Run graylog as root, really?

Can you add user creation and run as user to the script? Otherwise it is great. Thanks.

There is a new update for the server released at 09/23/2014.
Update of the script is needed.

I already tried to change the lines 47 and 48 to get the latest version but the update ended with an error:

./graylog2/Upgrade_Scripts/Graylog2_Appliance_Upgrade.sh: line 67: cd: graylog2-server/: No such file or directory

Thank you :)

Making graylog2-web-interface startup on boot
Adding system startup for /etc/init.d/graylog2-web-interface ...
/etc/rc0.d/K20graylog2-web-interface -> ../init.d/graylog2-web-interface
/etc/rc1.d/K20graylog2-web-interface -> ../init.d/graylog2-web-interface
/etc/rc6.d/K20graylog2-web-interface -> ../init.d/graylog2-web-interface
/etc/rc2.d/S20graylog2-web-interface -> ../init.d/graylog2-web-interface
/etc/rc3.d/S20graylog2-web-interface -> ../init.d/graylog2-web-interface
/etc/rc4.d/S20graylog2-web-interface -> ../init.d/graylog2-web-interface
/etc/rc5.d/S20graylog2-web-interface -> ../init.d/graylog2-web-interface
Updating graylog2.conf and rsyslog.conf
$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"
./graylog2/install_graylog2_20_ubuntu.sh: line 317: unexpected EOF while looking for matching `''

Please add a step to your OVA (and maybe other) creation procedure to remove the host keys prior to creating the image. sshd should create new host keys on first boot.
As it stands, every server starts with the same host keys.

This was seen using the following image: graylog-beta-2.0.0-alpha.5-1.ova

when parsing syslog using syslog UDP configured:

expand_structured_data: true
recv_buffer_size: 16384
port: 514
override_source:
allow_override_date: true
bind_address: 0.0.0.0
store_full_message: true

if a message has 2 Structured Data elements with the same prefix like below:
<133>1 2015-07-22T14:54:24.332Z plyscreen TemplateCP 2388 0 [PS@1852 tag="Discovery"][PS@1852 type="4" catagory="1" eventId="0" PCR="20:14:30.919" PCRd="3279191366" deviceId="0" deviceType="5" processId="2388" threadId="148"] Running

PS@1852 tag="Discovery" does not create a field PS@1852_tag

if changed to ME@1852, then it does....

all the fields in the second structured data do produce fields.

Not dead urgent because I can change the first prefix.... but though i better log it.

hello after installation.

i reboot my server
and when i restart i have the error :
and i don't know how lunch graylog2, so i p uppgrade

how fix that please ?

Hi people,
I`m newbie using graylog2, I does configured 2 device (firewall) yesterday, but checking today, i can see others names in the tab Source:
Source Name Message Count
routed[7758]: 24004
xpand[7760]: 4261
syslogd: 334
monitord[7763] 214
db 72
pm[7743]: 6
bootsplash: 2
crond[11641]: 1
crond[13021]: 1
crond[30419]: 1
crond[9518]: 1
crond[19443]: 1
crond[1972]: 1

Its device (process) not was added by me, I want delete and keep only my two device in the source. How can remove its source?

Thanks!
Edson Alvarenga J.
Enginner of Security IT
Panama, City

The binary for netcat is missing on my system:

./graylog2/install_graylog2_90_ubuntu.sh: line 84: nc: command not found

Please add somewhere apt-get -y install netcat.

You might want to add that wget is required for your script to work. I know, most systems should already have it, but the LXC guest I created with ubuntu 13.04 didnt seem to have it, so I had to restart with a fresh guest and fresh install. No biggie, just wanted to give you a heads up that all systems might not have it and might be a good idea to add it to the instructions.

Thanks again for your installer script!

I installed all servers/applications from the script successfully. And I see all services are running from ps aux. But I cannot open up the web interface from browsers. Just loading > 5 mins and timed out.

Anyone has similar issue or has a solution? Appreciated!

I get an error when running install_graylog2_debian.sh
Debian 6 does not know the following packages (when using the default package sources)

openjdk-7-jre
software-properties-common

I have tried to install graylog2 into my ubuntu 12.04 instance from Linode with running install_graylog2_90_ubuntu.sh script. And having the issue:

connect to localhost port 12900 (tcp) failed: Connection refused

and unable to complete the installation.
Any help will be appreciated.

