I'm currently trying to get Graylog to work. I installed with the following graylog-settings.json :
local-ip is the graylog server local ip on our network.
graylog.domain.com is our graylog external domain
{
"timezone": "Europe/Paris",
"smtp_server": "smtp.gmail.com",
"smtp_port": 465,
"smtp_user": "xxxx",
"smtp_password": "xxxx",
"smtp_from_email": "graylog@graylog",
"smtp_web_url": "http://graylog",
"smtp_no_tls": false,
"smtp_no_ssl": false,
"master_node": "127.0.0.1",
"local_connect": false,
"current_address": "local-ip",
"last_address": "local-ip",
"enforce_ssl": false,
"journal_size": 1,
"node_id": false,
"internal_logging": true,
"web_listen_uri": false,
"web_endpoint_uri": false,
"rest_listen_uri": false,
"rest_transport_uri": false,
"external_rest_uri": "http://graylog.domain.com:9000/",
"custom_attributes": {
}
}
We have a PFSense (which I'm whitelisted on every port).
I configured a NAT entry to send all 9000 request on my graylog server.
I configured my NGinx proxy to send all graylog.domain.com to local-ip
Here is the problem :
If I reach graylog.domain.com:80, I can see the login page, but a any login attempt, I get :
Error - the server returned: 404 - cannot POST http://graylog.domain.com:9000/system/sessions (404)
If I reach graylog.domain.com:9000, I get directly this error (without the login page) :
We are experiencing problems connecting to the Graylog server running on http://local-ip:9000/api/. Please verify that the server is healthy and working correctly.
You will be automatically redirected to the previous page once we can connect to the server.
Do you need a hand? We can help you.
More details
I RTFM but I can't get the right configuration.. Can anybody help ?
EDIT :
Thanks to @joschi, I manage to get this to work. Here is my conf file now :
{
"timezone": "Europe/Paris",
"smtp_server": "smtp.gmail.com",
"smtp_port": 465,
"smtp_user": "xxx",
"smtp_password": "xxx",
"smtp_from_email": "graylog@graylog",
"smtp_web_url": "http://graylog",
"smtp_no_tls": false,
"smtp_no_ssl": false,
"master_node": "127.0.0.1",
"local_connect": false,
"current_address": "local-ip",
"last_address": "local-ip",
"enforce_ssl": false,
"journal_size": 1,
"node_id": false,
"internal_logging": true,
"web_listen_uri": false,
"web_endpoint_uri": false,
"rest_listen_uri": false,
"rest_transport_uri": false,
"external_rest_uri": "http://external-ip:9000/api/",
"custom_attributes": {
}
}
And I used the following command to update my conf file :
sudo graylog-ctl set-external-ip "http://external-ip:9000/api/"
Of course, external-ip is our public IP.
Your external_rest_uri setting is wrong. It has to point to the URI of the Graylog REST API.
You're also not supposed to edit the graylog-settings.json by hand (unless you really need some advanced settings), but use the graylog-ctl command.
Please read http://docs.graylog.org/en/2.1/pages/configuration/graylog_ctl.html for further information about the graylog-ctlcommand.