graylog2 / graylog-docker Goto Github PK
View Code? Open in Web Editor NEWOfficial Graylog Docker image
Home Page: https://hub.docker.com/r/graylog/graylog/
License: Apache License 2.0
Official Graylog Docker image
Home Page: https://hub.docker.com/r/graylog/graylog/
License: Apache License 2.0
Hello everyone,
I recently updated my Graylog using the image graylog/graylog:2.5.1-2
. Before, I was using the image graylog2/server:2.4.3-1
.
After the update, the server is running properly but after serveral minutes (2 minutes to be exact), the container is considered as unhealthy. So I tried to debug the health_check.sh
script. All seemed to be ok until I tried to see which value was behind the ${host}
variable in the script.
${host}
was equal to this: 10.7.0.97 10.117.0.105
.
This value is computed with the following: host="$(hostname -i || echo '127.0.0.1')"
.
My conclusion is that the command hostname -i
returns multiple values if the container is attached to multiple networks. In that way, the HEALTHCHECK was always in error, and the container would restart.
I didn't want to create any PR before knowing what solution should be the best for this case. Should the script take the first host found (but maybe it's too ambigous) or always 127.0.0.1
? Actually, I don't see the cases where the real IP is relevant instead of 127.0.0.1
.
Anyway, I'll take your opinion first 🙂
Hi!
I am New to Graylog, got completely lost during initial setup.
I am running Graylog as instructed in the Documentation, using docker-compose.
I am trying to configure inputs that they are all labelled as "not running", If I try to click on start input there is an error on the web UI asking me to check the logs.
However the last log I see related to the input is that it is "RUNNING".
Messages are arriving, extractors are been procesed. Yet all my inputs are labelled as "not running" in red.
is that normal? did I miss something?
With configured GRAYLOG_HTTP_EXTERNAL_URI=http://0.0.0.0:9000/
the healthcheck will fail.
A possible solution would be to parse the IP in the healtheck script and replace 0.0.0.0.0
with 127.0.0.1
Hello!
Since 1.8.0_131 openjdk support UseCGroupMemoryLimitForHeap option, but graylog2/server:2.4.5-1 builded against old java for now.
Please trigger a rebuild docker image to fix it.
P.S.
I found 2 repos:
https://hub.docker.com/u/graylog/
and https://hub.docker.com/u/graylog2/
Whai should i use?
docker-entrypoint.sh has this line:
chown --recursive "${GRAYLOG_USER}":"${GRAYLOG_GROUP}" "${GRAYLOG_HOME}/data"
It fails if I add files under data as read only volumes from the host. If I make them writable (which I don't like anyway) it changes owner and causes other troubles for me.
It would be nice to ignore this error when chown can't change owner. Please consider changing this line to
chown --recursive "${GRAYLOG_USER}":"${GRAYLOG_GROUP}" "${GRAYLOG_HOME}/data" || true
Hi,
I have got docker setup using docker-compose from https://github.com/Graylog2/graylog-docker.
The Graylog server is up and running (web interface). However when I try to post log using following I get "curl: (52) Empty reply from server".
curl -X POST -H 'Content-Type: application/json' -d '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' 'http://localhost:12201/gelf'
Any idea?
Thanks
I just started the docker image, and it didn't connect to my exposed port 9000, and after I checked the logs, I saw the errors.
Environment:
Rancher v1.6.14
Kubernetes
Error Logs:
2/26/2018 2:41:54 AM2018-02-26 07:41:54,041 INFO : org.mongodb.driver.cluster - Exception in monitor thread while connecting to server mongo:27017
2/26/2018 2:41:54 AMcom.mongodb.MongoSocketException: mongo
2/26/2018 2:41:54 AM at com.mongodb.ServerAddress.getSocketAddress(ServerAddress.java:188) ~[graylog.jar:?]
2/26/2018 2:41:54 AM at com.mongodb.connection.SocketStreamHelper.initialize(SocketStreamHelper.java:59) ~[graylog.jar:?]
2/26/2018 2:41:54 AM at com.mongodb.connection.SocketStream.open(SocketStream.java:57) ~[graylog.jar:?]
2/26/2018 2:41:54 AM at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:107) ~[graylog.jar:?]
2/26/2018 2:41:54 AM at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:111) [graylog.jar:?]
2/26/2018 2:41:54 AM at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
2/26/2018 2:41:54 AMCaused by: java.net.UnknownHostException: mongo
2/26/2018 2:41:54 AM at java.net.InetAddress.getAllByName0(InetAddress.java:1280) ~[?:1.8.0_151]
2/26/2018 2:41:54 AM at java.net.InetAddress.getAllByName(InetAddress.java:1192) ~[?:1.8.0_151]
2/26/2018 2:41:54 AM at java.net.InetAddress.getAllByName(InetAddress.java:1126) ~[?:1.8.0_151]
2/26/2018 2:41:54 AM at java.net.InetAddress.getByName(InetAddress.java:1076) ~[?:1.8.0_151]
2/26/2018 2:41:54 AM at com.mongodb.ServerAddress.getSocketAddress(ServerAddress.java:186) ~[graylog.jar:?]
2/26/2018 2:41:54 AM ... 5 more
I've tried to run graylog with docker-compose using the example found in readme.md and got this:
$ docker-compose up
WARNING: Some services (elasticsearch) use the 'deploy' key, which will be ignored. Compose does not support 'deploy' configuration - use `docker stack deploy` to deploy to a swarm.
Starting graylog-docker_elasticsearch_1 ... done
Starting graylog-docker_mongo_1 ... done
Starting graylog-docker_graylog_1 ... done
Attaching to graylog-docker_elasticsearch_1, graylog-docker_mongo_1, graylog-docker_graylog_1
elasticsearch_1 | [2018-10-08T15:48:17,028][INFO ][o.e.n.Node ] [] initializing ...
mongo_1 | error: exec: "/usr/local/bin/docker-entrypoint.sh": stat /usr/local/bin/docker-entrypoint.sh: permission denied
graylog_1 | error: exec: "/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java": stat /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java: permission denied
Mongo and graylog containers fail with permission denied, while elasticsearch boots just fine.
Any hints?
edit: additional information
host: Ubuntu 18.04.1 LTS
docker version: Docker version 18.06.1-ce, build e68fc7a
docker-compose version: docker-compose version 1.21.2, build a133471
Hi,
Could you please consider moving to openjdk:9-jre or openjdk:10-jre for base image.
Should be some nice performance improvements in newer java versions.
hi, I found the latest version of the docker image graylog.conf is still very old.
Is this unsupported? If this is the case, please mark the instructions on the document.
At the moment I am going to build the entire graylog cluster on kubernetes, using mongo3, elasticsearch5.5. However, this latest version of the mirror, there are a lot of variables on the es cluster are not supported. Help me! Thanks
If upgrading from version 2.4.6-1 to 2.5.0-1, the evnironmental variable GRAYLOG_SERVER_JAVA_OPTS is disregarded, not used.
