[graylog2] Re: New to graylog Issue to login after server.conf change

Guillaume Migaszewski Tue, 02 Aug 2016 07:29:06 -0700

Dear Jochen , 

Attached my server.conf.



Also some additional  curl output 

 curl -v -XPOST 10.1.0.215:9000/system/sessions
* About to connect() to 10.1.0.215 port 9000 (#0)
*   Trying 10.1.0.215... connected
* Connected to 10.1.0.215 (10.1.0.215) port 9000 (#0)
> POST /system/sessions HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 
NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 10.1.0.215:9000
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Allow: GET,OPTIONS
< X-Graylog-Node-ID: 5416caad-4269-4f9b-ad0f-1beb73770838
< Vary: Accept-Encoding
< Content-Type: application/json
< Date: Tue, 02 Aug 2016 14:27:43 GMT
< Content-Length: 59
<
* Connection #0 to host 10.1.0.215 left intact
* Closing connection #0
{"type":"ApiError","message":"HTTP 405 Method Not Allowed"}[



Guillaume.


On Tuesday, August 2, 2016 at 2:57:13 PM UTC+2, Jochen Schalanda wrote:
>
> Hi Guillaume,
>
> please post your complete Graylog configuration file or be more explicit 
> about how the relevant settings (rest_* and web_*) are configured right 
> now.
>
> Also check the Developer Console of your web browser for error messages 
> and post them here.
>
> Cheers,
> Jochen
>
> On Tuesday, 2 August 2016 14:30:29 UTC+2, Guillaume Migaszewski wrote:
>>
>> Dear Graylog users, 
>>
>> I have done an rpm install of Graylog . At first I was not able to login 
>> from any other machine than localhost .As a result , with your assistance , 
>> I have changed following settings  server.conf 
>>
>> rest_listen_uri = http://127.0.0.1:12900/
>> rest_listen_uri = http://10.1.0.215:12900/    (10.1.0.215 my server ip)
>>
>> web_listen_uri = http://127.0.0.1:9000/
>> web_listen_uri = http://10.1.0.215:9000/
>>
>>
>> As a result  I can reach login screen from any workstation. But after 
>> sending my credentials I have following error message : 
>>
>> Error - the server returned: 405 - cannot POST /system/sessions (405)
>>
>>
>> All resources I have found are speaking about reverse proxy or ssl use 
>> but I have none of it . 
>>
>> It has been a while I did not have such a hard time to install an 
>> application on Linux. ;) .But I will not give up.
>>
>> Thanks for your help.
>>
>> Guillaume.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8b277a0b-e32a-466c-916e-56e02430f0d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

# If you are running more than one instances of Graylog server you have to
select one of these
# instances as master. The master will perform some periodical tasks that
non-masters won't perform.
is_master = true

# The auto-generated node ID will be stored in this file and read after
restarts. It is a good idea
# to use an absolute file path here if you are starting Graylog server from
init scripts or similar.
node_id_file = /etc/graylog/server/node-id

# You MUST set a secret to secure/pepper the stored user passwords here. Use at
least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret = removed

# The default root user is named 'admin'
#root_username = admin

# You MUST specify a hash password for the root user (which you only need to
initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If
you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = removed

# The email address of the root user.
# Default is empty
#root_email = ""

# The time zone setting of the root user. See
http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
# Default is UTC
#root_timezone = UTC

# Set plugin directory here (relative or absolute)
plugin_dir = /usr/share/graylog-server/plugin

# REST API listen URI. Must be reachable by other Graylog server nodes if you
run a cluster.
# When using Graylog Collectors, this URI will be used to receive heartbeat
messages and must be accessible for all collectors.
rest_listen_uri = http://10.1.0.215:12900/

# REST API transport address. Defaults to the value of rest_listen_uri.
Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system
address is used.
# If set, this will be promoted in the cluster discovery APIs, so other nodes
may try to connect on
# this address and it is used to generate URLs addressing entities in the REST
API. (see rest_listen_uri)
# You will need to define this, if your Graylog server is running behind a HTTP
proxy that is rewriting
# the scheme, host name or URI.
# This must not contain a wildcard address (0.0.0.0).
#rest_transport_uri = http://10.1.0.215:12900/

# Enable CORS headers for REST API. This is necessary for JS-clients accessing
the server directly.
# If these are disabled, modern browsers will not be able to retrieve resources
from the server.
# This is enabled by default. Uncomment the next line to disable it.
#rest_enable_cors = false

