ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Hostname 074fbaa056fc not verified:
    certificate: sha256/zWp6JC/kWP9z/UUu/fGh3t2PxP6Nad7piMfWQI7Edi4=
    DN: CN=361fcc6804d7
    subjectAltNames: [0:0:0:0:0:0:0:1, 127.0.0.1, 172.19.0.2, localhost, 361fcc6804d7, 0:0:0:0:0:0:0:1].

GRAYLOG_ELASTICSEARCH_HOSTS: "http://elasticsearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"

Linux server 5.15.0-48-generic #54-Ubuntu SMP Fri Aug 26 13:26:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Docker version 20.10.18, build b40c2f6
Docker Compose version v2.11.2

docker-compose version 1.29.2, build unknown

open-core-graylog-1 | 2022-06-08 11:23:16,720 INFO : org.graylog2.bootstrap.preflight.MongoDBPreflightCheck - Connected to MongoDB version 5.0.9
open-core-graylog-1 | 2022-06-08 11:23:16,950 INFO : org.graylog2.bootstrap.preflight.SearchDbPreflightCheck - Connected to (Elastic/Open)Search version <Elasticsearch:7.10.2>
open-core-graylog-1 | Exception in thread "main" java.lang.ArithmeticException: / by zero
open-core-graylog-1 |   at org.graylog2.shared.system.stats.fs.OshiFsProbe.lambda$fsStats$11(OshiFsProbe.java:116)
open-core-graylog-1 |   at java.util.stream.Collectors.lambda$toMap$58(Collectors.java:1321)
open-core-graylog-1 |   at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
open-core-graylog-1 |   at java.util.stream.ReferencePipeline$11$1.accept(ReferencePipeline.java:440)
open-core-graylog-1 |   at java.util.HashMap$EntrySpliterator.forEachRemaining(HashMap.java:1723)
open-core-graylog-1 |   at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
open-core-graylog-1 |   at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
open-core-graylog-1 |   at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
open-core-graylog-1 |   at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
open-core-graylog-1 |   at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
open-core-graylog-1 |   at org.graylog2.shared.system.stats.fs.OshiFsProbe.fsStats(OshiFsProbe.java:106)
open-core-graylog-1 |   at org.graylog2.bootstrap.preflight.DiskJournalPreflightCheck.checkJournalDirSizeAndType(DiskJournalPreflightCheck.java:67)
open-core-graylog-1 |   at org.graylog2.bootstrap.preflight.DiskJournalPreflightCheck.runCheck(DiskJournalPreflightCheck.java:62)
open-core-graylog-1 |   at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:422)
open-core-graylog-1 |   at org.graylog2.bootstrap.preflight.PreflightCheckService.runChecks(PreflightCheckService.java:51)
open-core-graylog-1 |   at org.graylog2.bootstrap.ServerBootstrap.runPreFlightChecks(ServerBootstrap.java:135)
open-core-graylog-1 |   at org.graylog2.bootstrap.ServerBootstrap.beforeInjectorCreation(ServerBootstrap.java:126)
open-core-graylog-1 |   at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:292)
open-core-graylog-1 |   at org.graylog2.bootstrap.Main.main(Main.java:45)
open-core-graylog-1 exited with code 1

# Image versions of the containers have to be manually edited once a new version is available

version: '3.7'
services:

  mongo:
    image: mongo:6.0.3
    volumes:
      - mongo_data:/data/db
    networks:
      - graylog
    restart: always

  opensearch:
    image: opensearchproject/opensearch:2.3.0

     # Stores OpenSearch data in this directory/path. Comes in handy when updating OpenSearch, so that data is retained.
    volumes:
      - es_data:/usr/share/opensearch/data
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx1g" # `Xms` specifies the initial memory allocation pool. `Xmx` specifies the maximum allocation pool for the Java Virtual Machine (JVM). "m" and "g" obviously stand for MB and GB.
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
      - "hostname:opensearch"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      - graylog
    restart: always

  graylog:
    image: graylog/graylog:5.0.0
    volumes:
      - graylog_data:/usr/share/graylog/data # Stores Graylog data in this directory/path. Comes in handy when updating Graylog, so that data is retained.
    environment:
      - GRAYLOG_PASSWORD_SECRET=<bla>

      - GRAYLOG_ROOT_PASSWORD_SHA2=<bla> # You can generate the SHA256-hash of your password with `echo -n <password> | sha256sum`

      - GRAYLOG_HTTP_EXTERNAL_URI=<bla> # You can change the IP-address to 127.0.0.1 if you want to run it locally, and any external IP-address if you want to run it on a server.

      - GRAYLOG_ELASTICSEARCH_HOSTS=http://opensearch:9200
    # Sets the correct timezone within Graylog
      - TZ=Europe/Amsterdam
      - GRAYLOG_TIMEZONE=Europe/Amsterdam
      - GRAYLOG_ROOT_TIMEZONE=Europe/Amsterdam
    entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 --  /docker-entrypoint.sh
    networks:
      - graylog
    ports:
    - 9200:9200/tcp

    # Links MongoDB with OpenSearch.
    links:
      - mongo:mongodb
      - opensearch
    restart: always

    #Doesn't work without MongoDB and OpenSearch.
    depends_on:
      - mongo
      - opensearch
    ports:
      - 5044:5044/udp       # Beats UDP
      - 5044:5044/tcp       # Beats TCP
      - 9000:9000           # Graylog web interface and REST API
      - 1514:1514/udp       # Syslog UDP
      - 5555:5555/tcp       # Raw/Plaintext TCP input
networks:
    graylog:
      driver: bridge

# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local

app-graylog-1   | 2024-01-11 06:10:48,418 INFO : org.graylog2.security.CustomCAX509TrustManager - CA changed, refreshing trust manager
app-graylog-1   | 2024-01-11 06:10:48,423 INFO : org.graylog2.security.CustomCAX509TrustManager - CA changed, refreshing trust manager
app-datanode-1  | 2024-01-11T06:10:48.606Z INFO  [CustomCAX509TrustManager] CA changed, refreshing trust manager
app-datanode-1  | 2024-01-11T06:10:48.618Z INFO  [CustomCAX509TrustManager] CA changed, refreshing trust manager
app-datanode-1  | 2024-01-11T06:11:03.103Z INFO  [DataNodeConfigurationPeriodical] created CSR for this node
app-graylog-1   | 2024-01-11 06:11:06,289 INFO : org.graylog2.bootstrap.preflight.GraylogCertificateProvisioningPeriodical - Starting connectivity check with node 6d419d0b-1572-4e16-8135-f84b63b7be5e, silencing error messages for 60 seconds.
app-datanode-1  | 2024-01-11T06:11:06.609Z INFO  [OpensearchSecurityConfiguration] Opensearch transport certificate has following alternative names: localhost, 127.0.0.1, 0:0:0:0:0:0:0:1, datanode, 0:0:0:0:0:0:0:1, 172.21.0.2
app-datanode-1  | 2024-01-11T06:11:06.657Z INFO  [OpensearchSecurityConfiguration] Opensearch HTTP certificate has following alternative names: localhost, 127.0.0.1, 0:0:0:0:0:0:0:1, datanode, 0:0:0:0:0:0:0:1, 172.21.0.2
app-datanode-1  | 2024-01-11T06:11:06.763Z INFO  [TruststoreCreator] Adding certificate transport-chain-CA-root to the truststore
app-datanode-1  | 2024-01-11T06:11:06.770Z INFO  [TruststoreCreator] Adding certificate http-chain-CA-root to the truststore
app-datanode-1  | 2024-01-11T06:11:07.232Z INFO  [CommandLineProcess] Running process from /usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64/bin/opensearch
app-datanode-1  | 2024-01-11T06:11:08.538Z INFO  [JerseyService] Server configuration changed, restarting Data node REST API to apply security changes
app-datanode-1  | 2024-01-11T06:11:08.540Z INFO  [JerseyService] Shutting down HTTP listener at <0.0.0.0:8999>
app-datanode-1  | 2024-01-11T06:11:08.606Z INFO  [NetworkListener] Stopped listener bound to [0.0.0.0:8999]
app-datanode-1  | 2024-01-11T06:11:10.187Z INFO  [NetworkListener] Started listener bound to [0.0.0.0:8999]
app-datanode-1  | 2024-01-11T06:11:10.199Z INFO  [HttpServer] [HttpServer-1] Started.
app-datanode-1  | 2024-01-11T06:11:10.202Z INFO  [JerseyService] Started REST API at <0.0.0.0:8999>
app-datanode-1  | 2024-01-11T06:11:10.370Z WARN  [OpensearchNodeHeartbeat] Opensearch REST api of process 90 unavailable. Cause: Connection refused
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:18.697+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.4:55862","uuid":"bec002f7-fe6d-46ba-a783-e66abf62abbc","connectionId":17,"connectionCount":11}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:18.702+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn17","msg":"client metadata","attr":{"remote":"172.21.0.4:55862","client":"conn17","doc":{"driver":{"name":"mongo-java-driver|legacy","version":"4.8.1"},"os":{"type":"Linux","name":"Linux","architecture":"amd64","version":"5.15.0-91-generic"},"platform":"Java/Eclipse Adoptium/17.0.9+9"}}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:18.727+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.4:55876","uuid":"e7157785-0afe-441a-850f-35e059f49486","connectionId":18,"connectionCount":12}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:18.738+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn18","msg":"client metadata","attr":{"remote":"172.21.0.4:55876","client":"conn18","doc":{"driver":{"name":"mongo-java-driver|legacy","version":"4.8.1"},"os":{"type":"Linux","name":"Linux","architecture":"amd64","version":"5.15.0-91-generic"},"platform":"Java/Eclipse Adoptium/17.0.9+9"}}}
app-datanode-1  | 2024-01-11T06:11:18.939Z WARN  [OpensearchProcessImpl] Opensearch process failed
app-datanode-1  | org.apache.commons.exec.ExecuteException: Process exited with an error: 137 (Exit value: 137)
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.access$200(DefaultExecutor.java:48) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor$1.run(DefaultExecutor.java:200) [commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at java.lang.Thread.run(Unknown Source) [?:?]
app-datanode-1  | 2024-01-11T06:11:19.040Z INFO  [ProcessWatchdog] Detected terminated process, restarting. Attempt #1
app-datanode-1  | 2024-01-11T06:11:21.829Z INFO  [CommandLineProcess] Running process from /usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64/bin/opensearch
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:22.564+00:00"},"s":"I",  "c":"STORAGE",  "id":22430,   "ctx":"Checkpointer","msg":"WiredTiger message","attr":{"message":"[1704953482:564704][1:0x7fb86738a700], WT_SESSION.checkpoint: [WT_VERB_CHECKPOINT_PROGRESS] saving checkpoint snapshot min: 212, snapshot max: 212 snapshot count: 0, oldest timestamp: (0, 0) , meta checkpoint timestamp: (0, 0) base write gen: 1"}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:29.683+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"conn9","msg":"Slow query","attr":{"type":"command","ns":"graylog.cluster_events","command":{"find":"cluster_events","filter":{"consumers":{"$nin":["6d419d0b-1572-4e16-8135-f84b63b7be5e"]}},"sort":{"timestamp":1},"$db":"graylog","lsid":{"id":{"$uuid":"ab0775c9-4402-4a03-bef5-cc40966fe0cb"}}},"planSummary":"IXSCAN { timestamp: 1, producer: 1, consumers: 1 }","keysExamined":4,"docsExamined":2,"cursorExhausted":true,"numYields":1,"nreturned":0,"queryHash":"73F90509","planCacheKey":"918C06AD","reslen":111,"locks":{"FeatureCompatibilityVersion":{"acquireCount":{"r":2}},"Global":{"acquireCount":{"r":2}},"Mutex":{"acquireCount":{"r":1}}},"storage":{},"remote":"172.21.0.2:36678","protocol":"op_msg","durationMillis":103}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:29.683+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"conn18","msg":"Slow