Hello there!
I'm trying to install graylog2 using this script but without a luck.

I'm on windows azure (with ubuntu 12.04) so there are all ports closed by default. Based on script content, i have opened a following ports:

• 9000
• 12900
• 10514
• 80
• 514
• 9300

And set IPADDY variable manually to my public IP (cause script was auto detecting a private IP). When running ubuntu preview install, it throws:

java.util.concurrent.ExecutionException: java.net.ConnectException: Connection refused: /127.0.0.1:12900 to http://127.0.0.1:12900/system/cluster/node
at com.ning.http.client.providers.netty.NettyResponseFuture.abort(NettyResponseFuture.java:336)
at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:107)
at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:427)
at org.jboss.netty.channel.DefaultChannelFuture.addListener(DefaultChannelFuture.java:145)
at com.ning.http.client.providers.netty.NettyAsyncHttpProvider.doConnect(NettyAsyncHttpProvider.java:1068)
at com.ning.http.client.providers.netty.NettyAsyncHttpProvider.execute(NettyAsyncHttpProvider.java:890)
at com.ning.http.client.AsyncHttpClient.executeRequest(AsyncHttpClient.java:520)
at com.ning.http.client.AsyncHttpClient$BoundRequestBuilder.execute(AsyncHttpClient.java:233)
at lib.ApiClientImpl$ApiRequestBuilder.executeOnAll(ApiClientImpl.java:436)
at lib.ServerNodesRefreshService.resolveConfiguredNodes(ServerNodesRefreshService.java:90)
at lib.ServerNodesRefreshService.access$400(ServerNodesRefreshService.java:41)
at lib.ServerNodesRefreshService$1.run(ServerNodesRefreshService.java:113)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: java.net.ConnectException: Connection refused: /127.0.0.1:12900 to http://127.0.0.1:12900/system/cluster/node
at com.ning.http.client.providers.netty.NettyConnectListener.operationComplete(NettyConnectListener.java:103)
... 18 more

Have you any idea what possibly goes wrong? I'm running a script on a clean ubuntu instalation. Thank you in advance.

install_graylog2_90_ubuntu.sh logs to ./graylog2 on lines 10 and 11.

set -e
# Setup logging
# Logs stderr and stdout to separate files.
exec 2> >(tee "./graylog2/install_graylog2.err")
exec > >(tee "./graylog2/install_graylog2.log")

But if ./graylog2/ doesn't exist, these fail quietly. Just needs a mkdir above it

Hello
your scipt worked nice but when login in i got a information.

You are running an outdated Graylog2 version. 6 minutes ago
The most recent stable Graylog2 version is 1.2.2 (Augustiner) released at 2015-10-26T18:11:40.174Z. Get it from http://www.graylog2.org/.

a apt-get dist-upgrade did not help

have a nice day
vinc

Hi Larry - thanks for your script. I've been trying to figure this out for a while with little success: if I use the Ubuntu script all is great, however if I use the CentOS script the install appears to complete succesfully but graylog2-server fails to launch on reboot. Manually launching the server then checking tail of graylog2-server.log shows me

