Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Graylog - problem with installation / running

Featured Replies

hello i'm looking something to log networks on my home network 

 

I have edgerouter ER4 and I cannot check whats website people on my network check

 

I found Graylog, and try install and runn , but i have a problem

 

I try this : https://whitematter.tech/posts/run-graylog-with-docker-compose-on-unraid/ - does work for me, after installation I cannot connect to  "my ip unraid:9000" -  nothing

 

or try install Graylog via app, but its does work

 

Any one know how to install this ?

  • 2 weeks later...

I came here looking for help on this. First my password was too short. Now It's having permission issues. and I'm not sure how to correct it. 

 

2023-03-04 13:30:39,433 ERROR: org.graylog2.shared.journal.LocalKafkaJournal - Cannot access offset file: Permission denied
2023-03-04 13:30:39,462 ERROR: org.graylog2.shared.journal.LocalKafkaJournal - Cannot access offset file: Permission denied
2023-03-04 13:30:39,671 INFO : org.graylog2.shared.buffers.InputBufferImpl - Message journal is enabled.
2023-03-04 13:30:39,673 ERROR: org.graylog2.shared.journal.LocalKafkaJournal - Cannot access offset file: Permission denied
2023-03-04 13:30:39,769 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Unknown host 'elasticsearch: Name or service not known'. - Unknown host 'elasticsearch: Name or service not known'.
2023-03-04 13:30:44,773 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Unknown host 'elasticsearch'. - Unknown host 'elasticsearch'.

 

@Maniek2as2 what is in your graylog-graylog-1 log file? 

  • 2 months later...

I also have been fighting with trying to get graylog working in an Unraid docker.  Seems to be a combinations of many problems with how ALL the current dockers seem to be built.

For starters, you need other services up and running for Graylog to work.  That being elasticsearch and mongodb.  I have not gotten any of the three docker containers to actually install and 'just work'.  File permissions are trying to run as root, instead of nobody, on all the containers.  There also seem to be some version restrictions betweeh what version of graylog you use and what version of elasticsearch works with it.  Not sure if that is the only problems, but it seems like it may be worth trying to create a container that just includes all three services rolled up together - unfortunatly, I don't know enough about any of them to take this on.

So, just tried the above linked compose method and ended up with the same errors as @GTvert90 .   I don't feel that this particular service should be so strangely difficult to get running.

quick update - it seems the errors I was seeing were due to folder permissions.  For some reason the folders that the containers create don't get set with permissions that those same containers can access.  chmod 777'ing them got the containers to all start up.. I think.. so far... now to actually learn how to USE graylog...

  • 6 months later...
On 5/26/2023 at 5:06 AM, CraziFuzzy said:

quick update - it seems the errors I was seeing were due to folder permissions.  For some reason the folders that the containers create don't get set with permissions that those same containers can access.  chmod 777'ing them got the containers to all start up.. I think.. so far... now to actually learn how to USE graylog...

 

How has it been for you? I am struggling to setup graylog also but all the guides I follow seem to be outdated or not have any fixes for the numerous issues I see. 

  • 6 months later...
On 5/26/2023 at 4:06 PM, CraziFuzzy said:

quick update - it seems the errors I was seeing were due to folder permissions.  For some reason the folders that the containers create don't get set with permissions that those same containers can access.  chmod 777'ing them got the containers to all start up.. I think.. so far... now to actually learn how to USE graylog...

 

Unfortunately doing a chmod to 777 on the folders didn't work for me. I still get the errors with the container not being able to change permissions. It's such a strange thing for it to get hung up on.

  • 4 weeks later...

So, from what I see the .yml is hard coded with the user 'graylog'. Create this user and then edit the graylog container and take a look at the "more settings" > appdata path. I noticed that in some places the container author misspelled 'gray' as 'grey' in the app data set path once you view the edit config of the appdata path. 

You may also need to:
chown -R graylog:users /mnt/user/appdata/graylog/
chmod -R 755 /mnt/user/appdata/graylog/

  • 1 month later...
  • 10 months later...
On 8/10/2024 at 2:38 AM, Skylinar said:

graylog user is 1100:1100, so setting this to the folders recursively solved my issue.

 

chown -R 1100:1100 /mnt/user/appdata/graylog/

 

Reference here:

https://go2docs.graylog.org/current/downloading_and_installing_graylog/docker_installation.htm

Thanks used the compose file from there.
Came up finally with those paths and compose file:

# For DataNode setup, graylog starts with a preflight UI, this is a change from just using OpenSearch/Elasticsearch.
# Please take a look at the README at the top of this repo or the regular docs for more info.
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: "mongo:6.0"
restart: "on-failure"
networks:
- graylog
volumes:
- "/mnt/user/appdata/graymongo/mongodb_data:/data/db"
- "/mnt/user/appdata/graymongo/mongodb_config:/data/configdb"
# For DataNode setup, graylog starts with a preflight UI, this is a change from just using OpenSearch/Elasticsearch.
# Please take a look at the README at the top of this repo or the regular docs for more info.
# Graylog Data Node: https://hub.docker.com/r/graylog/graylog-datanode
datanode:
image: "${DATANODE_IMAGE:-graylog/graylog-datanode:6.1}"
hostname: "datanode"
environment:
GRAYLOG_DATANODE_NODE_ID_FILE: "/var/lib/graylog-datanode/node-id"
# GRAYLOG_DATANODE_PASSWORD_SECRET and GRAYLOG_PASSWORD_SECRET MUST be the same value
GRAYLOG_DATANODE_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
GRAYLOG_DATANODE_MONGODB_URI: "mongodb://mongodb:27017/graylog"
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
ports:
- "8999:8999/tcp" # DataNode API
- "9200:9200/tcp"
- "9300:9300/tcp"
networks:
- graylog
volumes:
- "/mnt/user/appdata/graylog/graylog-datanode:/var/lib/graylog-datanode"
restart: "on-failure"
# Graylog: https://hub.docker.com/r/graylog/graylog-enterprise
graylog:
hostname: "server"
image: "${GRAYLOG_IMAGE:-graylog/graylog:6.1}"
depends_on:
mongodb:
condition: "service_started"
datanode:
condition: "service_started"
entrypoint: "/usr/bin/tini -- /docker-entrypoint.sh"
environment:
GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/data/node-id"
# GRAYLOG_DATANODE_PASSWORD_SECRET and GRAYLOG_PASSWORD_SECRET MUST be the same value
GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
ports:
- "5044:5044/tcp" # Beats
- "5140:5140/udp" # Syslog
- "5140:5140/tcp" # Syslog
- "5555:5555/tcp" # RAW TCP
- "5555:5555/udp" # RAW UDP
- "9009:9000/tcp" # Server API
- "12201:12201/tcp" # GELF TCP
- "12201:12201/udp" # GELF UDP
#- "10000:10000/tcp" # Custom TCP port
#- "10000:10000/udp" # Custom UDP port
- "13301:13301/tcp" # Forwarder data
- "13302:13302/tcp" # Forwarder config
networks:
- graylog
volumes:
- "/mnt/user/appdata/graylog/graylog_data:/usr/share/graylog/data/data"
restart: "on-failure"
networks:
graylog:
driver: "bridge"
volumes:
mongodb_data:
mongodb_config:
graylog-datanode:
graylog_data:

Edited by mastervol

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.