query","attr":{"type":"command","ns":"graylog.cluster_events","command":{"find":"cluster_events","filter":{"consumers":{"$nin":["347e3919-7eaa-4e3d-8179-e750d141812b"]}},"sort":{"timestamp":1},"$db":"graylog","lsid":{"id":{"$uuid":"42961960-0d35-4263-8868-9a198299440b"}}},"planSummary":"IXSCAN { timestamp: 1, producer: 1, consumers: 1 }","keysExamined":4,"docsExamined":2,"cursorExhausted":true,"numYields":1,"nreturned":0,"queryHash":"73F90509","planCacheKey":"918C06AD","reslen":111,"locks":{"FeatureCompatibilityVersion":{"acquireCount":{"r":2}},"Global":{"acquireCount":{"r":2}},"Mutex":{"acquireCount":{"r":1}}},"storage":{},"remote":"172.21.0.4:55876","protocol":"op_msg","durationMillis":106}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:29.683+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"conn15","msg":"Slow query","attr":{"type":"command","ns":"graylog.datanode_provisioning_config","command":{"find":"datanode_provisioning_config","filter":{"node_id":"6d419d0b-1572-4e16-8135-f84b63b7be5e"},"$db":"graylog","lsid":{"id":{"$uuid":"930baead-12da-4dfd-a299-5e50f5d7b283"}}},"planSummary":"IXSCAN { node_id: 1 }","keysExamined":1,"docsExamined":1,"cursorExhausted":true,"numYields":1,"nreturned":1,"queryHash":"5DE65DA6","planCacheKey":"752E0E7C","reslen":3329,"locks":{"FeatureCompatibilityVersion":{"acquireCount":{"r":2}},"Global":{"acquireCount":{"r":2}},"Mutex":{"acquireCount":{"r":1}}},"storage":{},"remote":"172.21.0.2:52574","protocol":"op_msg","durationMillis":107}}
app-datanode-1  | 2024-01-11T06:11:29.748Z WARN  [OpensearchNodeHeartbeat] Opensearch REST api of process 239 unavailable. Cause: Connection refused
app-datanode-1  | 2024-01-11T06:11:29.896Z WARN  [OpensearchProcessImpl] Opensearch process failed
app-datanode-1  | org.apache.commons.exec.ExecuteException: Process exited with an error: 137 (Exit value: 137)
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.access$200(DefaultExecutor.java:48) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor$1.run(DefaultExecutor.java:200) [commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at java.lang.Thread.run(Unknown Source) [?:?]
app-datanode-1  | 2024-01-11T06:11:29.900Z INFO  [ProcessWatchdog] Detected terminated process, restarting. Attempt #2
app-datanode-1  | 2024-01-11T06:11:30.033Z INFO  [CommandLineProcess] Running process from /usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64/bin/opensearch
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:40.320+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.4:58522","uuid":"e18fe400-75c0-44ac-8fdf-2032d833c771","connectionId":19,"connectionCount":13}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:40.349+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn19","msg":"client metadata","attr":{"remote":"172.21.0.4:58522","client":"conn19","doc":{"driver":{"name":"mongo-java-driver|legacy","version":"4.8.1"},"os":{"type":"Linux","name":"Linux","architecture":"amd64","version":"5.15.0-91-generic"},"platform":"Java/Eclipse Adoptium/17.0.9+9"}}}
app-datanode-1  | 2024-01-11T06:11:40.375Z WARN  [OpensearchNodeHeartbeat] Opensearch REST api of process 385 unavailable. Cause: Connection refused
app-datanode-1  | 2024-01-11T06:11:40.583Z WARN  [OpensearchProcessImpl] Opensearch process failed
app-datanode-1  | org.apache.commons.exec.ExecuteException: Process exited with an error: 137 (Exit value: 137)
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.access$200(DefaultExecutor.java:48) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor$1.run(DefaultExecutor.java:200) [commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at java.lang.Thread.run(Unknown Source) [?:?]
app-datanode-1  | 2024-01-11T06:11:40.586Z INFO  [ProcessWatchdog] Detected terminated process, restarting. Attempt #3
app-datanode-1  | 2024-01-11T06:11:40.721Z INFO  [CommandLineProcess] Running process from /usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64/bin/opensearch
app-datanode-1  | 2024-01-11T06:11:50.439Z WARN  [OpensearchNodeHeartbeat] Opensearch REST api of process 531 unavailable. Cause: Connection refused
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:50.560+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"conn12","msg":"Slow query","attr":{"type":"command","ns":"graylog.cluster_events","command":{"find":"cluster_events","filter":{"consumers":{"$nin":["347e3919-7eaa-4e3d-8179-e750d141812b"]}},"sort":{"timestamp":1},"$db":"graylog","lsid":{"id":{"$uuid":"653be3cf-9b76-4aa6-bd8b-e1970bef9452"}}},"planSummary":"IXSCAN { timestamp: 1, producer: 1, consumers: 1 }","keysExamined":4,"docsExamined":2,"cursorExhausted":true,"numYields":0,"nreturned":0,"queryHash":"73F90509","planCacheKey":"918C06AD","reslen":111,"locks":{"FeatureCompatibilityVersion":{"acquireCount":{"r":1}},"Global":{"acquireCount":{"r":1}},"Mutex":{"acquireCount":{"r":1}}},"storage":{},"remote":"172.21.0.4:40220","protocol":"op_msg","durationMillis":3379}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:50.587+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.4:46544","uuid":"948d7e68-8a7d-4432-bf93-685b205503a3","connectionId":20,"connectionCount":14}}
app-mongodb-1   | {"t":{"$date":"2024-01-11T06:11:50.598+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn20","msg":"client metadata","attr":{"remote":"172.21.0.4:46544","client":"conn20","doc":{"driver":{"name":"mongo-java-driver|legacy","version":"4.8.1"},"os":{"type":"Linux","name":"Linux","architecture":"amd64","version":"5.15.0-91-generic"},"platform":"Java/Eclipse Adoptium/17.0.9+9"}}}
app-datanode-1  | 2024-01-11T06:11:50.703Z WARN  [OpensearchProcessImpl] Opensearch process failed
app-datanode-1  | org.apache.commons.exec.ExecuteException: Process exited with an error: 137 (Exit value: 137)
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor.access$200(DefaultExecutor.java:48) ~[commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at org.apache.commons.exec.DefaultExecutor$1.run(DefaultExecutor.java:200) [commons-exec-1.3.jar:1.3]
app-datanode-1  | 	at java.lang.Thread.run(Unknown Source) [?:?]
app-datanode-1  | 2024-01-11T06:11:50.711Z WARN  [ProcessWatchdog] Process watchdog terminated after too many restart attempts