# Enable GZIP support for REST API. This compresses API responses and therefore
helps to reduce
# overall round trip times. This is disabled by default. Uncomment the next
line to enable it.
#rest_enable_gzip = true

# Enable HTTPS support for the REST API. This secures the communication with
the REST API with
# TLS to prevent request forgery and eavesdropping. This is disabled by
default. Uncomment the
# next line to enable it.
#rest_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the REST
API.
#rest_tls_cert_file = /path/to/graylog.crt

# The PKCS#8 private key file in PEM format to use for securing the REST API.
#rest_tls_key_file = /path/to/graylog.key

# The password to unlock the private key used for securing the REST API.
#rest_tls_key_password = secret

# The maximum size of the HTTP request headers in bytes.
#rest_max_header_size = 8192

# The maximal length of the initial HTTP/1.1 line in bytes.
#rest_max_initial_line_length = 4096

# The size of the thread pool used exclusively for serving the REST API.
#rest_thread_pool_size = 16

# Enable the embedded Graylog web interface.
# Default: true
#web_enable = false

# Web interface listen URI. It must not contain a path other than "/".
web_listen_uri = http://10.1.0.215:9000/

# Web interface endpoint URI. This setting can be overriden on a per-request
basis with the X-Graylog-Server-URL header.
# Default: $rest_transport_uri
web_endpoint_uri =

# Enable CORS headers for the web interface. This is necessary for JS-clients
accessing the server directly.
# If these are disabled, modern browsers will not be able to retrieve resources
from the server.
#web_enable_cors = false

# Enable/disable GZIP support for the web interface. This compresses HTTP
responses and therefore helps to reduce
# overall round trip times. This is enabled by default. Uncomment the next line
to disable it.
#web_enable_gzip = false

# Enable HTTPS support for the web interface. This secures the communication of
the web browser with the web interface
# using TLS to prevent request forgery and eavesdropping.
# This is disabled by default. Uncomment the next line to enable it and see the
other related configuration settings.
#web_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the web
interface.
#web_tls_cert_file = /path/to/graylog-web.crt

# The PKCS#8 private key file in PEM format to use for securing the web
interface.
#web_tls_key_file = /path/to/graylog-web.key

# The password to unlock the private key used for securing the web interface.
#web_tls_key_password = secret

# The maximum size of the HTTP request headers in bytes.
#web_max_header_size = 8192

# The maximal length of the initial HTTP/1.1 line in bytes.
#web_max_initial_line_length = 4096

# The size of the thread pool used exclusively for serving the web interface.
#web_thread_pool_size = 16

# Configuration file for the embedded Elasticsearch instance in Graylog.
# Pay attention to the working directory of the server, maybe use an absolute
path here.
# Default: empty
#elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml

# Graylog will use multiple indices to store documents in. You can configured
the strategy it uses to determine
# when to rotate the currently active write index.
# It supports multiple rotation strategies:
# - "count" of messages per index, use elasticsearch_max_docs_per_index below
to configure
# - "size" per index, use elasticsearch_max_size_per_index below to configure
# valid values are "count", "size" and "time", default is "count"
#
# ATTENTION: These settings have been moved to the database in 2.0. When you
upgrade, make sure to set these
# to your previous 1.x settings so they will be migrated to the
database!
rotation_strategy = count

# (Approximate) maximum number of documents in an Elasticsearch index before a
new index
# is being created, also see no_retention and
elasticsearch_max_number_of_indices.
# Configure this if you used 'rotation_strategy = count' above.
#
# ATTENTION: These settings have been moved to the database in 2.0. When you
upgrade, make sure to set these
# to your previous 1.x settings so they will be migrated to the
database!
elasticsearch_max_docs_per_index = 20000000

# (Approximate) maximum size in bytes per Elasticsearch index on disk before a
new index is being created, also see
# no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
# Configure this if you used 'rotation_strategy = size' above.
#
# ATTENTION: These settings have been moved to the database in 2.0. When you
upgrade, make sure to set these
# to your previous 1.x settings so they will be migrated to the
database!
#elasticsearch_max_size_per_index = 1073741824