Output for 2.4.6-1, env variable GRAYLOG_SERVER_JAVA_OPTS is used
user@graylog-node-2: docker run -it -e GRAYLOG_SERVER_JAVA_OPTS="-Xms8G -Xmx8G -Djavax.net.ssl.trustStore=/usr/share/graylog/extern-data/security/cacerts.jks" graylog/graylog:2.4.6-1
2018-12-20 11:42:07,457 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 2.4.6 [org.graylog.aws.plugin.AWSPlugin]
2018-12-20 11:42:07,460 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elastic Beats Input 2.4.6 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-12-20 11:42:07,461 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: CEF Input 2.4.6 [org.graylog.plugins.cef.CEFInputPlugin]
2018-12-20 11:42:07,462 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 2.4.6 [org.graylog.plugins.collector.CollectorPlugin]
2018-12-20 11:42:07,463 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Enterprise Integration Plugin 2.4.6 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-12-20 11:42:07,464 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: MapWidgetPlugin 2.4.6 [org.graylog.plugins.map.MapWidgetPlugin]
2018-12-20 11:42:07,465 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: NetFlow Plugin 2.4.6 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-12-20 11:42:07,472 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Pipeline Processor Plugin 2.4.6 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-12-20 11:42:07,473 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 2.4.6 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
===> 2018-12-20 11:42:07,725 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -Xms8G -Xmx8G -Djavax.net.ssl.trustStore=/usr/share/graylog/extern-data/security/cacerts.jks -Dlog4j.configurationFile=/usr/share/graylog/data/config/log4j2.xml -Djava.library.path=/usr/share/graylog/lib/sigar/ -Dgraylog2.installation_source=docker
2018-12-20 11:42:07,957 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator 5.1.3.Final
2018-12-20 11:42:09,945 INFO : org.graylog2.shared.buffers.InputBufferImpl - Message journal is enabled.
<....>
Output for 2.5.0-1, env variable GRAYLOG_SERVER_JAVA_OPTS is not used
user@graylog-node-2: docker run -it -e GRAYLOG_SERVER_JAVA_OPTS="-Xms8G -Xmx8G -Djavax.net.ssl.trustStore=/usr/share/graylog/extern-data/security/cacerts.jks" graylog/graylog:2.5.0-1
2018-12-20 11:49:27,291 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 2.5.0 [org.graylog.aws.plugin.AWSPlugin]
2018-12-20 11:49:27,293 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elastic Beats Input 2.5.0 [org.graylog.plugins.beats.BeatsInputPlugin]
2018-12-20 11:49:27,293 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: CEF Input 2.5.0 [org.graylog.plugins.cef.CEFInputPlugin]
2018-12-20 11:49:27,294 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 2.5.0 [org.graylog.plugins.collector.CollectorPlugin]
2018-12-20 11:49:27,295 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Enterprise Integration Plugin 2.5.0 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2018-12-20 11:49:27,295 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: MapWidgetPlugin 2.5.0 [org.graylog.plugins.map.MapWidgetPlugin]
2018-12-20 11:49:27,296 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: NetFlow Plugin 2.5.0 [org.graylog.plugins.netflow.NetFlowPlugin]
2018-12-20 11:49:27,302 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Pipeline Processor Plugin 2.5.0 [org.graylog.plugins.pipelineprocessor.ProcessorPlugin]
2018-12-20 11:49:27,302 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 2.5.0 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
===> 2018-12-20 11:49:27,584 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=/usr/share/graylog/data/config/log4j2.xml -Djava.library.path=/usr/share/graylog/lib/sigar/ -Dgraylog2.installation_source=docker
2018-12-20 11:49:27,762 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator 5.1.3.Final
2018-12-20 11:49:29,773 INFO : org.graylog2.shared.buffers.InputBufferImpl - Message journal is enabled.
<....>
Hi,
I have set the ENV variable GRAYLOG_MESSAGE_JOURNAL_MAX_SIZE to 5Gb but the journal grows a whole lot bigger than that. Last time it was on 24 GB, due to another issue where Graylog cannot read messages anymore.
Any ideas what might be wrong? Also if someone has a hint on what might causes Graylog to suddenly stop reading messages would be very helpful, since I run into this already several times.
I'm using latest docker image graylog2/server:2.4.3-1
thanks
Here is my error when I started docker-compose:
graylog_1 | 2019-02-18 12:07:33,064 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 3.0.0 [org.graylog.aws.AWSPlugin]
graylog_1 | 2019-02-18 12:07:33,079 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 3.0.0 [org.graylog.plugins.collector.CollectorPlugin]
graylog_1 | 2019-02-18 12:07:33,086 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 3.0.0 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
graylog_1 | 2019-02-18 12:07:33,282 ERROR: org.graylog2.bootstrap.CmdLineTool - Invalid configuration
graylog_1 | com.github.joschi.jadconfig.ValidationException: java.lang.IllegalArgumentException: Possible bracketless IPv6 literal: http://192.168.19.27:9000/api
graylog_1 | at org.graylog2.configuration.HttpConfiguration.validateHttpBindAddress(HttpConfiguration.java:227) ~[graylog.jar:?]
graylog_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
graylog_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
graylog_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
graylog_1 | at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
graylog_1 | at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
graylog_1 | at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:221) ~[graylog.jar:?]
graylog_1 | at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:100) ~[graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351) [graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344) [graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:178) [graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.Main.main(Main.java:50) [graylog.jar:?]
graylog_1 | Caused by: java.lang.IllegalArgumentException: Possible bracketless IPv6 literal: http://192.168.19.27:9000/api
graylog_1 | at com.google.common.base.Preconditions.checkArgument(Preconditions.java:216) ~[graylog.jar:?]
graylog_1 | at com.google.common.net.HostAndPort.requireBracketsForIPv6(HostAndPort.java:275) ~[graylog.jar:?]
graylog_1 | at org.graylog2.configuration.HttpConfiguration.getHttpBindAddress(HttpConfiguration.java:88) ~[graylog.jar:?]
graylog_1 | at org.graylog2.configuration.HttpConfiguration.validateHttpBindAddress(HttpConfiguration.java:222) ~[graylog.jar:?]
graylog_1 | ... 11 more
graylog-docker-compose_graylog_1 exited with code 1
Caused by: java.lang.IllegalArgumentException: Possible bracketless IPv6 literal: http://192.168.19.27:9000/api
Does GRAYLOG_HTTP_BIND_ADDRESS
expected IPv6 ?
Docker compose is here:
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:3.0
volumes:
- graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_BIND_ADDRESS=http://192.168.19.27:9000/api
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
Graylog fails to start if mounted volumes into ${GRAYLOG_HOME}/data
are not owned by the same user inside the container (uid:1100 gid:1100).
This refers to the docker-entrypoint.sh script (line 51).