Killing performance analyzer process 102
./opensearch-docker-entrypoint.sh: line 116:   101 Killed                  "$@" "${opensearch_opts[@]}"
OpenSearch exited with code 137
Performance analyzer exited with code 143

image: mongo:3
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
image: graylog/graylog:3.1

2023-11-30T09:44:16.283Z INFO  [Version] HV000001: Hibernate Validator 6.2.5.Final
2023-11-30T09:44:16.713Z INFO  [NetworkListener] Started listener bound to [0.0.0.0:8999]
2023-11-30T09:44:16.715Z INFO  [HttpServer] [HttpServer] Started.
2023-11-30T09:44:16.716Z INFO  [JerseyService] Started REST API at <0.0.0.0:8999>
2023-11-30T09:49:04.468Z INFO  [CustomCAX509TrustManager] CA changed, refreshing trust manager
2023-11-30T09:49:04.469Z INFO  [CustomCAX509TrustManager] CA changed, refreshing trust manager

GRAYLOG_PASSWORD_SECRET="8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92"
GRAYLOG_ROOT_PASSWORD_SHA2="5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"    # raw password = 123456

2024-01-24T21:19:23.763Z ERROR [CustomCAX509TrustManager] Could not add Graylog CA to TrustManagers: Failed to load keystore from Mongo collection for node GRAYLOG CA
org.graylog.security.certutil.ca.exceptions.KeyStoreStorageException: Failed to load keystore from Mongo collection for node GRAYLOG CA
        at org.graylog.security.certutil.keystore.storage.KeystoreMongoStorage.readKeyStore(KeystoreMongoStorage.java:72) ~[graylog2-server-5.2.3.jar:?]
        at org.graylog.security.certutil.keystore.storage.SmartKeystoreStorage.readKeyStore(SmartKeystoreStorage.java:57) ~[graylog2-server-5.2.3.jar:?]
        at org.graylog.security.certutil.CaServiceImpl.loadKeyStore(CaServiceImpl.java:152) ~[graylog2-server-5.2.3.jar:?]
        at org.graylog2.security.CustomCAX509TrustManager.refresh(CustomCAX509TrustManager.java:62) [graylog2-server-5.2.3.jar:?]
        at org.graylog2.security.CustomCAX509TrustManager.<init>(CustomCAX509TrustManager.java:49) [graylog2-server-5.2.3.jar:?]
        at org.graylog2.security.CustomCAX509TrustManager$$FastClassByGuice$$da1d85.GUICE$TRAMPOLINE(<generated>) [?:?]
        at org.graylog2.security.CustomCAX509TrustManager$$FastClassByGuice$$da1d85.apply(<generated>) [?:?]
        at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:82) [guice-6.0.0.jar:?]
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114) [guice-6.0.0.jar:?]
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) [guice-6.0.0.jar:?]
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300) [guice-6.0.0.jar:?]
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:60) [guice-6.0.0.jar:?]
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) [guice-6.0.0.jar:?]
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169) [guice-6.0.0.jar:?]
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45) [guice-6.0.0.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213) [guice-6.0.0.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:186) [guice-6.0.0.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:113) [guice-6.0.0.jar:?]
        at com.google.inject.Guice.createInjector(Guice.java:87) [guice-6.0.0.jar:?]
        at org.graylog2.shared.bindings.GuiceInjectorHolder.createInjector(GuiceInjectorHolder.java:34) [graylog2-server-5.2.3.jar:?]
        at org.graylog.datanode.bootstrap.CmdLineTool.setupInjector(CmdLineTool.java:441) [graylog-datanode.jar:?]
        at org.graylog.datanode.bootstrap.CmdLineTool.doRun(CmdLineTool.java:288) [graylog-datanode.jar:?]
        at org.graylog.datanode.bootstrap.CmdLineTool.run(CmdLineTool.java:244) [graylog-datanode.jar:?]
        at org.graylog.datanode.bootstrap.Main.main(Main.java:57) [graylog-datanode.jar:?]
Caused by: java.lang.IllegalArgumentException: Illegal base64 character 3f
        at java.util.Base64$Decoder.decode0(Unknown Source) ~[?:?]
        at java.util.Base64$Decoder.decode(Unknown Source) ~[?:?]
        at java.util.Base64$Decoder.decode(Unknown Source) ~[?:?]
        at org.graylog.security.certutil.keystore.storage.KeystoreMongoStorage.readKeyStore(KeystoreMongoStorage.java:67) ~[graylog2-server-5.2.3.jar:?]
        ... 23 more