2014-07-06 07:32:05,969 INFO : org.graylog2.Main - Graylog2 0.20.4 starting up. (JRE: Oracle >Corporation 1.7.0_55 on Linux 2.6.32$
2014-07-06 07:33:17,041 INFO : org.graylog2.plugin.system.NodeId - Node ID: d375e0eb-07ff->494e-bf51-f17ea5be758a
2014-07-06 07:34:07,254 INFO : org.graylog2.buffers.ProcessBuffer - Initialized ProcessBuffer with >ring size <1024> and wait stra$
2014-07-06 07:34:07,271 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with >ring size <1024> and wait strate$
2014-07-06 07:34:07,796 INFO : org.elasticsearch.node - [graylog2-server] version[0.90.10], >pid[6811], build[0a5781f/2014-01-10T1$
2014-07-06 07:34:07,796 INFO : org.elasticsearch.node - [graylog2-server] initializing ...
2014-07-06 07:34:07,801 INFO : org.elasticsearch.plugins - [graylog2-server] loaded [], sites []
2014-07-06 07:34:10,031 INFO : org.elasticsearch.node - [graylog2-server] initialized
2014-07-06 07:34:10,031 INFO : org.elasticsearch.node - [graylog2-server] starting ...
2014-07-06 07:34:10,092 INFO : org.elasticsearch.transport - [graylog2-server] bound_address >{inet[/0.0.0.0:9350]}, publish_addre$
2014-07-06 07:34:13,096 WARN : org.elasticsearch.discovery - [graylog2-server] waited for 3s and >no initial state was set by the $
2014-07-06 07:34:13,097 INFO : org.elasticsearch.discovery - [graylog2-server] >graylog2/BezylqSNS6O5Cek3Ffzu1Q
2014-07-06 07:34:13,097 INFO : org.elasticsearch.node - [graylog2-server] started
2014-07-06 07:34:13,172 INFO : org.elasticsearch.cluster.service - [graylog2-server] >detected_master [Silly Seal][neWyp2XsRFqzzcH$
2014-07-06 07:34:18,102 ERROR: org.graylog2.Main -

########################################################################>

ERROR: Could not successfully connect to ElasticSearch. Check that your cluster state is not RED >and that ElasticSearch is runnin$

2014-07-06 07:32:05,969 INFO : org.graylog2.Main - Graylog2 0.20.4 starting up. (JRE: Oracle >Corporation 1.7.0_55 on Linux 2.6.32$
2014-07-06 07:33:17,041 INFO : org.graylog2.plugin.system.NodeId - Node ID: d375e0eb-07ff->494e-bf51-f17ea5be758a
2014-07-06 07:34:07,254 INFO : org.graylog2.buffers.ProcessBuffer - Initialized ProcessBuffer with >ring size <1024> and wait stra$
2014-07-06 07:34:07,271 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with >ring size <1024> and wait strate$
2014-07-06 07:34:07,796 INFO : org.elasticsearch.node - [graylog2-server] version[0.90.10], >pid[6811], build[0a5781f/2014-01-10T1$
2014-07-06 07:34:07,796 INFO : org.elasticsearch.node - [graylog2-server] initializing ...
2014-07-06 07:34:07,801 INFO : org.elasticsearch.plugins - [graylog2-server] loaded [], sites []
2014-07-06 07:34:10,031 INFO : org.elasticsearch.node - [graylog2-server] initialized
2014-07-06 07:34:10,031 INFO : org.elasticsearch.node - [graylog2-server] starting ...
2014-07-06 07:34:10,092 INFO : org.elasticsearch.transport - [graylog2-server] bound_address >{inet[/0.0.0.0:9350]}, publish_addre$
2014-07-06 07:34:13,096 WARN : org.elasticsearch.discovery - [graylog2-server] waited for 3s and >no initial state was set by the $
2014-07-06 07:34:13,097 INFO : org.elasticsearch.discovery - [graylog2-server] >graylog2/BezylqSNS6O5Cek3Ffzu1Q
2014-07-06 07:34:13,097 INFO : org.elasticsearch.node - [graylog2-server] started
2014-07-06 07:34:13,172 INFO : org.elasticsearch.cluster.service - [graylog2-server] >detected_master [Silly Seal][neWyp2XsRFqzzcH$
2014-07-06 07:34:18,102 ERROR: org.graylog2.Main -

########################################################################>

ERROR: Could not successfully connect to ElasticSearch. Check that your cluster state is not RED >and that ElasticSearch is runnin$

Elasticsearch, mongod and graylog2-web-interface are running fine, so I'm thinking that this may be down to communication between graylog2-server and elasticsearch

This in mind I took a look at /etc/graylog2.conf and noticed that the line

elasticsearch_cluster_name = graylog2

was previously commented out - I've removed this comment after double checking the cluster name in /etc/elasticsearch/elasticsearch.yml and I now get a different error (though the same ultimate result - graylog2-server fails to start)

