Unable to access Graylog WebUI

Graylog Central (peer support)
1

1. Describe your incident:

First time installing and configuring Graylog. I’ve been following the official documentation.

2. Describe your environment:

  • OS Information:

CentOS 8 Stream

  • Package Version:

Mongodbdb v6.0.4
Opensearch v2.5.0
Graylog v5.0.3-1

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

Disabled SELinux
Rebooted VM

4. How can the community help?

Everything appears to have installed correctly. All services are up and running. Port 9000 appears to be open, but I am unable to access the WebUI on port 9000.

I’ve tried different browsers and different computers. What am I missing?

2
3

I’ve been following this step-by-step
https://go2docs.graylog.org/5-0/downloading_and_installing_graylog/red_hat_installation.htm

And also following this YouTube tutorial

4 
[aqxea@graylog /]$ sudo netstat -an | grep 9000
[sudo] password for aqxea:
tcp6       0      0 192.168.1.148:9000      :::*                    LISTEN
[aqxea@graylog /]$
5

I am running this in a VM in VMware Workstation 16 Pro if that matters.

6

Hello && welcome @aqxea

I went over all your configurtion and logs, what I was noticing was these errors through our you log file.

ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: Failed to connect to /127.0.0.1:9200. - Connection refused.
INFO  [VersionProbe] Elasticsearch is not available. Retry #2
ERROR [MongoDBProcessingStatusRecorderService] Couldn't persist processing status
ERROR [InMemoryRolePermissionResolver] Could not find roles collection, no user roles updated
ConnectException: Connection refused

Looking over your OS config I dont see the port 9200 open
Example of mine

[root@graylog opensearch]# cat /etc/opensearch/opensearch.yml  | egrep -v "^\s*(#|$)"
cluster.name: graylog
path.data: /var/lib/opensearch
path.logs: /var/log/opensearch
network.host: 127.0.0.1
http.port: 9200
action.auto_create_index: false
discovery.type: single-node
bootstrap.memory_lock: true
plugins.security.disabled: true
plugins.security.system_indices.enabled: false
[root@graylog opensearch]#

What I have noticed in the forum and depending on users environment, localhost may not work, but using the loop back address does. What I have done in my GL configuration file is set it like this

elasticsearch_hosts = http://127.0.0.1:9200

This matches my opensearch.yml file above.

TBH having 0.0.0.0 states “connect to anything”, not good for security reseasons.

As for MongoDb logs.

caused by: java.net.ConnectException: Connection refused

Check MongoDb config file

#Network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1  # Listen to local interface only, comment to listen on all interfaces.
  # bindIp: 0.0.0.0

With Graylog you can login the Web UI without opensearch running BUT you cannot without MongoDb.

EDIT: I just realize you stated that this VM was rebooted, this maybe the reason why the logs shown " Elasticsearch is not available. Retry #1", Sidenote, ensure the address are reachable over you network.

7

Hello gsmith. Thank you for your reply. I’m not sure why the logs even mention Elasticsearch since it’s not installed. If I understood the documentation correctly, Opensearch is the preferred analytics suite.

8

This is my mongod.conf file. I didn’t change anything because it appears to be the same as yours.

I did uncomment ‘elasticsearch_hosts = http://127.0.0.1:9200’ in my GL config file and rebooted. Still no WebUI when I navigate to http://192.168.1.148:9200 in my web browser.

9

This is my /var/log/graylog/server.log file after I made the changes this morning and rebooted.

10

The status of all of my services. Everything appears to be running.

11

It’s working!
In /etc/graylog/server/server.conf i changed http_bind_address = 0.0.0.0:9000
It was set to 192.168.1.148:9000 which is the IP address of the graylog server.

1 Like
12

@aqxea

Awesome, glad you resolved it.

This shouldnot be a issue with using your IP Address. But it would depened on you network configurations. Unfortunately for security reason we dont use 0.0.0.0, its either loopback address or static IP address.

13

How is in insecure to use 0.0.0.0 for the http_bind_address?

14

Hey @aqxea

For production environments we need routable addresses because 0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown, or non-applicable target (a ‘no particular address’ place holder).
0.0.0.0 means all IPv4 addresses on the local machine. If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs.
In the context of routing, 0.0.0.0 usually means the default route, i.e. the route which leads to ‘the rest of’ the Internet instead of somewhere on the local network.

It can be perfectly fine for what you doing.

15

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.