The entrypoint will list entries in ${GRAYLOG_HOME}/data
and try to chown
them to the graylog:graylog
user. This only works if the directories are already owned by that user.
chown: changing ownership of '/usr/share/graylog/data/journal': Operation not permitted
Current master is
Launching graylog-0 as master
pod/graylog-0 labeled
Starting graylog
Graylog Home /usr/share/graylog
Graylog User graylog
JVM Options -Djava.net.preferIPv4Stack=true -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Xms1024g -Xmx1024g
2019-04-27 04:05:49,687 INFO [CmdLineTool] - Loaded plugin: AWS plugins 3.0.1 [org.graylog.aws.AWSPlugin] - {}
2019-04-27 04:05:49,693 INFO [CmdLineTool] - Loaded plugin: Collector 3.0.1 [org.graylog.plugins.collector.CollectorPlugin] - {}
2019-04-27 04:05:49,694 INFO [CmdLineTool] - Loaded plugin: Threat Intelligence Plugin 3.0.1 [org.graylog.plugins.threatintel.ThreatIntelPlugin] - {}
2019-04-27 04:05:49,788 ERROR [CmdLineTool] - Invalid configuration - {}
com.github.joschi.jadconfig.ValidationException: Parent directory /usr/share/graylog/data/journal for Node ID file at /usr/share/graylog/data/journal/node-id is not writable
at org.graylog2.Configuration$NodeIdFileValidator.validate(Configuration.java:302) ~[graylog.jar:?]
at org.graylog2.Configuration$NodeIdFileValidator.validate(Configuration.java:284) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.validateParameter(JadConfig.java:215) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.processClassFields(JadConfig.java:148) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:99) ~[graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:178) [graylog.jar:?]
at org.graylog2.bootstrap.Main.main(Main.java:50) [graylog.jar:?]
On that note, the graylog container might as well not even try to chown
directories if it's running as non-root.
A common way to workaround this is to adjust volume permissions from the host where the volume is located and restart the container. That is simple enough if you are running docker-compose
, NFS volumes, or just testing on your local machine.
However, in some cases, volume contents are not accessible from outside the container. As an example, volumes provisioned automatically by OpenEBS in a Kubernetes cluster hide their data in block files replicated throughout the cluster. Changing these permissions is not just a matter of chowning a directory in the host OS, and further hacks need to be improvised (such as this one, where I'm trying to workaround by adjusting the helm chart for a Kubernetes deployment).
I'm still trying to think of ways to improve this. I'm not sure what the best approach would be.
Maybe, run the Graylog container as root and, at the end of the entrypoint, launch the graylog process with another user?
I'm using docker cloud so no "docker run" commands for me.
I'm setting these three:
GRAYLOG_ELASTICSEARCH_DISCOVERY_ZEN_PING_UNICAST_HOSTS=elasticsearch
GRAYLOG_ELASTICSEARCH_NETWORK_HOST=elasticsearch
GRAYLOG_ELASTICSEARCH_NETWORK_BIND_HOST=elasticsearch
elasticsearch being the host alias for a local elasticsearch container.
[server-2aa62f55-1]2017-04-05T15:59:17.012685055Z 2017-04-05 15:59:17,012 INFO : kafka.log.LogManager - Loading logs.
[server-2aa62f55-1]2017-04-05T15:59:17.110929199Z 2017-04-05 15:59:17,110 INFO : kafka.log.LogManager - Logs loading complete.
[server-2aa62f55-1]2017-04-05T15:59:17.112780492Z 2017-04-05 15:59:17,111 INFO : org.graylog2.shared.journal.KafkaJournal - Initialized Kafka based journal at /usr/share/graylog/data/journal
[server-2aa62f55-1]2017-04-05T15:59:17.139898049Z 2017-04-05 15:59:17,139 INFO : org.graylog2.shared.buffers.InputBufferImpl - Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
[server-2aa62f55-1]2017-04-05T15:59:17.175616599Z 2017-04-05 15:59:17,175 INFO : org.mongodb.driver.cluster - Cluster created with settings {hosts=[mongo:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
[server-2aa62f55-1]2017-04-05T15:59:17.277003205Z 2017-04-05 15:59:17,276 INFO : org.mongodb.driver.cluster - No server chosen by ReadPreferenceServerSelector{readPreference=primary} from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=mongo:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing out
[server-2aa62f55-1]2017-04-05T15:59:17.434677842Z 2017-04-05 15:59:17,433 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:1, serverValue:72}] to mongo:27017
[server-2aa62f55-1]2017-04-05T15:59:17.439509936Z 2017-04-05 15:59:17,439 INFO : org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=mongo:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 4, 3]}, minWireVersion=0, maxWireVersion=5, maxDocumentSize=16777216, roundTripTimeNanos=1281094}
[server-2aa62f55-1]2017-04-05T15:59:17.456940336Z 2017-04-05 15:59:17,456 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:2, serverValue:73}] to mongo:27017
[server-2aa62f55-1]2017-04-05T15:59:18.004474094Z 2017-04-05 15:59:18,003 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] version[2.4.4], pid[1], build[fcbb46d/2017-01-03T11:33:16Z]
[server-2aa62f55-1]2017-04-05T15:59:18.004978213Z 2017-04-05 15:59:18,004 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] initializing ...
[server-2aa62f55-1]2017-04-05T15:59:18.014167977Z 2017-04-05 15:59:18,013 INFO : org.elasticsearch.plugins - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] modules [], plugins [graylog-monitor], sites []
[server-2aa62f55-1]2017-04-05T15:59:20.674242514Z 2017-04-05 15:59:20,673 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] initialized
[server-2aa62f55-1]2017-04-05T15:59:20.811144960Z 2017-04-05 15:59:20,810 INFO : org.graylog2.shared.buffers.ProcessBuffer - Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
[server-2aa62f55-1]2017-04-05T15:59:23.278729061Z 2017-04-05 15:59:23,278 INFO : org.graylog2.bindings.providers.RulesEngineProvider - No static rules file loaded.
[server-2aa62f55-1]2017-04-05T15:59:24.096066383Z 2017-04-05 15:59:24,095 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
[server-2aa62f55-1]2017-04-05T15:59:24.117608169Z 2017-04-05 15:59:24,117 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
[server-2aa62f55-1]2017-04-05T15:59:24.269771215Z 2017-04-05 15:59:24,269 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
[server-2aa62f55-1]2017-04-05T15:59:24.542243405Z 2017-04-05 15:59:24,541 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
[server-2aa62f55-1]2017-04-05T15:59:24.629086788Z 2017-04-05 15:59:24,628 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
[server-2aa62f55-1]2017-04-05T15:59:24.836570656Z 2017-04-05 15:59:24,836 WARN : org.graylog.plugins.map.geoip.GeoIpResolverEngine - GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
[server-2aa62f55-1]2017-04-05T15:59:27.061770641Z 2017-04-05 15:59:27,061 INFO : org.graylog2.bootstrap.ServerBootstrap - Graylog server 2.2.3+7adc951 starting up
[server-2aa62f55-1]2017-04-05T15:59:27.063092557Z 2017-04-05 15:59:27,062 INFO : org.graylog2.bootstrap.ServerBootstrap - JRE: Oracle Corporation 1.8.0_72-internal on Linux 4.4.0-66-generic
[server-2aa62f55-1]2017-04-05T15:59:27.063385809Z 2017-04-05 15:59:27,063 INFO : org.graylog2.bootstrap.ServerBootstrap - Deployment: docker
[server-2aa62f55-1]2017-04-05T15:59:27.063654309Z 2017-04-05 15:59:27,063 INFO : org.graylog2.bootstrap.ServerBootstrap - OS: Debian GNU/Linux 8 (jessie) (debian)
[server-2aa62f55-1]2017-04-05T15:59:27.063921697Z 2017-04-05 15:59:27,063 INFO : org.graylog2.bootstrap.ServerBootstrap - Arch: amd64
[server-2aa62f55-1]2017-04-05T15:59:27.086828944Z 2017-04-05 15:59:27,084 WARN : org.graylog2.shared.events.DeadEventLoggingListener - Received unhandled event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus <AsyncEventBus{graylog-eventbus}>
[server-2aa62f55-1]2017-04-05T15:59:27.154290645Z 2017-04-05 15:59:27,153 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] starting ...