2014-07-06 07:47:57,274 INFO : org.graylog2.Main - Graylog2 0.20.4 starting up. (JRE: Oracle >Corporation 1.7.0_55 on Linux 2.6.32$
2014-07-06 07:47:57,382 INFO : org.graylog2.plugin.system.NodeId - Node ID: d375e0eb-07ff->494e-bf51-f17ea5be758a
2014-07-06 07:47:57,687 WARN : com.mongodb.tcp - Exception executing isMaster command on >/127.0.0.1:27017
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.mongodb.DBPort._open(DBPort.java:223)
at com.mongodb.DBPort.go(DBPort.java:125)
at com.mongodb.DBPort.go(DBPort.java:106)
at com.mongodb.DBPort.findOne(DBPort.java:162)
at com.mongodb.DBPort.runCommand(DBPort.java:170)
at com.mongodb.DBTCPConnector.initDirectConnection(DBTCPConnector.java:533)
at com.mongodb.DBTCPConnector.isMongosConnection(DBTCPConnector.java:334)
at com.mongodb.Mongo.isMongosConnection(Mongo.java:618)
at com.mongodb.DBCursor._check(DBCursor.java:364)
at com.mongodb.DBCursor._hasNext(DBCursor.java:459)
at com.mongodb.DBCursor.hasNext(DBCursor.java:484)
at org.graylog2.database.Persisted.cursorToList(Persisted.java:106)
at org.graylog2.database.Persisted.query(Persisted.java:78)
at org.graylog2.dashboards.Dashboard.all(Dashboard.java:86)
at org.graylog2.dashboards.DashboardRegistry.loadPersisted(DashboardRegistry.java:43)
at org.graylog2.Core.initialize(Core.java:226)
at org.graylog2.Main.main(Main.java:180)
2014-07-06 07:47:57,690 WARN : com.mongodb.tcp - Exception executing isMaster command on >/127.0.0.1:27017
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.mongodb.DBPort._open(DBPort.java:223)
at com.mongodb.DBPort.go(DBPort.java:125)
at com.mongodb.DBPort.go(DBPort.java:106)
at com.mongodb.DBPort.findOne(DBPort.java:162)
at com.mongodb.DBPort.runCommand(DBPort.java:170)
at com.mongodb.DBTCPConnector.initDirectConnection(DBTCPConnector.java:533)
at com.mongodb.DBTCPConnector.checkMaster(DBTCPConnector.java:512)
at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:236)
2014-07-06 07:47:57,274 INFO : org.graylog2.Main - Graylog2 0.20.4 starting up. (JRE: Oracle >Corporation 1.7.0_55 on Linux 2.6.32$
2014-07-06 07:47:57,382 INFO : org.graylog2.plugin.system.NodeId - Node ID: d375e0eb-07ff->494e-bf51-f17ea5be758a
2014-07-06 07:47:57,687 WARN : com.mongodb.tcp - Exception executing isMaster command on >/127.0.0.1:27017
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.mongodb.DBPort._open(DBPort.java:223)
at com.mongodb.DBPort.go(DBPort.java:125)
at com.mongodb.DBPort.go(DBPort.java:106)
at com.mongodb.DBPort.findOne(DBPort.java:162)
at com.mongodb.DBPort.runCommand(DBPort.java:170)
at com.mongodb.DBTCPConnector.initDirectConnection(DBTCPConnector.java:533)
at com.mongodb.DBTCPConnector.isMongosConnection(DBTCPConnector.java:334)
at com.mongodb.Mongo.isMongosConnection(Mongo.java:618)
at com.mongodb.DBCursor._check(DBCursor.java:364)
at com.mongodb.DBCursor._hasNext(DBCursor.java:459)
at com.mongodb.DBCursor.hasNext(DBCursor.java:484)
at org.graylog2.database.Persisted.cursorToList(Persisted.java:106)
at org.graylog2.database.Persisted.query(Persisted.java:78)
at org.graylog2.dashboards.Dashboard.all(Dashboard.java:86)
at org.graylog2.dashboards.DashboardRegistry.loadPersisted(DashboardRegistry.java:43)
at org.graylog2.Core.initialize(Core.java:226)
at org.graylog2.Main.main(Main.java:180)
2014-07-06 07:47:57,690 WARN : com.mongodb.tcp - Exception executing isMaster command on >/127.0.0.1:27017