# (Approximate) maximum time before a new Elasticsearch index is being created,
also see
# no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
# Configure this if you used 'rotation_strategy = time' above.
# Please note that this rotation period does not look at the time specified in
the received messages, but is
# using the real clock value to decide when to rotate the index!
# Specify the time using a duration and a suffix indicating which unit you want:
# 1w = 1 week
# 1d = 1 day
# 12h = 12 hours
# Permitted suffixes are: d for day, h for hour, m for minute, s for second.
#
# ATTENTION: These settings have been moved to the database in 2.0. When you
upgrade, make sure to set these
# to your previous 1.x settings so they will be migrated to the
database!
#elasticsearch_max_time_per_index = 1d

# Disable checking the version of Elasticsearch for being compatible with this
Graylog release.
# WARNING: Using Graylog with unsupported and untested versions of
Elasticsearch may lead to data loss!
#elasticsearch_disable_version_check = true

# Disable message retention on this node, i. e. disable Elasticsearch index
rotation.
#no_retention = false

# How many indices do you want to keep?
#
# ATTENTION: These settings have been moved to the database in 2.0. When you
upgrade, make sure to set these
# to your previous 1.x settings so they will be migrated to the
database!
elasticsearch_max_number_of_indices = 20

# Decide what happens with the oldest indices when the maximum number of
indices is reached.
# The following strategies are availble:
# - delete # Deletes the index completely (Default)
# - close # Closes the index and hides it from the system. Can be re-opened
later.
#
# ATTENTION: These settings have been moved to the database in 2.0. When you
upgrade, make sure to set these
# to your previous 1.x settings so they will be migrated to the
database!
retention_strategy = delete

# How many Elasticsearch shards and replicas should be used per index? Note
that this only applies to newly created indices.
elasticsearch_shards = 4
elasticsearch_replicas = 0

# Prefix for all Elasticsearch indices and index aliases managed by Graylog.
elasticsearch_index_prefix = graylog

# Name of the Elasticsearch index template used by Graylog to apply the
mandatory index mapping.
# # Default: graylog-internal
#elasticsearch_template_name = graylog-internal

# Do you want to allow searches with leading wildcards? This can be extremely
resource hungry and should only
# be enabled with care. See also:
https://www.graylog.org/documentation/general/queries/
allow_leading_wildcard_searches = false

# Do you want to allow searches to be highlighted? Depending on the size of
your messages this can be memory hungry and
# should only be enabled after making sure your Elasticsearch cluster has
enough memory.
allow_highlighting = false

# settings to be passed to elasticsearch's client (overriding those in the
provided elasticsearch_config_file)
# all these
# this must be the same as for your Elasticsearch cluster
#elasticsearch_cluster_name = graylog

# The prefix being used to generate the Elasticsearch node name which makes it
easier to identify the specific Graylog
# server running the embedded Elasticsearch instance. The node name will be
constructed by concatenating this prefix
# and the Graylog node ID (see node_id_file), for example
"graylog-17052010-1234-5678-abcd-1337cafebabe".
# Default: graylog-
#elasticsearch_node_name_prefix = graylog-

# A comma-separated list of Elasticsearch nodes which Graylog is using to
connect to the Elasticsearch cluster,
# see
https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-discovery-zen.html
for details.
# Default: 127.0.0.1
#elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300, 127.0.0.2:9500

# we don't want the Graylog server to store any data, or be master node
#elasticsearch_node_master = false
#elasticsearch_node_data = false

# use a different port if you run multiple Elasticsearch nodes on one machine
#elasticsearch_transport_tcp_port = 9350

# we don't need to run the embedded HTTP server here
#elasticsearch_http_enabled = false

# Enable Elasticsearch multicast discovery. This requires the installation of
an Elasticsearch plugin,
# see
https://www.elastic.co/guide/en/elasticsearch/plugins/2.3/discovery-multicast.html
for details.
# Default: false
#elasticsearch_discovery_zen_ping_multicast_enabled = false

# Change the following setting if you are running into problems with timeouts
during Elasticsearch cluster discovery.
# The setting is specified in milliseconds, the default is 5000ms (5 seconds).
#elasticsearch_cluster_discovery_timeout = 5000

# the following settings allow to change the bind addresses for the
Elasticsearch client in Graylog
# these settings are empty by default, letting Elasticsearch choose
automatically,
# override them here or in the 'elasticsearch_config_file' if you need to bind
to a special address
# refer to
http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-network.html
# for special values here
#elasticsearch_network_host =
#elasticsearch_network_bind_host =
#elasticsearch_network_publish_host =

# The total amount of time discovery will look for other Elasticsearch nodes in
the cluster
# before giving up and declaring the current node master.
#elasticsearch_discovery_initial_state_timeout = 3s

