RUNNING
2018-06-05T10:27:20.470+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@557e989e] STARTING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@62f4dc8] STARTING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@557e989e] RUNNING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@62f4dc8] RUNNING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7ea3d280] STARTING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7ea3d280] RUNNING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@69f29095] STARTING
2018-06-05T10:27:20.471+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@69f29095] RUNNING
2018-06-05T10:27:20.472+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@5fca3542] STARTING
2018-06-05T10:27:20.472+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@4365ad1b] STARTING
2018-06-05T10:27:20.472+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@5fca3542] RUNNING
2018-06-05T10:27:20.474+02:00 ERROR [LookupDataAdapter] Couldn't start data adapter <abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0/@4365ad1b>
org.graylog.plugins.threatintel.tools.AdapterDisabledException: Abuse.ch service is disabled, not starting adapter. To enable it please go to System / Configurations.
        at org.graylog.plugins.threatintel.adapters.abusech.AbuseChRansomAdapter.doStart(AbuseChRansomAdapter.java:80) ~[?:?]
        at org.graylog2.plugin.lookup.LookupDataAdapter.startUp(LookupDataAdapter.java:59) [graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-05T10:27:20.474+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@4365ad1b] RUNNING
2018-06-05T10:27:20.498+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@ce88c88] STARTING
2018-06-05T10:27:20.498+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@ce88c88] RUNNING
2018-06-05T10:27:20.499+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@4fe17df1] STARTING
2018-06-05T10:27:20.500+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@4fe17df1] RUNNING
2018-06-05T10:27:20.515+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0] STARTING
2018-06-05T10:27:20.517+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@341cbd69] STARTING
2018-06-05T10:27:20.517+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@341cbd69] RUNNING
2018-06-05T10:27:20.517+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0] RUNNING
2018-06-05T10:27:20.518+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@1e0b8a14] STARTING
2018-06-05T10:27:20.518+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@1e0b8a14] RUNNING
2018-06-05T10:27:20.533+02:00 INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-ip/5ac37ce461a3b445286ea5d4 [@58910f24] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0], data adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@4365ad1b]
2018-06-05T10:27:20.533+02:00 INFO  [LookupTableService] Starting lookup table abuse-ch-ransomware-domains/5ac37ce461a3b445286ea5d5 [@2be54d53] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0], data adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@62f4dc8]
2018-06-05T10:27:20.533+02:00 INFO  [LookupTableService] Starting lookup table tor-exit-node-list/5ac37ce461a3b445286ea5d6 [@a73f0dc] using cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0], data adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@5fca3542]
2018-06-05T10:27:20.533+02:00 INFO  [LookupTableService] Starting lookup table whois/5ac37ce461a3b445286ea5d7 [@4b642ec1] using cache whois-cache/5ac37ce361a3b445286ea5c9 [@4fe17df1], data adapter whois/5ac37ce461a3b445286ea5d2 [@69f29095]
2018-06-05T10:27:20.533+02:00 INFO  [LookupTableService] Starting lookup table otx-api-domain/5ac37ce461a3b445286ea5d8 [@1b5cf0a6] using cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@1e0b8a14], data adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7ea3d280]
2018-06-05T10:27:20.534+02:00 INFO  [LookupTableService] Starting lookup table spamhaus-drop/5ac37ce461a3b445286ea5d9 [@1a52a94b] using cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@ce88c88], data adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@4129f99]
2018-06-05T10:27:20.534+02:00 INFO  [LookupTableService] Starting lookup table otx-api-ip/5ac37ce461a3b445286ea5da [@f325fcd] using cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@341cbd69], data adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@557e989e]
2018-06-05T10:27:20.678+02:00 ERROR [ServiceManager] Service JerseyService [FAILED] has failed in the STARTING state.
java.io.IOException: overrun, bytes = 1195
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_161]
        at org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) ~[graylog.jar:?]
        at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:98) ~[graylog.jar:?]