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.mongodb.DBPort._open(DBPort.java:223)
at com.mongodb.DBPort.go(DBPort.java:125)
at com.mongodb.DBPort.go(DBPort.java:106)
at com.mongodb.DBPort.findOne(DBPort.java:162)
at com.mongodb.DBPort.runCommand(DBPort.java:170)
at com.mongodb.DBTCPConnector.initDirectConnection(DBTCPConnector.java:533)
at com.mongodb.DBTCPConnector.checkMaster(DBTCPConnector.java:512)
at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:236)
at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:216)
at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:288)
at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:273)
at com.mongodb.DBCursor._check(DBCursor.java:368)
at com.mongodb.DBCursor._hasNext(DBCursor.java:459)
at com.mongodb.DBCursor.hasNext(DBCursor.java:484)
at org.graylog2.database.Persisted.cursorToList(Persisted.java:106)
at org.graylog2.database.Persisted.query(Persisted.java:78)
at org.graylog2.dashboards.Dashboard.all(Dashboard.java:86)
at org.graylog2.dashboards.DashboardRegistry.loadPersisted(DashboardRegistry.java:43)
at org.graylog2.Core.initialize(Core.java:226)
at org.graylog2.Main.main(Main.java:180)
2014-07-06 07:47:57,714 WARN : com.mongodb - emptying DBPortPool to /127.0.0.1:27017 b/c of >error
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.mongodb.DBPort._open(DBPort.java:223)
at com.mongodb.DBPort.go(DBPort.java:125)
at com.mongodb.DBPort.call(DBPort.java:92)
at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:244)
at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:216)
at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:288)
at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:273)
at com.mongodb.DBCursor._check(DBCursor.java:368)
at com.mongodb.DBCursor._hasNext(DBCursor.java:459)
at com.mongodb.DBCursor.hasNext(DBCursor.java:484)
at org.graylog2.database.Persisted.cursorToList(Persisted.java:106)
at org.graylog2.database.Persisted.query(Persisted.java:78)
at org.graylog2.dashboards.Dashboard.all(Dashboard.java:86)
at org.graylog2.dashboards.DashboardRegistry.loadPersisted(DashboardRegistry.java:43)
at org.graylog2.Core.initialize(Core.java:226)
at org.graylog2.Main.main(Main.java:180)
Exception in thread "main" com.mongodb.MongoException$Network: Read operation to server >/127.0.0.1:27017 failed on database grayl$
at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:253)
at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:216)
at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:288)
at com.mongodb.DBApiLayer$MyCollection.__find(DBApiLayer.java:273)
at com.mongodb.DBCursor._check(DBCursor.java:368)
at com.mongodb.DBCursor._hasNext(DBCursor.java:459)
at com.mongodb.DBCursor.hasNext(DBCursor.java:484)
at org.graylog2.database.Persisted.cursorToList(Persisted.java:106)
at org.graylog2.database.Persisted.query(Persisted.java:78)
at org.graylog2.dashboards.Dashboard.all(Dashboard.java:86)
at org.graylog2.dashboards.DashboardRegistry.loadPersisted(DashboardRegistry.java:43)
at org.graylog2.Core.initialize(Core.java:226)
at org.graylog2.Main.main(Main.java:180)
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at com.mongodb.DBPort._open(DBPort.java:223)
at com.mongodb.DBPort.go(DBPort.java:125)
at com.mongodb.DBPort.call(DBPort.java:92)
at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:244)
... 12 more