# Analyzer (tokenizer) to use for message and full_message field. The
"standard" filter usually is a good idea.
# All supported analyzers are: standard, simple, whitespace, stop, keyword,
pattern, language, snowball, custom
# Elasticsearch documentation:
http://www.elasticsearch.org/guide/reference/index-modules/analysis/
# Note that this setting only takes effect on newly created indices.
elasticsearch_analyzer = standard

# Global request timeout for Elasticsearch requests (e. g. during search, index
creation, or index time-range
# calculations) based on a best-effort to restrict the runtime of Elasticsearch
operations.
# Default: 1m
#elasticsearch_request_timeout = 1m

# Time interval for index range information cleanups. This setting defines how
often stale index range information
# is being purged from the database.
# Default: 1h
#index_ranges_cleanup_interval = 1h

# Batch size for the Elasticsearch output. This is the maximum (!) number of
messages the Elasticsearch output
# module will get at once and write to Elasticsearch in a batch call. If the
configured batch size has not been
# reached within output_flush_interval seconds, everything that is available
will be flushed at once. Remember
# that every outputbuffer processor manages its own batch and performs its own
batch write calls.
# ("outputbuffer_processors" variable)
output_batch_size = 500

# Flush interval (in seconds) for the Elasticsearch output. This is the maximum
amount of time between two
# batches of messages written to Elasticsearch. It is only effective at all if
your minimum number of messages
# for this time period is less than output_batch_size * outputbuffer_processors.
output_flush_interval = 1

# As stream outputs are loaded only on demand, an output which is failing to
initialize will be tried over and
# over again. To prevent this, the following configuration options define after
how many faults an output will
# not be tried again for an also configurable amount of seconds.
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30

# The number of parallel running processors.
# Raise this number if your buffers are filling up.
processbuffer_processors = 5
outputbuffer_processors = 3

#outputbuffer_processor_keep_alive_time = 5000
#outputbuffer_processor_threads_core_pool_size = 3
#outputbuffer_processor_threads_max_pool_size = 30

# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
#udp_recvbuffer_sizes = 1048576

# Wait strategy describing how buffer processors wait on a cursor sequence.
(default: sleeping)
# Possible types:
# - yielding
# Compromise between performance and CPU usage.
# - sleeping
# Compromise between performance and CPU usage. Latency spikes can occur
after quiet periods.
# - blocking
# High throughput, low latency, higher CPU usage.
# - busy_spinning
# Avoids syscalls which could introduce latency jitter. Best when threads
can be bound to specific CPU cores.
processor_wait_strategy = blocking

# Size of internal ring buffers. Raise this if raising outputbuffer_processors
does not help anymore.
# For optimum performance your LogMessage objects in the ring buffer should fit
in your CPU L3 cache.
# Must be a power of 2. (512, 1024, 2048, ...)
ring_size = 65536

inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking

# Enable the disk based message journal.
message_journal_enabled = true

# The directory which will be used to store the message journal. The directory
must me exclusively used by Graylog and
# must not contain any other files than the ones created by Graylog itself.
message_journal_dir = /var/lib/graylog-server/journal

# Journal hold messages before they could be written to Elasticsearch.
# For a maximum of 12 hours or 5 GB whichever happens first.
# During normal operation the journal will be smaller.
#message_journal_max_age = 12h
#message_journal_max_size = 5gb

#message_journal_flush_age = 1m
#message_journal_flush_interval = 1000000
#message_journal_segment_age = 1h
#message_journal_segment_size = 100mb

# Number of threads used exclusively for dispatching internal events. Default
is 2.
#async_eventbus_processors = 2

# How many seconds to wait between marking node as DEAD for possible load
balancers and starting the actual
# shutdown process. Set to 0 if you have no status checking load balancers in
front.
lb_recognition_period_seconds = 3

# Every message is matched against the configured streams and it can happen
that a stream contains rules which
# take an unusual amount of time to run, for example if its using regular
expressions that perform excessive backtracking.
# This will impact the processing of the entire server. To keep such
misbehaving stream rules from impacting other
# streams, Graylog limits the execution time for each stream.
# The default values are noted below, the timeout is in milliseconds.
# If the stream matching for one stream took longer than the timeout value, and
this happened more than "max_faults" times
# that stream is disabled and a notification is shown in the web interface.
#stream_processing_timeout = 2000
#stream_processing_max_faults = 3

# Length of the interval in seconds in which the alert conditions for all
streams should be checked
# and alarms are being sent.
#alert_check_interval = 60