[server-2aa62f55-1]2017-04-05T15:59:27.180343744Z 2017-04-05 15:59:27,178 INFO : org.graylog2.shared.initializers.PeriodicalsService - Starting 26 periodicals ...
[server-2aa62f55-1]2017-04-05T15:59:27.183243890Z 2017-04-05 15:59:27,183 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
[server-2aa62f55-1]2017-04-05T15:59:27.209928043Z 2017-04-05 15:59:27,209 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.AlertScannerThread] periodical in [10s], polling every [60s].
[server-2aa62f55-1]2017-04-05T15:59:27.262918294Z 2017-04-05 15:59:27,262 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
[server-2aa62f55-1]2017-04-05T15:59:27.264535680Z 2017-04-05 15:59:27,264 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
[server-2aa62f55-1]2017-04-05T15:59:27.268184898Z 2017-04-05 15:59:27,268 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.268987970Z 2017-04-05 15:59:27,268 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.274897695Z 2017-04-05 15:59:27,271 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
[server-2aa62f55-1]2017-04-05T15:59:27.276023962Z 2017-04-05 15:59:27,275 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
[server-2aa62f55-1]2017-04-05T15:59:27.276623657Z 2017-04-05 15:59:27,276 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
[server-2aa62f55-1]2017-04-05T15:59:27.277354249Z 2017-04-05 15:59:27,276 INFO : org.graylog2.periodical.IndexRetentionThread - Elasticsearch cluster not available, skipping index retention checks.
[server-2aa62f55-1]2017-04-05T15:59:27.277730686Z 2017-04-05 15:59:27,277 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
[server-2aa62f55-1]2017-04-05T15:59:27.278288303Z 2017-04-05 15:59:27,278 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
[server-2aa62f55-1]2017-04-05T15:59:27.278801432Z 2017-04-05 15:59:27,278 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
[server-2aa62f55-1]2017-04-05T15:59:27.279236020Z 2017-04-05 15:59:27,279 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
[server-2aa62f55-1]2017-04-05T15:59:27.283923409Z 2017-04-05 15:59:27,283 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
[server-2aa62f55-1]2017-04-05T15:59:27.284740573Z 2017-04-05 15:59:27,284 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.285885320Z 2017-04-05 15:59:27,285 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.286782795Z 2017-04-05 15:59:27,286 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
[server-2aa62f55-1]2017-04-05T15:59:27.304682298Z 2017-04-05 15:59:27,304 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:4, serverValue:75}] to mongo:27017
[server-2aa62f55-1]2017-04-05T15:59:27.316547600Z 2017-04-05 15:59:27,315 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:3, serverValue:74}] to mongo:27017
[server-2aa62f55-1]2017-04-05T15:59:27.327406751Z 2017-04-05 15:59:27,326 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:5, serverValue:76}] to mongo:27017
[server-2aa62f55-1]2017-04-05T15:59:27.331313466Z 2017-04-05 15:59:27,331 INFO : org.mongodb.driver.connection - Opened connection [connectionId{localValue:6, serverValue:77}] to mongo:27017
[server-2aa62f55-1]2017-04-05T15:59:27.432340524Z 2017-04-05 15:59:27,431 INFO : org.graylog2.periodical.IndexerClusterCheckerThread - Indexer not fully initialized yet. Skipping periodic cluster check.
[server-2aa62f55-1]2017-04-05T15:59:27.457694652Z 2017-04-05 15:59:27,457 INFO : org.graylog2.shared.initializers.PeriodicalsService - Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
[server-2aa62f55-1]2017-04-05T15:59:27.458217144Z 2017-04-05 15:59:27,457 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.AlarmCallbacksMigrationPeriodical] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.479598984Z 2017-04-05 15:59:27,479 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.497489521Z 2017-04-05 15:59:27,497 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.501790538Z 2017-04-05 15:59:27,501 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.532293504Z 2017-04-05 15:59:27,531 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] periodical in [300s], polling every [21600s].
[server-2aa62f55-1]2017-04-05T15:59:27.541653086Z 2017-04-05 15:59:27,541 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] periodical in [300s], polling every [21600s].
[server-2aa62f55-1]2017-04-05T15:59:27.602101713Z 2017-04-05 15:59:27,601 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
[server-2aa62f55-1]2017-04-05T15:59:27.615300234Z 2017-04-05 15:59:27,614 INFO : org.graylog2.periodical.Periodicals - Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
[server-2aa62f55-1]2017-04-05T15:59:27.741819609Z 2017-04-05 15:59:27,741 INFO : org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration - Legacy default stream has no connections, no migration needed.
[server-2aa62f55-1]2017-04-05T15:59:27.922144839Z 2017-04-05 15:59:27,912 ERROR: com.google.common.util.concurrent.ServiceManager - Service IndexerSetupService [FAILED] has failed in the STARTING state.
[server-2aa62f55-1]2017-04-05T15:59:27.922202033Z org.elasticsearch.transport.BindTransportException: Failed to bind to [9350]
[server-2aa62f55-1]2017-04-05T15:59:27.922212754Z at org.elasticsearch.transport.netty.NettyTransport.bindToPort(NettyTransport.java:489) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922221187Z at org.elasticsearch.transport.netty.NettyTransport.bindServerBootstrap(NettyTransport.java:451) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922228692Z at org.elasticsearch.transport.netty.NettyTransport.doStart(NettyTransport.java:332) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922236285Z at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922243610Z at org.elasticsearch.transport.TransportService.doStart(TransportService.java:182) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922251210Z at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922258729Z at org.elasticsearch.node.Node.start(Node.java:278) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922265852Z at org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922273276Z at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922280724Z at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922288744Z at java.lang.Thread.run(Thread.java:745) [?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922295687Z Caused by: org.jboss.netty.channel.ChannelException: Failed to bind to: elasticsearch/10.7.0.13:9350
[server-2aa62f55-1]2017-04-05T15:59:27.922302631Z at org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922309623Z at org.elasticsearch.transport.netty.NettyTransport$1.onPortNumber(NettyTransport.java:471) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922316836Z at org.elasticsearch.common.transport.PortsRange.iterate(PortsRange.java:58) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922324095Z at org.elasticsearch.transport.netty.NettyTransport.bindToPort(NettyTransport.java:467) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922332191Z ... 10 more
[server-2aa62f55-1]2017-04-05T15:59:27.922338833Z Caused by: java.net.BindException: Cannot assign requested address
[server-2aa62f55-1]2017-04-05T15:59:27.922345775Z at sun.nio.ch.Net.bind0(Native Method) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922353195Z at sun.nio.ch.Net.bind(Net.java:433) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922374238Z at sun.nio.ch.Net.bind(Net.java:425) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922381468Z at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922388557Z at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922395656Z at org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922402804Z at org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:391) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922409904Z at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:315) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922416914Z at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922440674Z at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922448447Z at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:27.922455351Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922462526Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[?:1.8.0_72-internal]
[server-2aa62f55-1]2017-04-05T15:59:27.922469369Z ... 1 more
[server-2aa62f55-1]2017-04-05T15:59:27.938222160Z 2017-04-05 15:59:27,937 ERROR: org.graylog2.shared.initializers.InputSetupService - Not starting any inputs because lifecycle is: Uninitialized [LB:DEAD]
[server-2aa62f55-1]2017-04-05T15:59:27.995573278Z 2017-04-05 15:59:27,995 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.AlertScannerThread].