volumes:
  - "graylog_data:/usr/share/graylog/data/data"
  - "graylog_journal:/usr/share/graylog/data/journal"

volumes:
      - ./data/graylog_data/:/usr/share/graylog/data/data
      - ./data/graylog_journal/:/usr/share/graylog/data/journal

2023-11-15T19:16:38.201Z WARN  [OpensearchProcessImpl] WARNING: System::setSecurityManager will be removed in a future release
2023-11-15T19:16:39.376Z WARN  [OpensearchNodeHeartbeat] Opensearch REST api of process 1058 unavailable. Cause: Connection refused
2023-11-15T19:16:39.813Z WARN  [OpensearchProcessImpl] WARNING: A terminally deprecated method in java.lang.System has been called
2023-11-15T19:16:39.813Z WARN  [OpensearchProcessImpl] WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64/lib/opensearch-2.10.0.jar)
2023-11-15T19:16:39.814Z WARN  [OpensearchProcessImpl] WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
2023-11-15T19:16:39.814Z WARN  [OpensearchProcessImpl] WARNING: System::setSecurityManager will be removed in a future release
2023-11-15T19:16:39.844Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:39,840][INFO ][o.o.n.Node               ] [0eace0b2164c] version[2.10.0], pid[1058], build[tar/eee49cb340edc6c4d489bcd9324dda571fc8dc03/2023-09-20T23:54:29.889267151Z], OS[Linux/6.1.8-0-lts/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.8/17.0.8+7]
2023-11-15T19:16:39.846Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:39,845][INFO ][o.o.n.Node               ] [0eace0b2164c] JVM home [/usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64/jdk], using bundled JDK/JRE [true]
2023-11-15T19:16:39.847Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:39,846][INFO ][o.o.n.Node               ] [0eace0b2164c] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-2544192809827378494, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/tmp/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/tmp/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/graylog-datanode/dist/opensearch-2.10.0-linux-x64, -Dopensearch.path.conf=/var/lib/graylog-datanode/opensearch/config/8b2841e7-04e2-4ed2-9216-ed0e4e75f44b/opensearch, -Dopensearch.distribution.type=tar, -Dopensearch.bundled_jdk=true]
2023-11-15T19:16:41.224Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,223][INFO ][o.o.s.s.t.SSLConfig      ] [0eace0b2164c] SSL dual mode is disabled
2023-11-15T19:16:41.224Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,224][INFO ][o.o.s.OpenSearchSecurityPlugin] [0eace0b2164c] OpenSearch Config path is /var/lib/graylog-datanode/opensearch/config/8b2841e7-04e2-4ed2-9216-ed0e4e75f44b/opensearch
2023-11-15T19:16:41.486Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,485][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] JVM supports TLSv1.3
2023-11-15T19:16:41.488Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,488][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] Config directory is /var/lib/graylog-datanode/opensearch/config/8b2841e7-04e2-4ed2-9216-ed0e4e75f44b/opensearch/, from there the key- and truststore files are resolved relatively
2023-11-15T19:16:41.491Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,491][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.transport.keystore_password] has a secure counterpart [plugins.security.ssl.transport.keystore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:41.498Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,497][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.transport.truststore_password] has a secure counterpart [plugins.security.ssl.transport.truststore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:41.651Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,650][WARN ][o.o.s.s.u.SSLCertificateHelper] [0eace0b2164c] Certificate chain for alias datanode contains a root certificate
2023-11-15T19:16:41.846Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,846][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.http.keystore_password] has a secure counterpart [plugins.security.ssl.http.keystore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:41.848Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,847][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] HTTPS client auth mode OPTIONAL
2023-11-15T19:16:41.874Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,874][WARN ][o.o.s.s.u.SSLCertificateHelper] [0eace0b2164c] Certificate chain for alias datanode contains a root certificate
2023-11-15T19:16:41.895Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,894][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.http.truststore_password] has a secure counterpart [plugins.security.ssl.http.truststore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:41.960Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,960][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] TLS Transport Client Provider : JDK
2023-11-15T19:16:41.961Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,960][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] TLS Transport Server Provider : JDK
2023-11-15T19:16:41.961Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,960][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] TLS HTTP Provider             : JDK
2023-11-15T19:16:41.961Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,961][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
2023-11-15T19:16:41.961Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:41,961][INFO ][o.o.s.s.DefaultSecurityKeyStore] [0eace0b2164c] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2]
2023-11-15T19:16:42.194Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,194][INFO ][o.o.s.OpenSearchSecurityPlugin] [0eace0b2164c] Clustername: datanode-cluster
2023-11-15T19:16:42.589Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,589][INFO ][o.o.i.r.ReindexPlugin    ] [0eace0b2164c] ReindexPlugin reloadSPI called
2023-11-15T19:16:42.590Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,590][INFO ][o.o.i.r.ReindexPlugin    ] [0eace0b2164c] Unable to find any implementation for RemoteReindexExtension
2023-11-15T19:16:42.603Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,603][INFO ][o.o.j.JobSchedulerPlugin ] [0eace0b2164c] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
2023-11-15T19:16:42.607Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,607][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [aggs-matrix-stats]
2023-11-15T19:16:42.607Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,607][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [analysis-common]
2023-11-15T19:16:42.608Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,607][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [geo]
2023-11-15T19:16:42.608Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,607][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [ingest-common]
2023-11-15T19:16:42.608Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,608][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [ingest-geoip]
2023-11-15T19:16:42.609Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,608][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [ingest-user-agent]
2023-11-15T19:16:42.609Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,608][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [lang-expression]
2023-11-15T19:16:42.609Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,608][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [lang-mustache]
2023-11-15T19:16:42.610Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,609][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [lang-painless]
2023-11-15T19:16:42.610Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,609][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [mapper-extras]
2023-11-15T19:16:42.611Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,609][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [opensearch-dashboards]
2023-11-15T19:16:42.611Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,610][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [parent-join]
2023-11-15T19:16:42.612Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,610][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [percolator]
2023-11-15T19:16:42.612Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,610][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [rank-eval]
2023-11-15T19:16:42.614Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,610][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [reindex]
2023-11-15T19:16:42.616Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,610][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [repository-url]
2023-11-15T19:16:42.616Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,611][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [search-pipeline-common]
2023-11-15T19:16:42.617Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,611][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [systemd]