You'll probably notice that I'm running 0.20.4 - I was seeing the exact same errors with 0.20.3, but thought it worth editing the script (literally just changing the version numbers pulled from the Graylog repo) and seeing if the issue was there in the latest version.

Working from the above errors I saw that you'd found issues with the service only listening on IPv6 interfaces, so I amended

$NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >>
${LOG_FILE} &

to read

$NOHUP java -Djava.net.preferIPv4Stack=true -jar ${GRAYLOG2_SERVER_JAR} -f >${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &

Restarted the server however still no dice.

2014-07-06 08:18:01,734 INFO : org.graylog2.Main - Graylog2 0.20.4 starting up. (JRE: Oracle >Corporation 1.7.0_55 on Linux 2.6.32$
2014-07-06 08:18:01,773 INFO : org.graylog2.plugin.system.NodeId - Node ID: d375e0eb-07ff->494e-bf51-f17ea5be758a
2014-07-06 08:18:01,882 INFO : org.graylog2.buffers.ProcessBuffer - Initialized ProcessBuffer with >ring size <1024> and wait stra$
2014-07-06 08:18:01,892 INFO : org.graylog2.buffers.OutputBuffer - Initialized OutputBuffer with >ring size <1024> and wait strate$
2014-07-06 08:18:02,238 INFO : org.elasticsearch.node - [graylog2-server] version[0.90.10], >pid[1934], build[0a5781f/2014-01-10T1$
2014-07-06 08:18:02,238 INFO : org.elasticsearch.node - [graylog2-server] initializing ...
2014-07-06 08:18:02,242 INFO : org.elasticsearch.plugins - [graylog2-server] loaded [], sites []
2014-07-06 08:18:03,539 INFO : org.elasticsearch.node - [graylog2-server] initialized
2014-07-06 08:18:03,539 INFO : org.elasticsearch.node - [graylog2-server] starting ...
2014-07-06 08:18:03,592 INFO : org.elasticsearch.transport - [graylog2-server] bound_address
{inet[/0.0.0.0:9350]}, publish_addre$
2014-07-06 08:18:06,596 WARN : org.elasticsearch.discovery - [graylog2-server] waited for 3s and >no initial state was set by the $
2014-07-06 08:18:06,596 INFO : org.elasticsearch.discovery - [graylog2-server] >graylog2/t0e4EtU6Rgm0alBJQMWW0A
2014-07-06 08:18:06,597 INFO : org.elasticsearch.node - [graylog2-server] started
2014-07-06 08:18:06,651 INFO : org.elasticsearch.cluster.service - [graylog2-server] >detected_master [Comet][o1vDp6i1RCaZjdHyS5Jx$
2014-07-06 08:18:11,602 ERROR: org.graylog2.Main -

########################################################################>

ERROR: Could not successfully connect to ElasticSearch. Check that your cluster state is not RED >and that ElasticSearch is runnin$

Need help?

• Official documentation: http://support.torch.sh/help/kb
• Mailing list: http://support.torch.sh/help/kb/general/forums-mailing-list
• Issue tracker: http://support.torch.sh/help/kb/general/issue-trackers
• Commercial support: http://www.torch.sh/

But we also got some specific help pages that might help you in this case:

• http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2->v0200

Terminating. :(

########################################################################>

As I say, this is purely with the CentOS script: Ubuntu script is working like a dream, but I need to be running on CentOS I'm afraid. Any ideas?

When I am trying to send a test email from graylog2 stream manage alert option , getting the below error

Error! ×Unable to send dummy alert, check server log for details: API call failed GET http://@127.0.0.1:12900/streams/53cca74084aefa1a7846c480/alerts/sendDummyAlert returned 500 Internal Server Error body: Sending the email to the following server failed : 127.0.0.1:25

I can able to send test mail from the server using mailx

Version: graylog2-server-0.20.3

I have installed elastic search elasticsearch-0.20.6 , mongodb , graylog2-server-0.12.0 and graylog2-web-interface-0.20.3 .java version "1.7.0_51"

When am trying to access Graylog2 interface am getting the below error

No Graylog2 servers available. Cannot log in

"The web interface was unable to connect to any Graylog2 node in the cluster so far.
Please check that the configured nodes shown on the left hand side are correct and that the servers are reachable. "

I used AMI ami-75c9641e and followed the steps given on http://docs.graylog.org/en/latest/pages/installation/aws.html.
However I keep getting the error and this application is not useful to me.

Hi,

I a new to Graylog and trying to learn it.
I have installed the Appliances version with the instruction given in the web site.

I have deployed the appliances in VM-Ware work station for my tests.
8GB Ram
20GB HD
2 CPU

When accessing the web interface I get connection refused error from the browser.
Are there any settings to be done in the VM?
Where can I find some logs to help be troubleshoot the issue.

Thanks for the help
Y

I'm trying to get GrayLog2 installed by running your installation scripts, but it breaks at this message "WARNING: Elasticsearch may have failed to start."

I'm using windows azure VM running clean Ubuntu server 12.04 LTS. I tried both small (1 core, 1.75GB memory) and large (4 cores, 7GB memory). Size of the main disk is 30GB.

Do you have any suggestions on how to pass this issue?

Thank you

Any chance this could be adapted for the v0.20.0 series of releases?

First off, thanks for writing this script!

I'm on a fresh install of Ubuntu 14.04 and trying to install via your script and at the very end, the message "nc: connect to localhost port 12900 (tcp) failed: Connection refused" begins to appear and continues repeating.

Any ideas what this could be?

Thanks again,
Chris

Line 92-94 have sudo. Command not found in Debian

I have graylog2 server installed with the below open software's . Please guide me how to redirect application logs to the server .

Elasticsearch from script is .90.10
graylog2-server from script is 0.20.3
graylog2-web-interface from script is 0.20.3
Java
Mongo DB
.

All i can find is the yum repository downloads which then reach out to get the other software or I can download source code. Where are the linux noarch RPMs ? please create the ones we need for graylog server and web interface for at least version 2.2 or 2.1.2 for us.

hello,

when searching in a graylog 0.20.2 i have the below error

Oh no, something went wrong!

(You caused a lib.APIException. API call failed GET http://@127.0.0.1:12900/search/universal/relative/histogram?interval=minute&query=source:localhost&range=300&range_type=relative&filter=* returned 500 Internal Server Error body: Failed to execute phase [query_fetch], all shards failed; shardFailures {[9nzgOSw-RNu_egcrbUoliw][graylog2_0][0]: RemoteTransportException[[Taurus][inet[/172.21.192.159:9300]][search/phase/query+fetch]]; nested: SearchParseException[[graylog2_0][0]: query[source:localhost],from[-1],size[-1]: Parse Failure [Failed to parse source [{"query":{"query_string":{"query":"source:localhost","allow_leading_wildcard":false}},"facets":{"histogram":{"date_histogram":{"field":"timestamp","interval":"minute"},"facet_filter":{"bool":{"must":{"range":{"timestamp":{"from":"2014-06-02 17:56:25.828","to":"2014-06-02 18:01:25.828","include_lower":true,"include_upper":true}}}}}}}}]]]; nested: ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData]; } org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to execute phase [query_fetch], all shards failed; shardFailures {[9nzgOSw-RNu_egcrbUoliw][graylog2_0][0]: RemoteTransportException[[Taurus][inet[/172.21.192.159:9300]][search/phase/query+fetch]]; nested: SearchParseException[[graylog2_0][0]: query[source:localhost],from[-1],size[-1]: Parse Failure [Failed to parse source [{"query":{"query_string":{"query":"source:localhost","allow_leading_wildcard":false}},"facets":{"histogram":{"date_histogram":{"field":"timestamp","interval":"minute"},"facet_filter":{"bool":{"must":{"range":{"timestamp":{"from":"2014-06-02 17:56:25.828","to":"2014-06-02 18:01:25.828","include_lower":true,"include_upper":true}}}}}}}}]]]; nested: ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData]; } at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:272) at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$3.onFailure(TransportSearchTypeAction.java:224) at org.elasticsearch.search.action.SearchServiceTransportAction$7.handleException(SearchServiceTransportAction.java:324) at org.elasticsearch.transport.netty.MessageChannelHandler.handleException(MessageChannelHandler.java:181) at org.elasticsearch.transport.netty.MessageChannelHandler.handlerResponseError(MessageChannelHandler.java:171) at org.elasticsearch.transport.netty.MessageChannelHandler.messageReceived(MessageChannelHandler.java:123) at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791) at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:296) at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462) at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443) at org.elasticsearch.common.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) at org.elasticsearch.common.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) at org.elasticsearch.common.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:268) at org.elasticsearch.common.netty.channel.Channels.fireMessageReceived(Channels.java:255) at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) at org.elasticsearch.common.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) at org.elasticsearch.common.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) at org.elasticsearch.common.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) at org.elasticsearch.common.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) )

Reason: There was a problem with your search. We expected HTTP 200, but got a HTTP 500.