服务器 Gind.cn
  1. 服务器 Gind.cn
  3. graylog-server不绑定在端口12900上
Intereting Posts
在select企业路由器时要注意什么? 无法通过VPN获取AD站点间复制的工作 在Centos 6.6中安装非本地RPM Exchange 2003:不限制特定用户/组的发送邮件大小? 在Ubuntu升级之后,Nginx前端,Apache后端的mod_rpaf问题 Fedora的。 正确configurationRAID1。 Raid有名称/ md127 使用Vagrant重新创buildCentOS环境 如何在CentOS 7上添加语言支持(在Docker上)? 确定NTFS重新parsing点的目标 当前最佳的SSH2authentication密码? 某些只允许/不允许? 如何知道现有密钥是什么密码? Google云端Shell暂时不可用。 尝试在几分钟内连接 为什么没有第一个用户在Linode上设置为sudo(Ubuntu 10.10) rpmbuild的%post部分不起作用 java程序在达到xmx之前内存不足 SQL Server硬件configurationbuild议

graylog-server不绑定在端口12900上

我有一个情况,在这里,无论我做什么,graylog-server都不会绑定到端口12900。 我已经使用github.com/graylog2/graylog-ansible-role来安装graylog-server-1.1.6-1.noarch的rpms,elasticsearch-1.6.2-1.noarch,mongodb-org-server-2.6.10 -1.x86_64,两个CentOS 7虚拟机上的nginx-1.8.0-1.el7.ngx.x86_64。 graylog-server启动,在/var/log/graylog/server.log中没有logging错误,但是无法绑定到端口12900。 

[root@doru2 deploy]# ps -eaf | grep graylog-server graylog 26140 26137 7 19:01 ? 00:02:50 java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -jar -Dlog4j.configuration=file:///etc/graylog/server/log4j.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar /usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np [root@doru2 deploy]# netstat -tunelp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 991 100234 25747/mongod tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 16996 820/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 22667 1563/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 22086 1504/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 24601 1994/master tcp6 0 0 :::111 :::* LISTEN 0 16999 820/rpcbind tcp6 0 0 10.1.10.134:9200 :::* LISTEN 990 53978 10878/java tcp6 0 0 10.1.10.134:9300 :::* LISTEN 990 52910 10878/java tcp6 0 0 :::22 :::* LISTEN 0 22088 1504/sshd tcp6 0 0 ::1:25 :::* LISTEN 0 24602 1994/master udp 0 0 0.0.0.0:111 0.0.0.0:* 0 16934 820/rpcbind udp 0 0 0.0.0.0:123 0.0.0.0:* 0 17863 813/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 0 17865 813/chronyd udp 0 0 0.0.0.0:18893 0.0.0.0:* 0 21509 1311/dhclient udp 0 0 0.0.0.0:53726 0.0.0.0:* 70 18826 793/avahi-daemon: r udp 0 0 0.0.0.0:973 0.0.0.0:* 0 16995 820/rpcbind udp 0 0 0.0.0.0:5353 0.0.0.0:* 70 18825 793/avahi-daemon: r [root@doru2 deploy]# firewall-cmd --list-all public (default, active) interfaces: eno16777736 sources: services: dhcpv6-client ssh ports: 9200/tcp 9300/udp 12900/tcp 9300/tcp masquerade: no forward-ports: icmp-blocks: rich rules: [root@doru2 deploy]# systemctl status iptables iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled) Active: inactive (dead) [root@doru2 deploy]# semanage port -l | grep 12900 http_port_t tcp 12900, 80, 81, 443, 488, 8008, 8009, 8443, 9000

SElinux审计日志显示没有相关的例外。 

 [root@doru2 deploy]# grep -v -w graylog-web /var/log/audit/audit.log | grep -v -w crond_t type=MAC_POLICY_LOAD msg=audit(1438973046.052:25205): policy loaded auid=1001 ses=2 type=SYSCALL msg=audit(1438973046.052:25205): arch=c000003e syscall=1 success=yes exit=3770462 a0=4 a1=7f7f2403e010 a2=39885e a3=7ffeb5dd0760 items=0 ppid=69239 pid=69302 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=MAC_POLICY_LOAD msg=audit(1438973101.674:25222): policy loaded auid=1001 ses=2 type=SYSCALL msg=audit(1438973101.674:25222): arch=c000003e syscall=1 success=yes exit=3770418 a0=4 a1=7f41b3048010 a2=398832 a3=7ffde8b85280 items=0 ppid=69492 pid=69562 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=USER_AVC msg=audit(1438973169.169:25243): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1438973169.169:25244): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=SERVICE_STOP msg=audit(1438973169.174:25245): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="graylog-server" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1438973169.195:25246): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="graylog-server" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Graylog服务器日志显示即使configuration为仅使用单播地址,它也会持续注册zen多播传输处理程序。 