2023-11-15T19:16:42.617Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,611][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded module [transport-netty4]
2023-11-15T19:16:42.618Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,612][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-anomaly-detection]
2023-11-15T19:16:42.618Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,612][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-asynchronous-search]
2023-11-15T19:16:42.619Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,612][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-cross-cluster-replication]
2023-11-15T19:16:42.619Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,613][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-job-scheduler]
2023-11-15T19:16:42.620Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,613][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-ml]
2023-11-15T19:16:42.620Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,613][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-observability]
2023-11-15T19:16:42.621Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,613][INFO ][o.o.p.PluginsService     ] [0eace0b2164c] loaded plugin [opensearch-security]
2023-11-15T19:16:42.633Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,633][INFO ][o.o.s.OpenSearchSecurityPlugin] [0eace0b2164c] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
2023-11-15T19:16:42.637Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,637][INFO ][o.o.e.ExtensionsManager  ] [0eace0b2164c] ExtensionsManager initialized
2023-11-15T19:16:42.662Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,661][INFO ][o.o.e.NodeEnvironment    ] [0eace0b2164c] using [1] data paths, mounts [[/var/lib/graylog-datanode (/dev/sda3)]], net usable_space [16.6gb], net total_space [34.8gb], types [ext4]
2023-11-15T19:16:42.662Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,662][INFO ][o.o.e.NodeEnvironment    ] [0eace0b2164c] heap size [1gb], compressed ordinary object pointers [true]
2023-11-15T19:16:42.749Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:42,749][INFO ][o.o.n.Node               ] [0eace0b2164c] node name [0eace0b2164c], node ID [SC2tH7MHTI2OruF6dRHXZg], cluster name [datanode-cluster], roles [ingest, remote_cluster_client, data, cluster_manager]
2023-11-15T19:16:45.261Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:45,260][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.http.truststore_password] has a secure counterpart [plugins.security.ssl.http.truststore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:45.262Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:45,262][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.transport.truststore_password] has a secure counterpart [plugins.security.ssl.transport.truststore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:45.266Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:45,266][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.http.keystore_password] has a secure counterpart [plugins.security.ssl.http.keystore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:45.267Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:45,266][WARN ][o.o.s.s.SecureSSLSettings] [0eace0b2164c] Setting [plugins.security.ssl.transport.keystore_password] has a secure counterpart [plugins.security.ssl.transport.keystore_password_secure] which should be used instead - allowing for legacy SSL setups
2023-11-15T19:16:46.631Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:46,630][WARN ][o.o.s.c.Salt             ] [0eace0b2164c] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
2023-11-15T19:16:46.695Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:46,694][ERROR][o.o.s.a.s.SinkProvider   ] [0eace0b2164c] Default endpoint could not be created, auditlog will not work properly.
2023-11-15T19:16:46.697Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:46,697][WARN ][o.o.s.a.r.AuditMessageRouter] [0eace0b2164c] No default storage available, audit log may not work properly. Please check configuration.
2023-11-15T19:16:46.697Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:46,697][INFO ][o.o.s.a.i.AuditLogImpl   ] [0eace0b2164c] Message routing enabled: false
2023-11-15T19:16:46.762Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:46,762][INFO ][o.o.s.f.SecurityFilter   ] [0eace0b2164c] <NONE> indices are made immutable.
2023-11-15T19:16:47.058Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:47,052][INFO ][o.o.m.b.MLCircuitBreakerService] [0eace0b2164c] Registered ML memory breaker.
2023-11-15T19:16:47.059Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:47,053][INFO ][o.o.m.b.MLCircuitBreakerService] [0eace0b2164c] Registered ML disk breaker.
2023-11-15T19:16:47.059Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:47,053][INFO ][o.o.m.b.MLCircuitBreakerService] [0eace0b2164c] Registered ML native memory breaker.
2023-11-15T19:16:47.197Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:47,197][INFO ][o.r.Reflections          ] [0eace0b2164c] Reflections took 57 ms to scan 1 urls, producing 17 keys and 43 values 
2023-11-15T19:16:47.578Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:47,578][INFO ][o.o.a.b.ADCircuitBreakerService] [0eace0b2164c] Registered memory breaker.
2023-11-15T19:16:48.348Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:48,348][INFO ][o.o.t.NettyAllocator     ] [0eace0b2164c] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}]
2023-11-15T19:16:48.596Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:48,595][INFO ][o.o.d.DiscoveryModule    ] [0eace0b2164c] using discovery type [zen] and seed hosts providers [settings, file]
2023-11-15T19:16:49.079Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,078][WARN ][o.o.g.DanglingIndicesState] [0eace0b2164c] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
2023-11-15T19:16:49.375Z WARN  [OpensearchNodeHeartbeat] Opensearch REST api of process 1058 unavailable. Cause: Connection refused
2023-11-15T19:16:49.605Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,605][INFO ][o.o.n.Node               ] [0eace0b2164c] initialized
2023-11-15T19:16:49.606Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,605][INFO ][o.o.n.Node               ] [0eace0b2164c] starting ...
2023-11-15T19:16:49.742Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,742][INFO ][o.o.t.TransportService   ] [0eace0b2164c] publish_address {192.168.144.3:9300}, bound_addresses {0.0.0.0:9300}
2023-11-15T19:16:49.745Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,744][INFO ][o.o.t.TransportService   ] [0eace0b2164c] Remote clusters initialized successfully.
2023-11-15T19:16:49.915Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,915][INFO ][o.o.b.BootstrapChecks    ] [0eace0b2164c] bound or publishing to a non-loopback address, enforcing bootstrap checks
2023-11-15T19:16:49.927Z WARN  [OpensearchProcessImpl] ERROR: [1] bootstrap checks failed
2023-11-15T19:16:49.928Z WARN  [OpensearchProcessImpl] [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
2023-11-15T19:16:49.928Z WARN  [OpensearchProcessImpl] ERROR: OpenSearch did not exit normally - check the logs at /var/lib/graylog-datanode/opensearch/logs/8b2841e7-04e2-4ed2-9216-ed0e4e75f44b/datanode-cluster.log
2023-11-15T19:16:49.933Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,931][INFO ][o.o.n.Node               ] [0eace0b2164c] stopping ...
2023-11-15T19:16:49.935Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,934][INFO ][o.o.s.a.r.AuditMessageRouter] [0eace0b2164c] Closing AuditMessageRouter
2023-11-15T19:16:49.936Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,935][INFO ][o.o.s.a.s.SinkProvider   ] [0eace0b2164c] Closing DebugSink
2023-11-15T19:16:49.947Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,947][INFO ][o.o.n.Node               ] [0eace0b2164c] stopped
2023-11-15T19:16:49.948Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,947][INFO ][o.o.n.Node               ] [0eace0b2164c] closing ...
2023-11-15T19:16:49.963Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,963][INFO ][o.o.s.a.i.AuditLogImpl   ] [0eace0b2164c] Closing AuditLogImpl
2023-11-15T19:16:49.970Z INFO  [OpensearchProcessImpl] [2023-11-15T19:16:49,969][INFO ][o.o.n.Node               ] [0eace0b2164c] closed
2023-11-15T19:16:50.160Z WARN  [OpensearchProcessImpl] Opensearch process failed
org.apache.commons.exec.ExecuteException: Process exited with an error: 78 (Exit value: 78)
	at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:404) ~[commons-exec-1.3.jar:1.3]
	at org.apache.commons.exec.DefaultExecutor.access$200(DefaultExecutor.java:48) ~[commons-exec-1.3.jar:1.3]
	at org.apache.commons.exec.DefaultExecutor$1.run(DefaultExecutor.java:200) [commons-exec-1.3.jar:1.3]
	at java.lang.Thread.run(Unknown Source) [?:?]
2023-11-15T19:16:50.162Z WARN  [ProcessWatchdog] Process watchdog terminated after too many restart attempts

