Trouble getting inputs to work (ProxiedResource)

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I’m trying to get Graylog to receive logs from my pfSense box. However, whenever I start the input I get the following error:

Input 'pfSense' could not be started
Request to start input 'pfSense' failed. Check your Graylog logs for more information.

In my /var/log/graylog-server/server.log I only have this warning constantly repeating itself:

15d23h25m25s│/var/log/graylog-server/server.log│2022-01-06T22:05:31.199+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m25s│/var/log/graylog-server/server.log│2022-01-06T22:05:31.207+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m27s│/var/log/graylog-server/server.log│2022-01-06T22:05:33.199+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m27s│/var/log/graylog-server/server.log│2022-01-06T22:05:33.210+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m29s│/var/log/graylog-server/server.log│2022-01-06T22:05:35.233+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m29s│/var/log/graylog-server/server.log│2022-01-06T22:05:35.244+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m31s│/var/log/graylog-server/server.log│2022-01-06T22:05:37.243+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m31s│/var/log/graylog-server/server.log│2022-01-06T22:05:37.254+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m33s│/var/log/graylog-server/server.log│2022-01-06T22:05:39.256+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m33s│/var/log/graylog-server/server.log│2022-01-06T22:05:39.268+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m35s│/var/log/graylog-server/server.log│2022-01-06T22:05:41.276+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m35s│/var/log/graylog-server/server.log│2022-01-06T22:05:41.296+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m37s│/var/log/graylog-server/server.log│2022-01-06T22:05:43.287+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m37s│/var/log/graylog-server/server.log│2022-01-06T22:05:43.313+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m39s│/var/log/graylog-server/server.log│2022-01-06T22:05:45.299+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m39s│/var/log/graylog-server/server.log│2022-01-06T22:05:45.310+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m41s│/var/log/graylog-server/server.log│2022-01-06T22:05:47.325+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m41s│/var/log/graylog-server/server.log│2022-01-06T22:05:47.336+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m43s│/var/log/graylog-server/server.log│2022-01-06T22:05:49.337+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m43s│/var/log/graylog-server/server.log│2022-01-06T22:05:49.346+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │
15d23h25m45s│/var/log/graylog-server/server.log│2022-01-06T22:05:51.346+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/metrics/multipl│
15d23h25m45s│/var/log/graylog-server/server.log│2022-01-06T22:05:51.358+01:00 WARN  [ProxiedResource] Unable to call https://192.168.20.27:9000/api/system/inputstates on │

I can’t any error message only the [ProxiedResource] warning.

I’m running Graylog 4.2.5+59802bf on logserver.mydomain.com / 192.168.20.27

Debian 11.0.13 on Linux 5.10.0-10-amd64.

My Graylog server is running behind HAProxy (on my pfSense) to provide a SSL Let’s certificate. When visiting the web interface it is correctly SSL verified.

Here is the uncommented lines of my server.conf file:

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = some-secret
root_password_sha2 = some-text
root_timezone = Europe/Copenhagen
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 192.168.20.27:9000
http_enable_tls = true
http_tls_cert_file = /etc/ssl/graylog/graylog-cert.pem
http_tls_key_file = /etc/ssl/graylog/graylog-key.pem
http_tls_key_password = my_password
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32

I have searched online but without any help. I don’t know how to debug so any help is highly appreciated.

Hello,
Have you tried this setting.

http_publish_uri = https://192.168.20.27:9000/

So you should have this.

http_bind_address = 192.168.20.27:9000
http_publish_uri = https://192.168.20.27:9000/
http_enable_tls = true
http_tls_cert_file = /etc/ssl/graylog/graylog-cert.pem
http_tls_key_file = /etc/ssl/graylog/graylog-key.pem
http_tls_key_password = my_password

Then restart GL service.
Hope that helps

Thanks for your reply. I have added http_publish_uri = https://192.168.20.27:9000/ but that doesn’t fix the warning in the server.log or fix the problem with the input.

ANy suggestions on how I can further the debug process?

Just another question. I have set up a self-signed certificate using this guide on https.

I just want to be sure. This guide contains several different sections:

• Things to consider
• Certificate/Key file format* Creating a self-signed private key/certificate
• Converting a PKCS #12 (PFX) file to private key and certificate pair
• Converting an existing Java Keystore to private key/certificate pair
• Sample files
• Adding a self-signed certificate to the JVM trust store

I only followed the " Creating a self-signed private key/certificate" section. Is that correct? As I understand it the other sections describes alternative ways of enabling https, right?

Thanks in advance.

Okay, it seems that I didn’t add the cacerts to my java keystore. It is done now and everything is running fine.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.