# Since 0.21 the Graylog server supports pluggable output modules. This means a
single message can be written to multiple
# outputs. The next setting defines the timeout for a single output module,
including the default output module where all
# messages end up.
#
# Time in milliseconds to wait for all message outputs to finish writing a
single message.
#output_module_timeout = 10000

# Time in milliseconds after which a detected stale master node is being
rechecked on startup.
#stale_master_timeout = 2000

# Time in milliseconds which Graylog is waiting for all threads to stop on
shutdown.
#shutdown_timeout = 30000

# MongoDB connection string
# See http://docs.mongodb.org/manual/reference/connection-string/ for details
mongodb_uri = mongodb://localhost/graylog

# Authenticate against the MongoDB server
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog

# Use a replica set instead of a single host
#mongodb_uri =
mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog

# Increase this value according to the maximum connections your MongoDB server
can handle from a single client
# if you encounter MongoDB connection problems.
mongodb_max_connections = 1000

# Number of threads allowed to be blocked by MongoDB connections multiplier.
Default: 5
# If mongodb_max_connections is 100, and
mongodb_threads_allowed_to_block_multiplier is 5,
# then 500 threads can block. More than that and an exception will be thrown.
#
http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
mongodb_threads_allowed_to_block_multiplier = 5

# Drools Rule File (Use to rewrite incoming log messages)
# See: https://www.graylog.org/documentation/general/rewriting/
#rules_file = /etc/graylog/server/rules.drl

# Email transport
#transport_email_enabled = false
#transport_email_hostname = mail.example.com
#transport_email_port = 587
#transport_email_use_auth = true
#transport_email_use_tls = true
#transport_email_use_ssl = true
#transport_email_auth_username = [email protected]
#transport_email_auth_password = secret
#transport_email_subject_prefix = [graylog]
#transport_email_from_email = [email protected]

# Specify and uncomment this if you want to include links to the stream in your
stream alert mails.
# This should define the fully qualified base url to your web interface exactly
the same way as it is accessed by your users.
#transport_email_web_interface_url = https://graylog.example.com

# The default connect timeout for outgoing HTTP connections.
# Values must be a positive duration (and between 1 and 2147483647 when
converted to milliseconds).
# Default: 5s
#http_connect_timeout = 5s

# The default read timeout for outgoing HTTP connections.
# Values must be a positive duration (and between 1 and 2147483647 when
converted to milliseconds).
# Default: 10s
#http_read_timeout = 10s

# The default write timeout for outgoing HTTP connections.
# Values must be a positive duration (and between 1 and 2147483647 when
converted to milliseconds).
# Default: 10s
#http_write_timeout = 10s

# HTTP proxy for outgoing HTTP connections
#http_proxy_uri =

# Disable the optimization of Elasticsearch indices after index cycling. This
may take some load from Elasticsearch
# on heavily used systems with large indices, but it will decrease search
performance. The default is to optimize
# cycled indices.
#disable_index_optimization = true

# Optimize the index down to <= index_optimization_max_num_segments. A higher
number may take some load from Elasticsearch
# on heavily used systems with large indices, but it will decrease search
performance. The default is 1.
#index_optimization_max_num_segments = 1

# The threshold of the garbage collection runs. If GC runs take longer than
this threshold, a system notification
# will be generated to warn the administrator about possible problems with the
system. Default is 1 second.
#gc_warning_threshold = 1s

# Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in
milliseconds.
#ldap_connection_timeout = 2000

# Enable collection of Graylog-related metrics into MongoDB
# WARNING: This will add *a lot* of data into your MongoDB database on a
regular interval (1 second)!
# DEPRECATED: This setting and the respective feature will be removed in a
future version of Graylog.
#enable_metrics_collection = false

# Disable the use of SIGAR for collecting system stats
#disable_sigar = false

# The default cache time for dashboard widgets. (Default: 10 seconds, minimum:
1 second)
#dashboard_widget_default_cache_time = 10s

# Automatically load content packs in "content_packs_dir" on the first start of
Graylog.
#content_packs_loader_enabled = true

# The directory which contains content packs which should be loaded on the
first start of Graylog.
content_packs_dir = /usr/share/graylog-server/contentpacks

# A comma-separated list of content packs (files in "content_packs_dir") which
should be applied on
# the first start of Graylog.
# Default: empty
content_packs_auto_load = grok-patterns.json

[graylog2] Re: New to graylog Issue to login after server.conf change

Reply via email to