2024-01-04 08:21:11,276 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Failed to connect to /127.0.0.1:9200. - Connection refused.
2024-01-04 08:21:11,277 INFO : org.graylog2.storage.versionprobe.VersionProbe - OpenSearch/Elasticsearch is not available. Retry #42

2023-12-18 10:46:57,642 INFO : org.graylog2.security.CustomCAX509TrustManager - CA changed, refreshing trust manager
2023-12-18 10:47:07,766 INFO : org.graylog2.bootstrap.preflight.PreflightJerseyService - Shutting down HTTP listener at <0.0.0.0:9000>
2023-12-18 10:47:07,773 INFO : org.graylog2.periodical.Periodicals - Shutting down periodical [org.graylog2.bootstrap.preflight.GraylogCertificateProvisioningPeriodical].
2023-12-18 10:47:07,776 INFO : org.graylog2.periodical.Periodicals - Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
2023-12-18 10:47:07,776 INFO : org.graylog2.periodical.Periodicals - Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
2023-12-18 10:47:07,788 INFO : org.glassfish.grizzly.http.server.NetworkListener - Stopped listener bound to [0.0.0.0:9000]
2023-12-18 10:47:08,177 INFO : org.graylog2.configuration.IndexerDiscoveryProvider - No indexer hosts configured, using fallback http://127.0.0.1:9200
2023-12-18 10:47:08,242 INFO : org.graylog2.plugin.system.FilePersistedNodeIdProvider - Node ID: 84a7a984-ff52-4d7f-b8ea-6428e00f7fe4
2023-12-18 10:47:08,420 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Failed to connect to /127.0.0.1:9200. - Connection refused.