[server-2aa62f55-1]2017-04-05T15:59:27.995905112Z 2017-04-05 15:59:27,995 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.AlertScannerThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:27.996407143Z 2017-04-05 15:59:27,996 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
[server-2aa62f55-1]2017-04-05T15:59:27.996435569Z 2017-04-05 15:59:27,996 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:27.996763108Z 2017-04-05 15:59:27,996 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.ClusterHealthCheckThread].
[server-2aa62f55-1]2017-04-05T15:59:27.997022956Z 2017-04-05 15:59:27,996 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:27.997537862Z 2017-04-05 15:59:27,997 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
[server-2aa62f55-1]2017-04-05T15:59:27.997572418Z 2017-04-05 15:59:27,996 WARN : org.graylog2.initializers.BufferSynchronizerService - Elasticsearch is unavailable. Not waiting to clear buffers and caches, as we have no healthy cluster.
[server-2aa62f55-1]2017-04-05T15:59:27.997976422Z 2017-04-05 15:59:27,997 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:27.999164901Z 2017-04-05 15:59:27,998 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] stopping ...
[server-2aa62f55-1]2017-04-05T15:59:28.000635883Z 2017-04-05 15:59:27,999 INFO : org.graylog2.initializers.OutputSetupService - Stopping output org.graylog2.outputs.BlockingBatchedESOutput
[server-2aa62f55-1]2017-04-05T15:59:28.005637349Z 2017-04-05 15:59:28,005 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] stopped
[server-2aa62f55-1]2017-04-05T15:59:28.005952410Z 2017-04-05 15:59:28,005 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] closing ...
[server-2aa62f55-1]2017-04-05T15:59:28.054246868Z 2017-04-05 15:59:28,053 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.IndexRetentionThread].
[server-2aa62f55-1]2017-04-05T15:59:28.054965226Z 2017-04-05 15:59:28,054 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.IndexRetentionThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.055110840Z 2017-04-05 15:59:28,054 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.IndexRotationThread].
[server-2aa62f55-1]2017-04-05T15:59:28.055879157Z 2017-04-05 15:59:28,055 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.IndexRotationThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.056509783Z 2017-04-05 15:59:28,056 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.VersionCheckThread].
[server-2aa62f55-1]2017-04-05T15:59:28.056683250Z 2017-04-05 15:59:28,056 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.VersionCheckThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.056984492Z 2017-04-05 15:59:28,056 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
[server-2aa62f55-1]2017-04-05T15:59:28.057515707Z 2017-04-05 15:59:28,057 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.057933848Z 2017-04-05 15:59:28,057 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.events.ClusterEventPeriodical].
[server-2aa62f55-1]2017-04-05T15:59:28.058223900Z 2017-04-05 15:59:28,058 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.events.ClusterEventPeriodical] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.059391938Z 2017-04-05 15:59:28,059 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
[server-2aa62f55-1]2017-04-05T15:59:28.059843251Z 2017-04-05 15:59:28,059 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.059952490Z 2017-04-05 15:59:28,059 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
[server-2aa62f55-1]2017-04-05T15:59:28.060407657Z 2017-04-05 15:59:28,060 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.060774488Z 2017-04-05 15:59:28,060 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical].
[server-2aa62f55-1]2017-04-05T15:59:28.061371933Z 2017-04-05 15:59:28,061 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.061656212Z 2017-04-05 15:59:28,061 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical].
[server-2aa62f55-1]2017-04-05T15:59:28.062280581Z 2017-04-05 15:59:28,062 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.063410084Z 2017-04-05 15:59:28,062 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutting down periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
[server-2aa62f55-1]2017-04-05T15:59:28.063444070Z 2017-04-05 15:59:28,063 INFO : org.graylog2.shared.initializers.PeriodicalsService - Shutdown of periodical [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] complete, took <0ms>.
[server-2aa62f55-1]2017-04-05T15:59:28.082631234Z 2017-04-05 15:59:28,082 INFO : org.graylog2.shared.journal.JournalReader - Stopping.
[server-2aa62f55-1]2017-04-05T15:59:28.094651700Z 2017-04-05 15:59:28,094 INFO : org.elasticsearch.node - [graylog-d1a865fb-845e-4d2a-9929-0ad5afdd3a6c] closed
[server-2aa62f55-1]2017-04-05T15:59:28.106031251Z 2017-04-05 15:59:28,104 INFO : kafka.log.LogManager - Shutting down.
[server-2aa62f55-1]2017-04-05T15:59:28.123719524Z 2017-04-05 15:59:28,121 INFO : org.graylog2.migrations.V20161130141500_DefaultStreamRecalcIndexRanges - Cluster not connected yet, delaying migration until it is reachable.
[server-2aa62f55-1]2017-04-05T15:59:28.868319469Z 2017-04-05 15:59:28,868 INFO : kafka.log.LogManager - Shutdown complete.
[server-2aa62f55-1]2017-04-05T15:59:29.163412261Z 2017-04-05 15:59:29,162 INFO : org.graylog2.shared.initializers.JerseyService - Enabling CORS for HTTP endpoint
[server-2aa62f55-1]2017-04-05T15:59:45.417913431Z 2017-04-05 15:59:45,417 INFO : org.glassfish.grizzly.http.server.NetworkListener - Started listener bound to [0.0.0.0:9000]
[server-2aa62f55-1]2017-04-05T15:59:45.421811099Z 2017-04-05 15:59:45,421 INFO : org.glassfish.grizzly.http.server.HttpServer - [HttpServer] Started.