 2015-08-06T18:42:36.749-07:00 INFO [CmdLineTool] Loaded plugins: [Anonymous Usage Statistics 1.1.1 [org.graylog.plugins.usagestatistics.UsageStatsPlugin]] 2015-08-06T18:42:36.879-07:00 INFO [CmdLineTool] Running with JVM arguments: -Xms256m -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configuration=file:///etc/graylog/server/log4j.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar 2015-08-06T18:42:40.871-07:00 INFO [InputBufferImpl] Message journal is enabled. 2015-08-06T18:42:41.234-07:00 INFO [LogManager] Loading log 'messagejournal-0' 2015-08-06T18:42:41.304-07:00 INFO [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal 2015-08-06T18:42:41.316-07:00 INFO [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers. 2015-08-06T18:42:41.486-07:00 INFO [NodeId] Node ID: 22261716-e535-47eb-a02b-395b2f2983ee 2015-08-06T18:42:41.713-07:00 INFO [node] [doru2] version[1.6.2], pid[17622], build[6220391/2015-07-29T09:24:47Z] 2015-08-06T18:42:41.713-07:00 INFO [node] [doru2] initializing ... 2015-08-06T18:42:41.782-07:00 INFO [plugins] [doru2] loaded [graylog2-monitor], sites [] 2015-08-06T18:42:43.988-07:00 WARN [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@171228a4, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@292a32d1 2015-08-06T18:42:44.727-07:00 WARN [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@22e2821f, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@171228a4 2015-08-06T18:42:44.729-07:00 WARN [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@7ff210cf, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@22e2821f 2015-08-06T18:42:44.731-07:00 WARN [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@6d2dc7a8, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@7ff210cf 2015-08-06T18:42:44.743-07:00 WARN [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@4099f1f0, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@6d2dc7a8 2015-08-06T18:42:44.744-07:00 WARN [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@3adae4b2, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@4099f1f0

在20分钟的时间内logging了2300条警告。 /etc/graylog/server/server.conf的本质是: 

 [root@doru2 deploy]# grep -v ^\# /etc/graylog/server/server.conf | sort -u allow_highlighting = false allow_leading_wildcard_searches = false dead_letters_enabled = false elasticsearch_analyzer = standard elasticsearch_cluster_discovery_timeout = 5000 elasticsearch_cluster_name = graylog-cluster elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml elasticsearch_discovery_zen_ping_multicast_enabled = False elasticsearch_discovery_zen_ping_unicast_hosts = ['10.1.10.133:9300', '10.1.10.134:9300'] elasticsearch_http_enabled = false elasticsearch_index_prefix = graylog2 elasticsearch_max_docs_per_index = 20000000 elasticsearch_max_number_of_indices = 20 elasticsearch_network_bind_host = elasticsearch_network_host = elasticsearch_network_publish_host = elasticsearch_node_data = false elasticsearch_node_master = false elasticsearch_node_name = doru2 elasticsearch_replicas = 0 elasticsearch_shards = 4 elasticsearch_transport_tcp_port = 9300 is_master = false lb_recognition_period_seconds = 3 message_journal_dir = /var/lib/graylog-server/journal message_journal_enabled = true message_journal_max_age = 12h message_journal_max_size = 5gb mongodb_max_connections = 100 mongodb_password = mongodb_replica_set = localhost:27017 mongodb_threads_allowed_to_block_multiplier = 5 mongodb_uri = mongodb://127.0.0.1:27017/graylog mongodb_useauth = false mongodb_user = node_id_file = /etc/graylog/server/node-id output_batch_size = 25 outputbuffer_processors = 3 output_flush_interval = 1 password_secret = 2jueVqZpwLLjaWxV plugin_dir = /usr/share/graylog-server/plugin processbuffer_processors = 5 processor_wait_strategy = blocking rest_enable_cors = true rest_enable_gzip = true rest_listen_uri = http://127.0.0.1:12900/ rest_transport_uri = http://127.0.0.1:12900/ retention_strategy = delete root_email = root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 root_timezone = UTC root_username = admin rotation_strategy = count stream_processing_max_faults = 3 stream_processing_timeout = 2000 telemetry_enabled = false transport_email_auth_password = transport_email_auth_username = transport_email_enabled = false transport_email_from_email = transport_email_hostname = transport_email_port = 587 transport_email_subject_prefix = [graylog] transport_email_use_auth = true transport_email_use_ssl = true transport_email_use_tls = true transport_email_web_interface_url =