2023-02-06 07:05:28,363 INFO : org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out
2023-02-06 07:05:38,358 INFO : org.mongodb.driver.cluster - Exception in monitor thread while connecting to server mongodb:27017
com.mongodb.MongoSocketOpenException: Exception opening socket
        at com.mongodb.internal.connection.SocketStream.open(SocketStream.java:70) ~[graylog.jar:?]
        at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:180) ~[graylog.jar:?]
        at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.lookupServerDescription(DefaultServerMonitor.java:193) [graylog.jar:?]
        at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:157) [graylog.jar:?]
        at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: java.net.SocketTimeoutException: Connect timed out
        at sun.nio.ch.NioSocketImpl.timedFinishConnect(Unknown Source) ~[?:?]
        at sun.nio.ch.NioSocketImpl.connect(Unknown Source) ~[?:?]
        at java.net.SocksSocketImpl.connect(Unknown Source) ~[?:?]
        at java.net.Socket.connect(Unknown Source) ~[?:?]
        at com.mongodb.internal.connection.SocketStreamHelper.initialize(SocketStreamHelper.java:107) ~[graylog.jar:?]
        at com.mongodb.internal.connection.SocketStream.initializeSocket(SocketStream.java:79) ~[graylog.jar:?]
        at com.mongodb.internal.connection.SocketStream.open(SocketStream.java:65) ~[graylog.jar:?]
        ... 4 more
2023-02-06 07:05:58,363 INFO : org.graylog2.bootstrap.preflight.MongoDBPreflightCheck - MongoDB is not available. Retry #1
2023-02-06 07:06:00,364 INFO : org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out
2023-02-06 07:06:30,364 INFO : org.graylog2.bootstrap.preflight.MongoDBPreflightCheck - MongoDB is not available. Retry #2
2023-02-06 07:06:32,365 INFO : org.mongodb.driver.cluster - Cluster description not yet available. Waiting for 30000 ms before timing out

GRAYLOG_TRANSPORT_EMAIL_PROTOCOL="smtp"
GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL="https://192.168.1.1/"
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME="smtp.example.com"
GRAYLOG_TRANSPORT_EMAIL_ENABLED="true"
GRAYLOG_TRANSPORT_EMAIL_PORT="587"
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH="true"
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME="[email protected]"
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD="password"
GRAYLOG_TRANSPORT_EMAIL_USE_TLS="true"
GRAYLOG_TRANSPORT_EMAIL_USE_SSL="false"
GRAYLOG_TRANSPORT_FROM_EMAIL="[email protected]"
GRAYLOG_TRANSPORT_SUBJECT_PREFIX="[Graylog-1]"

version: "3.8"

services:
  mongodb:
    image: "mongo:5.0"
    volumes:
      - "mongodb_data:/data/db"
    restart: "always"

  datanode:
    image: "${DATANODE_IMAGE:-graylog/graylog-datanode:5.2}"
    hostname: "247a89a3e074"
    environment:
      GRAYLOG_HOSTNAME: "247a89a3e074"
      GRAYLOG_DATANODE_NODE_ID_FILE: "/var/lib/graylog-datanode/node-id"
      GRAYLOG_DATANODE_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
      GRAYLOG_DATANODE_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
      GRAYLOG_DATANODE_MONGODB_URI: "mongodb://mongodb:27017/graylog"
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - "127.0.0.1:8999:8999/tcp"   # DataNode API
      - "127.0.0.1:9200:9200/tcp"
      - "127.0.0.1:9300:9300/tcp"
    volumes:
      - "graylog-datanode:/var/lib/graylog-datanode"
    restart: "always"

  graylog:
    hostname: "server"
    image: "${GRAYLOG_IMAGE:-graylog/graylog:5.2}"
    depends_on:
      mongodb:
        condition: "service_started"
    entrypoint: "/usr/bin/tini --  /docker-entrypoint.sh"
    environment:
      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/data/node-id"
      GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
      GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
    ports:
    - "127.0.0.1:5044:5044/tcp"   # Beats
    - "5140:5140/udp"   # Syslog
    - "5140:5140/tcp"   # Syslog
    - "127.0.0.1:5555:5555/tcp"   # RAW TCP
    - "127.0.0.1:5555:5555/udp"   # RAW TCP
    - "127.0.0.1:9000:9000/tcp"   # Server API
    - "127.0.0.1:12201:12201/tcp" # GELF TCP
    - "127.0.0.1:12201:12201/udp" # GELF UDP
    #- "127.0.0.1:10000:10000/tcp" # Custom TCP port
    #- "127.0.0.1:10000:10000/udp" # Custom UDP port
    - "127.0.0.1:13301:13301/tcp" # Forwarder data
    - "127.0.0.1:13302:13302/tcp" # Forwarder config
    - "5141-5199:5141-5199/tcp" # ports for inputs
    - "5141-5199:5141-5199/udp" # ports for inputs
    volumes:
      - "graylog_data:/usr/share/graylog/data/data"
      - "graylog_journal:/usr/share/graylog/data/journal"
    restart: "always"

volumes:
  mongodb_data:
  graylog-datanode:
  graylog_data:
  graylog_journal: