Unable to login to Graylog

Graylog Central (peer support)
1

After deploying Graylog 6.1 with mongo 6.0.5 and opensearch 2, I’m unable to login to the web UI. After attempting to log in with the credentials I set in the docker-compose.yml file, it appears to just spin after selecting the Sign In button. Looking at the docker logs nothing jumps out at me, but the strange thing is, a lot of times if the server sits for a while, it will eventually work.

Is there a good way of troubleshooting this?

networks:
  graynet:
    driver: bridge

volumes:
  mongo_data:
    driver: local
  log_data:
    driver: local
  graylog_data:
    driver: local
  graylog_journal:
    driver: local

services:
   mongo:
    image: mongo:6.0.5-jammy
    container_name: mongodb
    volumes:
      - "${PWD}/data/mongodb/mongo_data:/data/db:z"
    networks:
      - graynet
    restart: unless-stopped

  
  opensearch:
    image: opensearchproject/opensearch:2
    container_name: opensearch
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      - "discovery.type=single-node"
      - "action.auto_create_index=false"
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
      - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=1qaz2wsx!QAZ@WSX"
    volumes:
      - "log_data:/usr/share/opensearch/data:z"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 262144
        hard: 262144
    ports:
      - 9200:9200/tcp
    networks:
      - graynet
    restart: unless-stopped

  graylog:
    image: graylog/graylog:6.1
    container_name: graylog
    environment:
    GRAYLOG_PASSWORD_SECRET: "pUj0XLCi2gk74lh3QE6KNIC8eMdiVGiD7UWJBKsWH4LDqUteuO42a0XmuW3RoLrQo5SheDUlGK8VX8GdwZbwkknhh5xo8J3k"
    GRAYLOG_ROOT_PASSWORD_SHA2: "a0bcdee13fd9bf8695b311d374f1b139cd423bcae884255fd3d5240f74aa1ff9"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
      GRAYLOG_MESSAGE_JOURNAL_MAX_SIZE: "10gb"
      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
      GRAYLOG_CONTENT_PACKS_LOADER_ENABLED: true
      GRAYLOG_CONTENT_PACKS_DIR: "/usr/share/graylog/contentpacks"
      GRAYLOG_CONTENT_PACKS_AUTO_INSTALL: "Windows-10-Only-Security-Content-Pack.json"
      GRAYLOG_ROOT_TIMEZONE: "America/New_York"
      GRAYLOG_TIMEZONE: "America/New_York"
      TZ: "America/New_York"

    entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh
    volumes:
      - "${PWD}/config/tls:/opt/graylog/tls:z"
      - "${PWD}/data/graylog/graylog_data/contentpacks:/usr/share/graylog/contentpacks:z"
      - "${PWD}/data/graylog/srv:/srv:z"
      - "${PWD}/config/graylog/graylog.conf:/usr/share/graylog/config/graylog.conf:z"
      - "${PWD}/data/graylog/graylog_data:/usr/share/graylog/data/data:z"
      - "${PWD}/data/graylog/graylog_journal:/usr/share/graylog/data/journal:z"
    networks:
      - graynet
    restart: always
    depends_on:
      opensearch:
        condition: "service_started"
      mongo:
        condition: "service_started"
    ports:
      - 9000:9000/tcp   # Graylog web interface and REST API
      - 1514:1514/tcp   # Syslog
      - 1514:1514/udp   # Syslog
      - 5555:5555/tcp   # RAW
      - 5555:5555/udp   # RAW
      - 12201:12201/tcp # GELF
      - 12201:12201/udp # GELF
      - 5044:5044/tcp   # Beats`
2

In case anyone else runs into this issue. My problem was due to the fact that my graylog server isn’t connected to the Internet and the Telemetry wasn’t able to talk to Graylog servers. If you disable Telemetry in the Docker Compose file, it will work. Ugh.

GRAYLOG_TELEMETRY_ENABLED: false
3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.