我看到的唯一错误是在/ var / log / messages 

 Aug 7 12:32:59 localhost systemd: Started Graylog server. Aug 7 12:37:20 localhost graylog-server: Exception in thread "main" java.lang.OutOfMemoryError: Java heap space Aug 7 12:37:20 localhost graylog-server: at java.util.Arrays.copyOf(Arrays.java:2367) Aug 7 12:37:20 localhost graylog-server: at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:130) Aug 7 12:37:20 localhost graylog-server: at java.lang.AbstractStringBuilder.ensureCapacityInternal(AbstractStringBuilder.java:114) Aug 7 12:37:20 localhost graylog-server: at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:415) Aug 7 12:37:20 localhost graylog-server: at java.lang.StringBuilder.append(StringBuilder.java:132) Aug 7 12:37:20 localhost graylog-server: at java.lang.StringBuilder.append(StringBuilder.java:179) Aug 7 12:37:20 localhost graylog-server: at java.lang.StringBuilder.append(StringBuilder.java:72) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter$FormatSpecifier.print(Formatter.java:2865) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter$FormatSpecifier.printString(Formatter.java:2838) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter$FormatSpecifier.print(Formatter.java:2718) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter.format(Formatter.java:2488) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter.format(Formatter.java:2423) Aug 7 12:37:20 localhost graylog-server: at org.elasticsearch.common.inject.internal.Errors.format(Errors.java:474) Aug 7 12:37:20 localhost graylog-server: at org.elasticsearch.common.inject.CreationException.getMessage(CreationException.java:55) Aug 7 12:37:20 localhost graylog-server: at java.lang.Throwable.getLocalizedMessage(Throwable.java:391) Aug 7 12:37:20 localhost graylog-server: at java.lang.Throwable.toString(Throwable.java:480) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter$FormatSpecifier.printString(Formatter.java:2838) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter$FormatSpecifier.print(Formatter.java:2718) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter.format(Formatter.java:2488) Aug 7 12:37:20 localhost graylog-server: at java.util.Formatter.format(Formatter.java:2423) Aug 7 12:37:20 localhost graylog-server: at java.lang.String.format(String.java:2792) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.format(Errors.java:556) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.addMessage(Errors.java:539) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.errorInUserCode(Errors.java:421) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.errorInProvider(Errors.java:376) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.BoundProviderFactory.provision(BoundProviderFactory.java:74) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:61) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:62) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) Aug 7 12:37:20 localhost graylog-server: at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145)

我使用的VM有4GB的RAM,JVMconfiguration为使用1G。 我想知道内存不足错误是由于启动大量的多播传输处理程序造成的。 有任何想法吗?

我将其追溯到/etc/graylog/server/server.conf中的elasticsearch_discovery_zen_ping_unicast_hosts值。 这是一个Java属性文件,所以值需要格式化为: 

 elasticsearch_discovery_zen_ping_unicast_hosts = 10.1.10.134:9300 elasticsearch_discovery_zen_ping_unicast_hosts = 10.1.10.134:9300,10.1.10.133:9300

避免像这样的YAML格式。 Graylog代码(如1.1.6)不会标记格式不正确的值。 

 elasticsearch_discovery_zen_ping_unicast_hosts = "10.1.10.134:9300" elasticsearch_discovery_zen_ping_unicast_hosts = [ "10.1.10.134:9300" ]