[server-2aa62f55-1]2017-04-05T15:59:45.422368878Z 2017-04-05 15:59:45,422 INFO : org.graylog2.shared.initializers.JerseyService - Started REST API at <http://0.0.0.0:9000/api/>
[server-2aa62f55-1]2017-04-05T15:59:45.422776884Z 2017-04-05 15:59:45,422 INFO : org.graylog2.shared.initializers.JerseyService - Started Web Interface at <http://0.0.0.0:9000/>
[server-2aa62f55-1]2017-04-05T15:59:45.430129051Z 2017-04-05 15:59:45,425 INFO : org.graylog2.shared.initializers.JerseyService - Shutting down HTTP listener at <http://0.0.0.0:9000/api/>
[server-2aa62f55-1]2017-04-05T15:59:45.501946763Z 2017-04-05 15:59:45,501 INFO : org.glassfish.grizzly.http.server.NetworkListener - Stopped listener bound to [0.0.0.0:9000]
[server-2aa62f55-1]2017-04-05T15:59:45.505141415Z 2017-04-05 15:59:45,504 INFO : org.graylog2.shared.initializers.ServiceManagerListener - Services are now stopped.
[server-2aa62f55-1]2017-04-05T15:59:45.505519775Z 2017-04-05 15:59:45,504 ERROR: org.graylog2.bootstrap.ServerBootstrap - Graylog startup failed. Exiting. Exception was:
[server-2aa62f55-1]2017-04-05T15:59:45.505547422Z java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {STARTING=[JerseyService [STARTING]], FAILED=[IndexerSetupService [FAILED]]}
[server-2aa62f55-1]2017-04-05T15:59:45.505559331Z at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:742) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:45.505601073Z at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:555) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:45.505608535Z at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:304) ~[graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:45.505614725Z at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:147) [graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:45.505622995Z at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) [graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:45.505630362Z at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
[server-2aa62f55-1]2017-04-05T15:59:45.532824927Z 2017-04-05 15:59:45,532 INFO : org.graylog2.commands.Server - SIGNAL received. Shutting down.
Hi,
I create my enviroenment whith docker-compose.yaml (https://hub.docker.com/r/graylog/graylog/), but is error when access:
**Server currently unavailable
We are experiencing problems connecting to the Graylog server running on http://0.0.0.0:9000/. Please verify that the server is healthy and working correctly.
You will be automatically redirected to the previous page once we can connect to the server.
Do you need a hand? We can help you.
More details**
My docker-compose.yaml:
cat docker-compose.yaml
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo:
image: mongo:3
volumes:
- ./mongo/mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.6.12
volumes:
- ./elastic/es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
# Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:2.4
volumes:
- ./graylog/graylog_journal:/usr/share/graylog/data/journal
- ./graylog/config:/usr/share/graylog/data/config
environment:
# CHANGE ME!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_WEB_ENDPOINT_URI=http://0.0.0.0:9000/
- GRAYLOG_REST_LISTEN_URI=http://0.0.0.0:9000/api/
links:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
whats problem?
I found some pages who are refering GRAYLOG_ELASTICSEARCH_HOSTS but I haven't found anything here.
Hi!
I'm trying to run docker image of Graylog (3.0, 2.4.6-1) in Openshift. The creation of pod fails with error:
/docker-entrypoint.sh: line 35: exec: graylog: not found
Any ideas why it could be?
As of version 2.4.3-1, the Graylog Docker image is using Elasticsearch request compression which works with Elasticsearch but doesn't work with AWS Elasticsearch Service and might not work with all HTTP proxies used in front of Elasticsearch clusters.
graylog-docker/config/graylog.conf
Lines 228 to 231 in ee0d462
Therefore, the default should be disabled.
Edit: Ah I guess deprecated configs are not included in docker image's config file.
Hello everyone,
There is an issue with running graylog on kubernetes environment by using graylog.conf as a configmap.
The main issue is due to the chown command in docker-entrypoint.sh
chown --recursive "${GRAYLOG_USER}":"${GRAYLOG_GROUP}" "${GRAYLOG_HOME}/data"
configmaps are mounted as readonly volumes into the container which makes the command above to break.
As a workaround I've changed the entry point to below and there weren't any issues running graylog (for the past month).
chown --recursive "${GRAYLOG_USER}":"${GRAYLOG_GROUP}" "${GRAYLOG_HOME}/data" || echo "Skipping chown command"
The question is, are there any issues regarding skipping the chown command?
And are there any other workarounds that you can think of?
Hi
I tried to run Graylog container as mentioned in README section of this repository (Quick start example).
Mongo and Elasticsearch started properly. But when I started Graylog container Docker client became irresponsible. It required 2-3 minutes to execute even "docker ps" command.
When I ran docker stats it showed rather slow memory and CPU usage by Docker containers but Block I/O usage was huge (about 56 Gigabytes for each of three containers).
What is weird I did nothing with Graylog. I didn't open Web UI either. Then after some time ElasticSearch container crashed and terminated.
Environment info:
OS: Windows 10
Docker: 18.06.0-ce, build 0ffa825
Hello,
the readme.md mentions that the 3.0 tag should contain Graylog 3.0.2 but it contains Graylog 3.0.2 also the tag 3.0.2-1 does not exist. Does this have a reason? And also when are the Graylog 3.0.2 images going to be available?
Thanks,
Timo
I've been playing around with Graylog running in Docker on Kubernetes (via the official helm chart), and I've found that Graylog pods take a long time to terminate, then eventually terminate without logging any graceful shutdown messages. That seemed suspicious to me, and I wondered if the eventual termination was only due to the terminationGracePeriodSeconds: 120
.
If I'm not mistaken, the problem boils down to Kubernetes being unable to get its SIGTERM all the way to the Java process in the pod. Kubernetes sends a SIGTERM to the process with PID 1, which is docker-entrypoint.sh
, but the script does not forward it to the java process. When the grace period expires, Kubernetes sends an SIGKILL to all processes in the pod, achieving the ungraceful termination.
docker run --name graylog graylog/graylog:3.0.2-2
# it'll log tons of Mongo & Elasticseacrch connection errors, but that's fine
docker exec -it graylog sh -c 'kill -TERM 1'
# java process continues running, docker container continues running
docker exec -it graylog sh -c 'kill -TERM $(pidof java)'
# java process terminates, docker container stops
docker run --name graylog graylog/graylog:3.0.2-2
docker kill --signal TERM graylog
# signal sent successfully, but container is still running
docker kill --signal KILL graylog
# container terminates ungracefully
docker-entrypoint.sh
(PID 1) to trap and forward SIGTERM to the java
child processtini
, like so:# Add Tini
ENV TINI_VERSION <check-version-on-github>
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
ENTRYPOINT ["/tini", "--"]
# Run your program under Tini
CMD ["/docker-entrypoint.sh"]
https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-terminating-with-grace
https://cloud.google.com/solutions/best-practices-for-building-containers#signal-handling
Overriding Docker environment variables is working for all but GRAYLOG_TRANSPORT_EMAIL_FROM_EMAILwhen using image graylog/graylog:3.0. The value is always the default value of [email protected] regardless of the value set.
