Trouble getting inputs to work (ProxiedResource)

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I’m trying to get Graylog to receive logs from my pfSense box. However, whenever I start the input I get the following error:

Input 'pfSense' could not be started
Request to start input 'pfSense' failed. Check your Graylog logs for more information.

In my /var/log/graylog-server/server.log I only have this warning constantly repeating itself:

15d23h25m25s│/var/log/graylog-server/server.log│2022-01-06T22:05:31.199+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m25s│/var/log/graylog-server/server.log│2022-01-06T22:05:31.207+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m27s│/var/log/graylog-server/server.log│2022-01-06T22:05:33.199+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m27s│/var/log/graylog-server/server.log│2022-01-06T22:05:33.210+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m29s│/var/log/graylog-server/server.log│2022-01-06T22:05:35.233+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m29s│/var/log/graylog-server/server.log│2022-01-06T22:05:35.244+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m31s│/var/log/graylog-server/server.log│2022-01-06T22:05:37.243+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m31s│/var/log/graylog-server/server.log│2022-01-06T22:05:37.254+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m33s│/var/log/graylog-server/server.log│2022-01-06T22:05:39.256+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m33s│/var/log/graylog-server/server.log│2022-01-06T22:05:39.268+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m35s│/var/log/graylog-server/server.log│2022-01-06T22:05:41.276+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m35s│/var/log/graylog-server/server.log│2022-01-06T22:05:41.296+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m37s│/var/log/graylog-server/server.log│2022-01-06T22:05:43.287+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m37s│/var/log/graylog-server/server.log│2022-01-06T22:05:43.313+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m39s│/var/log/graylog-server/server.log│2022-01-06T22:05:45.299+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m39s│/var/log/graylog-server/server.log│2022-01-06T22:05:45.310+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m41s│/var/log/graylog-server/server.log│2022-01-06T22:05:47.325+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m41s│/var/log/graylog-server/server.log│2022-01-06T22:05:47.336+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m43s│/var/log/graylog-server/server.log│2022-01-06T22:05:49.337+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m43s│/var/log/graylog-server/server.log│2022-01-06T22:05:49.346+01:00 WARN  [ProxiedResource] Unable to call on │
15d23h25m45s│/var/log/graylog-server/server.log│2022-01-06T22:05:51.346+01:00 WARN  [ProxiedResource] Unable to call│
15d23h25m45s│/var/log/graylog-server/server.log│2022-01-06T22:05:51.358+01:00 WARN  [ProxiedResource] Unable to call on │

I can’t any error message only the [ProxiedResource] warning.

I’m running Graylog 4.2.5+59802bf on /

Debian 11.0.13 on Linux 5.10.0-10-amd64.

My Graylog server is running behind HAProxy (on my pfSense) to provide a SSL Let’s certificate. When visiting the web interface it is correctly SSL verified.

Here is the uncommented lines of my server.conf file:

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = some-secret
root_password_sha2 = some-text
root_timezone = Europe/Copenhagen
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address =
http_enable_tls = true
http_tls_cert_file = /etc/ssl/graylog/graylog-cert.pem
http_tls_key_file = /etc/ssl/graylog/graylog-key.pem
http_tls_key_password = my_password
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32

I have searched online but without any help. I don’t know how to debug so any help is highly appreciated.

Have you tried this setting.

http_publish_uri =

So you should have this.

http_bind_address =
http_publish_uri =
http_enable_tls = true
http_tls_cert_file = /etc/ssl/graylog/graylog-cert.pem
http_tls_key_file = /etc/ssl/graylog/graylog-key.pem
http_tls_key_password = my_password

Then restart GL service.
Hope that helps

Thanks for your reply. I have added http_publish_uri = but that doesn’t fix the warning in the server.log or fix the problem with the input.

ANy suggestions on how I can further the debug process?

Just another question. I have set up a self-signed certificate using this guide on https.

I just want to be sure. This guide contains several different sections:

I only followed the " Creating a self-signed private key/certificate" section. Is that correct? As I understand it the other sections describes alternative ways of enabling https, right?

Thanks in advance.

Okay, it seems that I didn’t add the cacerts to my java keystore. It is done now and everything is running fine.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.