        at org.graylog2.shared.initializers.JerseyService.buildSslEngineConfigurator(JerseyService.java:382) ~[graylog.jar:?]
        at org.graylog2.shared.initializers.JerseyService.startUpApi(JerseyService.java:206) ~[graylog.jar:?]
        at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService.java:140) ~[graylog.jar:?]
        at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
        at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
2018-06-05T10:27:20.680+02:00 INFO  [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Failed [LB:DEAD]
2018-06-05T10:27:20.681+02:00 ERROR [InputSetupService] Not starting any inputs because lifecycle is: Failed [LB:DEAD]
2018-06-05T10:27:20.685+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.AlertScannerThread].
2018-06-05T10:27:20.685+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>.
2018-06-05T10:27:20.685+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
2018-06-05T10:27:20.685+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
2018-06-05T10:27:20.685+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
2018-06-05T10:27:20.685+02:00 INFO  [LogManager] Shutting down.
2018-06-05T10:27:20.685+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
2018-06-05T10:27:20.687+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@1e0b8a14] STOPPING, was RUNNING
2018-06-05T10:27:20.686+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
2018-06-05T10:27:20.687+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
2018-06-05T10:27:20.687+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2018-06-05T10:27:20.687+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
2018-06-05T10:27:20.687+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2018-06-05T10:27:20.687+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@341cbd69] STOPPING, was RUNNING
2018-06-05T10:27:20.688+02:00 INFO  [LookupTableService] Cache otx-api-ip-cache/5ac37ce361a3b445286ea5ca [@341cbd69] TERMINATED, was STOPPING
2018-06-05T10:27:20.688+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0] STOPPING, was RUNNING
2018-06-05T10:27:20.690+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
2018-06-05T10:27:20.690+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
2018-06-05T10:27:20.691+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
2018-06-05T10:27:20.691+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.TrafficCounterCalculator].
2018-06-05T10:27:20.691+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.TrafficCounterCalculator] complete, took <0ms>.
2018-06-05T10:27:20.692+02:00 INFO  [PeriodicalsService] Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
2018-06-05T10:27:20.692+02:00 INFO  [PeriodicalsService] Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
2018-06-05T10:27:20.695+02:00 INFO  [LookupTableService] Cache otx-api-domain-cache/5ac37ce361a3b445286ea5c7 [@1e0b8a14] TERMINATED, was STOPPING
2018-06-05T10:27:20.695+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@ce88c88] STOPPING, was RUNNING
2018-06-05T10:27:20.695+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@4fe17df1] STOPPING, was RUNNING
2018-06-05T10:27:20.695+02:00 INFO  [LookupTableService] Cache whois-cache/5ac37ce361a3b445286ea5c9 [@4fe17df1] TERMINATED, was STOPPING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@4129f99] STOPPING, was RUNNING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter spamhaus-drop/5ac37ce361a3b445286ea5cf [@4129f99] TERMINATED, was STOPPING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@557e989e] STOPPING, was RUNNING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@69f29095] STOPPING, was RUNNING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter otx-api-ip/5ac37ce361a3b445286ea5ce [@557e989e] TERMINATED, was STOPPING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter whois/5ac37ce461a3b445286ea5d2 [@69f29095] TERMINATED, was STOPPING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@5fca3542] STOPPING, was RUNNING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Cache threat-intel-uncached-adapters/5ac37ce361a3b445286ea5c6 [@63d56af0] TERMINATED, was STOPPING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter tor-exit-node/5ac37ce361a3b445286ea5cc [@5fca3542] TERMINATED, was STOPPING
2018-06-05T10:27:20.696+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@62f4dc8] STOPPING, was RUNNING
2018-06-05T10:27:20.697+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7ea3d280] STOPPING, was RUNNING
2018-06-05T10:27:20.697+02:00 INFO  [LookupTableService] Data Adapter otx-api-domain/5ac37ce361a3b445286ea5d1 [@7ea3d280] TERMINATED, was STOPPING
2018-06-05T10:27:20.697+02:00 INFO  [LookupTableService] Cache spamhaus-e-drop-cache/5ac37ce361a3b445286ea5c8 [@ce88c88] TERMINATED, was STOPPING
2018-06-05T10:27:20.697+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-domains/5ac37ce361a3b445286ea5cd [@62f4dc8] TERMINATED, was STOPPING
2018-06-05T10:27:20.810+02:00 INFO  [LookupDataAdapterRefreshService] Stopping 0 jobs
2018-06-05T10:27:20.810+02:00 INFO  [JournalReader] Stopping.
2018-06-05T10:27:20.695+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@4365ad1b] STOPPING, was RUNNING
2018-06-05T10:27:20.812+02:00 INFO  [LookupTableService] Data Adapter abuse-ch-ransomware-ip/5ac37ce361a3b445286ea5d0 [@4365ad1b] TERMINATED, was STOPPING
2018-06-05T10:27:20.817+02:00 INFO  [Buffers] Waiting until all buffers are empty.
2018-06-05T10:27:20.818+02:00 INFO  [Buffers] All buffers are empty. Continuing.
2018-06-05T10:27:20.819+02:00 INFO  [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput
2018-06-05T10:27:20.825+02:00 INFO  [LogManager] Shutdown complete.
2018-06-05T10:27:20.827+02:00 INFO  [ServiceManagerListener] Services are now stopped.
2018-06-05T10:27:20.827+02:00 ERROR [ServerBootstrap] Graylog startup failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}
        at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:740) ~[graylog.jar:?]
        at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:553) ~[graylog.jar:?]
        at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:312) ~[graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:149) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) [graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
2018-06-05T10:27:20.827+02:00 INFO  [Server] SIGNAL received. Shutting down.
2018-06-05T10:27:20.833+02:00 INFO  [GracefulShutdown] Graceful shutdown initiated.
2018-06-05T10:27:20.833+02:00 INFO  [GracefulShutdown] Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
2018-06-05T10:27:20.833+02:00 WARN  [DeadEventLoggingListener] Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
2018-06-05T10:27:24.835+02:00 INFO  [GracefulShutdown] Goodbye.
2018-06-05T10:27:47.682+02:00 INFO  [CmdLineTool] Loaded plugin: AWS plugins 2.4.3 [org.graylog.aws.plugin.AWSPlugin]
2018-06-05T10:27:47.684+02:00 INFO  [CmdLineTool] Loaded plugin: Elastic Beats Input 2.4.3 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-06-05T10:27:47.685+02:00 INFO  [CmdLineTool] Loaded plugin: CEF Input 2.4.3 [org.graylog.plugins.cef.CEFInputPlugin]
2018-06-05T10:27:47.686+02:00 INFO  [CmdLineTool] Loaded plugin: Collector 2.4.3 [org.graylog.plugins.collector.CollectorPlugin]
2018-06-05T10:27:47.686+02:00 INFO  [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 2.4.3 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-06-05T10:27:47.687+02:00 INFO  [CmdLineTool] Loaded plugin: MapWidgetPlugin 2.4.3 [org.graylog.plugins.map.MapWidgetPlugin]
2018-06-05T10:27:47.687+02:00 INFO  [CmdLineTool] Loaded plugin: NetFlow Plugin 2.4.3 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-06-05T10:27:47.694+02:00 INFO  [CmdLineTool] Loaded plugin: Pipeline Processor Plugin 2.4.3 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-06-05T10:27:47.694+02:00 INFO  [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 2.4.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2018-06-05T10:27:47.996+02:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2018-06-05T10:27:48.192+02:00 INFO  [Version] HV000001: Hibernate Validator 5.1.3.Final
2018-06-05T10:28:00.256+02:00 INFO  [InputBufferImpl] Message journal is enabled.
2018-06-05T10:28:00.277+02:00 INFO  [NodeId] Node ID: c910ac4e-778c-4485-bcda-3aa3f93a0580
2018-06-05T10:28:00.465+02:00 INFO  [LogManager] Loading logs.
2018-06-05T10:28:00.510+02:00 INFO  [LogManager] Logs loading complete.
2018-06-05T10:28:00.510+02:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2018-06-05T10:28:00.523+02:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2018-06-05T10:28:00.541+02:00 INFO  [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
2018-06-05T10:28:00.584+02:00 INFO  [cluster] No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=localhost:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
2018-06-05T10:28:00.592+02:00 INFO  [connection] Opened connection [connectionId{localValue:1, serverValue:7771}] to localhost:27017
2018-06-05T10:28:00.594+02:00 INFO  [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 6, 3]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, roundTripTimeNanos=439795}
2018-06-05T10:28:00.598+02:00 INFO  [connection] Opened connection [connectionId{localValue:2, serverValue:7772}] to localhost:27017

Same error,I don’t know if i forget one step or i dont understand on step

7

Are you sure that this private key is protected by a password?

8

Oh yes it’s my fail:i switch https.pkcs8-plain.key.pem by https.pkcs8-encrypted.key this work now

Thank you so mutch.

9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.