I am trying to start Graylog for the testing purpose from docker-compose.yml which is on a site
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:2.5
volumes:
- graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
When I open page http://local_ip:9000/ I've got an error
We are experiencing problems connecting to the Graylog server running on http://127.0.0.1:9000/api. Please verify that the server is healthy and working correctly.
Output of my docker ps
ds@graylog:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be5a98510e38 graylog/graylog:2.5 "/docker-entrypoint.…" About an hour ago Up 4 minutes (healthy) 0.0.0.0:514->514/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:514->514/udp, 0.0.0.0:12201->12201/tcp, 0.0.0.0:12201->12201/udp graylog-docker-compose_graylog_1
fd6e3314937d mongo:3 "docker-entrypoint.s…" About an hour ago Up 4 minutes 27017/tcp graylog-docker-compose_mongodb_1
053746d73790 docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4 "/usr/local/bin/dock…" About an hour ago Up 4 minutes 9200/tcp, 9300/tcp graylog-docker-compose_elasticsearch_1
ds@graylog:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.18.0.4 tcp dpt:12201
ACCEPT udp -- anywhere 172.18.0.4 udp dpt:12201
ACCEPT tcp -- anywhere 172.18.0.4 tcp dpt:9000
ACCEPT tcp -- anywhere 172.18.0.4 tcp dpt:shell
ACCEPT udp -- anywhere 172.18.0.4 udp dpt:syslog
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Environment info:
OS: Ubuntu Server 18.04
Docker version : 18.09.2
Docker-compose version 1.21.2
Why is default docker-compose doesn't start correctly ?
So the latest 2.4 docker file update broke my docker container and now it shows up as unhealthy.
This is how I am running the container:
docker run --name graylog \
--link mongo --link elasticsearch \
-p 514:514 -p 514:514/udp \
-e GRAYLOG_WEB_ENDPOINT_URI="https://graylog.local/api" \
--label=com.centurylinklabs.watchtower.enable=true \
-l traefik.frontend.rule=Host:graylog.local \
-l traefik.port=9000 \
-e GRAYLOG_ROOT_PASSWORD_SHA2=3c8a8ec5d1f41ba5b33bf65718c405c03359e1018109287426022bde6dc9fd33 \
-v graylog_journal:/usr/share/graylog/data/journal \
-v /home/a/docker/graylog/config:/usr/share/graylog/data/config \
-v /home/a/docker/graylog/GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb \
--net=mynet \
--restart=always \
-d graylog/graylog:2.4
edit: it works without proxy
In the Persist Log Data section of the README, the wget
command for downloading graylog.conf gives an older version of the config not compatible with Graylog 2.4 e.g. contains elasticsearch_network_host
instead of elasticsearch_hosts
. I think the correct URL is:
https://raw.githubusercontent.com/Graylog2/graylog-docker/2.4/config/graylog.conf
Hello,
I just copy and paste the example docker-compose.yml file in the documentation and create the config dirs&files and try to run docker-compose up
I expect this to work but I see a java error repeatedly occur instead:
graylog_1 | "Incorrect HTTP method for uri [/graylog_*/_aliases] and method [GET], allowed: [PUT]"
graylog_1 | at org.graylog2.indexer.cluster.jest.JestUtils.specificException(JestUtils.java:95) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.cluster.jest.JestUtils.execute(JestUtils.java:57) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.cluster.jest.JestUtils.execute(JestUtils.java:62) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.indices.Indices.getIndexNamesAndAliases(Indices.java:307) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.MongoIndexSet.getNewestIndexNumber(MongoIndexSet.java:151) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.MongoIndexSet.getNewestIndex(MongoIndexSet.java:146) ~[graylog.jar:?]
graylog_1 | at org.graylog2.indexer.MongoIndexSet.setUp(MongoIndexSet.java:252) ~[graylog.jar:?]
graylog_1 | at org.graylog2.periodical.IndexRotationThread.checkAndRepair(IndexRotationThread.java:138) ~[graylog.jar:?]
graylog_1 | at org.graylog2.periodical.IndexRotationThread.lambda$doRun$0(IndexRotationThread.java:76) ~[graylog.jar:?]
graylog_1 | at java.lang.Iterable.forEach(Iterable.java:75) [?:1.8.0_181]
graylog_1 | at org.graylog2.periodical.IndexRotationThread.doRun(IndexRotationThread.java:73) [graylog.jar:?]
graylog_1 | at org.graylog2.plugin.periodical.Periodical.run(Periodical.java:77) [graylog.jar:?]
graylog_1 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_181]
graylog_1 | at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_181]
graylog_1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_181]
graylog_1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_181]
graylog_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181]
graylog_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181]
graylog_1 | at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
graylog_1 | 2019-01-29 08:08:04,679 INFO : org.graylog2.periodical.IndexRangesCleanupPeriodical - Skipping index range cleanup because the Elasticsearch cluster is unreachable or unhealthy
graylog_1 | 2019-01-29 08:08:09,491 INFO : org.graylog2.indexer.MongoIndexSet - Did not find a deflector alias. Setting one up now.
graylog_1 | 2019-01-29 08:08:09,497 ERROR: org.graylog2.periodical.IndexRotationThread - Couldn't point deflector to a new index
graylog_1 | org.graylog2.indexer.ElasticsearchException: Couldn't collect aliases for index pattern graylog_*
graylog_1 |
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.4
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:3.0
volumes:
- graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
Directory Structure:
Can you please bear a hand?
i installed graylog docker on my pc.
i cant log in to it with python graypy module and also cant get access to webinterface of graylog from another pc in the same network with the first one.
here is the error
We are experiencing problems connecting to the Graylog server running on http://0.0.0.0:9000/api. Please verify that the server is healthy and working correctly.
You will be automatically redirected to the previous page once we can connect to the server.
Do you need a hand? We can help you.
Less details
This is the last response we received from the server:
Error message
Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Original Request
GET http://0.0.0.0:9000/api/system/sessions
Status code
undefined
Full error message
Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
I can't get working graylog with example command from README.md
It can't connect to http://127.0.0.1:9000/api/system/sessions
I believe it need to change web_endpoint_uri and add web_listen_uri in README:
...
-e GRAYLOG_WEB_ENDPOINT_URI="http://<host_ip>:9000/api" \
-e GRAYLOG_WEB_LISTEN_URI="http://127.0.0.1:9000"
...
The "latest" tag in Docker doesn't provide any guarantees about which version of Graylog is being used which makes upgrades hard and infrastructure build unreliable.
This also invites users to (maybe unknowingly) use this anti-pattern.
Instead, we should only offer the specific versions of Graylog (${GRAYLOG_VERSION}-${DOCKER_IMAGE_REVISION}
, e. g. 2.4.3-1
) and the "major" release (${GRAYLOG_MAJOR}.${GRAYLOG_MINOR}
, e. g. 2.4
) as tags on Docker Hub.
For the latter we (kind of) guarantee non-breaking changes so that should be fine.
There is a missing dash (-) in the readme for getting the elasticsearch container running I think. If I look at the logs for the command, I see this error.
