1. Describe your incident:
I installed ELK+Graylog in docker by of.documentation on localhost and tryed to send test echo message to raw tcp input like this:
❯ echo 'First log message' | nc 127.0.0.1 5555
command start, but not end, i tryed start in verbose mode:
❯ echo 'First log message' | nc -v localhost 5555
Connection to localhost 5555 port [tcp/*] succeeded!
And also i tryed with -w1 key:
❯ echo 'Firstw' | nc -v -w1 localhost 5555
Connection to localhost 5555 port [tcp/*] succeeded!
Go to “Search” and no one message exists in “All messages”.
After i check test input(data counter is changing when i send test msg):
Throughput / Metrics
1 minute average rate: 0 msg/s
Network IO: 0B 0B (total: 108.0B 0B )
Active connections: 1 (6 total)
Empty messages discarded: 0
Hide details
2. Describe your environment:
ubuntu desktop 20.04 amd64
-
Package Version:
graylog/graylog:4.2 -
Service logs, configurations, and environment variables:
docker-compose.yml
version: '3'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo:
image: mongo:4.2
networks:
- graylog
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:4.2
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
- graylog
restart: always
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# TEST TCP RAW
- 5000:5000
networks:
graylog:
driver: bridge
docker ps
❯ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
412902d488b5 graylog/graylog:4.2 "/usr/bin/tini -- wa…" 37 minutes ago Up 37 minutes (healthy) 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp, 0.0.0.0:5555->5555/tcp, :::5555->5555/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:1514->1514/udp, :::9000->9000/tcp, :::1514->1514/udp, 0.0.0.0:12201->12201/tcp, 0.0.0.0:12201->12201/udp, :::12201->12201/tcp, :::12201->12201/udp graylog_graylog_1
1705af159343 docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 "/tini -- /usr/local…" 37 minutes ago Up 37 minutes 9200/tcp, 9300/tcp graylog_elasticsearch_1
8ed690df4035 mongo:4.2 "docker-entrypoint.s…" 37 minutes ago Up 37 minutes 27017/tcp graylog_mongo_1
3. What steps have you already taken to try and solve the problem?
i tryed configure Graylog syslog input, but any message not comes
4. How can the community help?
Why it not works? Have you any idea? Thanks!
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]