So I added an extra dash and it seems to start the cluster now and everything works okay. I'm on Windows using Powershell btw.
docker run --name some-elasticsearch -d elasticsearch:2 elasticsearch --Des.cluster.name="graylog"
I created container from graylog/graylog:2.5 image according to this guide.
Container is within it's own network.
Then I tried to created CA with labs shadowCA tool according to this guide.
I imported ca from shadowCA into container keystore (Run tmp container, modified /etc/ssl/certs/java/cacerts with keytool, copy modidied keystore file to host system and then mount it graylog container) and generated to certificates signed with ca.key - one for graylog and one for another server, from which I want to collect nginx logs with filebeat.
Next, I created filebeat input, enabled tls, specify paths to graylog certs and key, and path to directory with client server certificate.
Unfortunately, input doesn't work as expected. All queries to input port failed with this stacktrace
2018-12-12 12:30:01,682 WARN : org.jboss.netty.channel.socket.nio.AbstractNioSelector - Failed to initialize an accepted socket.
java.security.cert.CertificateParsingException: signed overrun, bytes = 919
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1788) ~[?:1.8.0_181]
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195) ~[?:1.8.0_181]
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:471) ~[?:1.8.0_181]
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:356) ~[?:1.8.0_181]
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462) ~[?:1.8.0_181]
at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java:91) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java:103) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.transports.util.KeyUtil.initTrustStore(KeyUtil.java:73) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:199) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
Is there a way to resolve the issue and configure tls within graylog docker container.
The package graylog is not verified after download here:
Line 38 in 21b6761
AFAIK graylog package is not signed. I can't find any information about that so maybe this issue implies more than just this docker.
I'm trying to auto load streams as content packs with auto load but they are not appearing. It does add them in the UI /system/contentpacks
but I have to manually apply them.
Graylog version v2.4.6+ceaa7e4
docker create --link mongo \
-p 9000:9000 -p 12201:12201 -p 514:514 -p 5555:5555 \
--name graylog \
-e GRAYLOG_CONTENT_PACKS_LOADER_ENABLED=true \
-e GRAYLOG_CONTENT_PACKS_AUTO_LOAD=tcp-input.json,my-stream.json \
-e GRAYLOG_CONTENT_PACKS_DIR=data/contentpacks \
... other env values ...
graylog/graylog:2.4
Wondering if this is an issue or something I've misconfigured.
GRAYLOG_MONGODB_URI
and GRAYOG_ELASTICSEARCH_HOSTS
environment variables are not working. I have "mongodb://graylog:[email protected]:27017/graylog"
defined as the environment variable. Similarly an ip is being passed in for the elasticsearch host. I have exec'd into the container and can verify these are set correctly. I'm getting host name lookup failures in the logs looking up the default names e.g. Caused by: java.net.UnknownHostException: elasticsearch
I'm pulling tag 3.0.2
Hello,
I am trying to build a docker image off this repo, but I keep on getting the following error.
Can you guys give me a bump in the right direction?
---> Running in 6798259d12ee
sha256sum: graylog-.tgz.sha256.txt: no properly formatted SHA256 checksum lines found
The command '/bin/sh -c sha256sum --check "graylog-${GRAYLOG_VERSION}.tgz.sha256.txt"' returned a non-zero code: 1
Multi-tenant Kubernetes services such as OpenShift do not allow containers to run as root, and as such, the Graylog image fails to run on OpenShift.
It looks like you already create the greylog user, and change the file ownership to graylog. All that would be left to do is a USER graylog
entry in the Dockerfile.
Hi,
Tring to set is_master = false for new slave node useing ENV - GRAYLOG_IS_MASTER, however graylog config still have "is_master = true" value.
Not sure why this variable does not work.
I am using latest tag for graylog docker container:
piece of yaml file for kubernetes:
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: graylog-slave
spec:
serviceName: "graylog-slave"
replicas: 1
template:
metadata:
labels:
role: graylog-slave
graylog: "true"
spec:
containers:
- name: graylog-slave
image: graylog/graylog:latest
env:
- name: GRAYLOG_IS_MASTER
value: "FALSE"
Thanks
See this link for more details:
https://docs.docker.com/compose/compose-file/#links
Warning: The --link flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use user-defined networks to facilitate communication between two containers instead of using --link. One feature that user-defined networks do not support that you can do with --link is sharing environmental variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.
The current docker-compose.yml example references this feature. Can the compose file be updated to use user-defined networks instead of links?
links:
- mongodb:mongo
- elasticsearch
Docker image with tag 2.4 contains graylog-2.4.0-beta3.
Elasticsearch says in their own documentation that the default heap size of 1 GB is likely too small. Yet in the example compose config in the README it's set even lower at 512 MB. Consider increasing to match Elasticsearch's recommendations.
https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
Right now you have to build a own docker image if you want to use plugins like prometheus...
It would be cool to have them included by default and enabled via an env variable.
Step 1/32 : FROM debian:stretch-slim as graylog-downloader
---> 49ec158b9895
Step 2/32 : ARG VCS_REF
---> Using cache
---> e000f2960cbb
Step 3/32 : ARG GRAYLOG_VERSION
---> Using cache
---> e9ede2ef3368
Step 4/32 : WORKDIR /tmp
---> Using cache
---> 4ab5b6c9217b
Step 5/32 : RUN apt-get update > /dev/null && apt-get install --assume-yes ca-certificates curl > /dev/null
---> Using cache
---> 3bf58b6046d3
Step 6/32 : RUN curl --silent --location --retry 3 --output "/tmp/graylog-${GRAYLOG_VERSION}.tgz" "http
---> Using cache
---> f9387ec8135a
Step 7/32 : RUN curl --silent --location --retry 3 --output "/tmp/graylog-${GRAYLOG_VERSION}.tgz.sha256.txt" "https://packages.graylog2.org/releases/graylog/graylog-${GRAYLOG_VERSION}.tgz.sha256.txt"
---> Using cache
---> 04e7495b7e4b
Step 8/32 : RUN sha256sum --check "graylog-${GRAYLOG_VERSION}.tgz.sha256.txt"
---> Running in 59e0ff891268
sha256sum: graylog-.tgz.sha256.txt: no properly formatted SHA256 checksum lines found
The command '/bin/sh -c sha256sum --check "graylog-${GRAYLOG_VERSION}.tgz.sha256.txt"' returned a non-zero code: 1
» Error: Deployment failed.
how can i set my graylog version please help me
The Graylog Docker image fails to start when trying to override JVM settings with the GRAYLOG_SERVER_JAVA_OPTS
environment variable.
$ docker run -it -e 'GRAYLOG_SERVER_JAVA_OPTS="-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow"' graylog/graylog:2.3.1-2
Error: Could not find or load main class "-XX:+UnlockExperimentalVMOptions
In this case, the environment variable contains the default from the Dockerfile
:
Line 45 in 4a43fe9
Might this be an issue with the default GRAYLOG_SERVER_JAVA_OPTS settings?
https://blogs.oracle.com/java-platform-group/java-se-support-for-docker-cpu-and-memory-limits
Please sign your Docker images using content trust.
Signed images allow user to verify that the images are not tampered with.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.