Discussion:
[graylog2] Graylog V2.1.2 - getting GELF HTTP working with simple HTTP POST/JSON body
Mike Norris
2016-12-05 19:57:54 UTC
Permalink
Hi

I am having some troubles technically with a GELF HTTP input

I cannot POST a simple sample JSON message to my GELF endpoint, *I keep
getting "Unable to connect to the remote server"*

Graylog has been installed as a Docker runtime container(s) on my Windows
10 Surface laptop

Starting Graylog up is simple, the Docker process worked first time, so I
have the following

*a. Graylog V2.1.2 running*

*b. I can login to the console via htttp:127.0.0.1:9000 as admin/admin*

*c. I've created a basic GELF HTTP input in System ... Inputs*

Type = GELF HTTP
Bind address 127.0.0.1
Port 12201
removed any suggestion of TLS authentication, which is [optional] anyway

This endpoint is running ok

So in theory I have a listening process on port 12201 waiting and ready for
GELF messages

*d. I've tried POSTing simple requests as per the examples
in http://docs.graylog.org/en/2.1/pages/gelf.html
<http://docs.graylog.org/en/2.1/pages/gelf.html>*

*e. My tool of choice for the client is Windows .NET and I've tried both
PowerShell and C# programs*

All I think I have to do is deliver a correct json payload in a sim ple
HHTP request to the right endpoint for it to work

*Example - PowerShell code*

Set-ExecutionPolicy Unrestricted
Get-ExecutionPolicy

$resource = "http://localhost:12201/gelf"

$body = '"{version": "1.1","host": "example.org","short_message": "A short
message that helps you identify what is going on","full_message":
"Backtrace here\n\nmore stuff","timestamp": 1385053862.3072,"level":
1,"_user_id": 9001,"_some_info":"foo","_some_env_var":"bar"}'

Invoke-WebRequest -Uri "http://127.0.0.1:12201/gelf" -Method Post
-TransferEncoding "gzip" -ContentType "application/json; charset=UTF-8"
-Body $body

I initailly wrote the PowerShell code without invoking gzip compression,
I've recently added that to no avail

*f. I don't understand why the error I get is Unable to connect, as Graylog
is quite happy to serve pages on the same IP address on port 9000*

The GELF INPUT is in a running state?


Is this one of those examples where my input is wrong and the error message
is misleading?
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6ed4587c-98a2-46b7-8505-da213e38c31e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mike Norris
2016-12-05 20:06:47 UTC
Permalink
I should add that the slef-testing Random HTTP Message generator supplied
as a demo with Graylog input works fine and populates messages
Post by Mike Norris
Hi
I am having some troubles technically with a GELF HTTP input
I cannot POST a simple sample JSON message to my GELF endpoint, *I keep
getting "Unable to connect to the remote server"*
Graylog has been installed as a Docker runtime container(s) on my Windows
10 Surface laptop
Starting Graylog up is simple, the Docker process worked first time, so I
have the following
*a. Graylog V2.1.2 running*
*b. I can login to the console via htttp:127.0.0.1:9000
<http://127.0.0.1:9000> as admin/admin*
*c. I've created a basic GELF HTTP input in System ... Inputs*
Type = GELF HTTP
Bind address 127.0.0.1
Port 12201
removed any suggestion of TLS authentication, which is [optional] anyway
This endpoint is running ok
So in theory I have a listening process on port 12201 waiting and ready
for GELF messages
*d. I've tried POSTing simple requests as per the examples
in http://docs.graylog.org/en/2.1/pages/gelf.html
<http://docs.graylog.org/en/2.1/pages/gelf.html>*
*e. My tool of choice for the client is Windows .NET and I've tried both
PowerShell and C# programs*
All I think I have to do is deliver a correct json payload in a sim ple
HHTP request to the right endpoint for it to work
*Example - PowerShell code*
Set-ExecutionPolicy Unrestricted
Get-ExecutionPolicy
$resource = "http://localhost:12201/gelf"
$body = '"{version": "1.1","host": "example.org","short_message": "A
1,"_user_id": 9001,"_some_info":"foo","_some_env_var":"bar"}'
Invoke-WebRequest -Uri "http://127.0.0.1:12201/gelf" -Method Post
-TransferEncoding "gzip" -ContentType "application/json; charset=UTF-8"
-Body $body
I initailly wrote the PowerShell code without invoking gzip compression,
I've recently added that to no avail
*f. I don't understand why the error I get is Unable to connect, as
Graylog is quite happy to serve pages on the same IP address on port 9000*
The GELF INPUT is in a running state?
Is this one of those examples where my input is wrong and the error
message is misleading?
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f55fd883-0414-4f56-9043-7d43f5f590ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jochen Schalanda
2016-12-06 15:46:49 UTC
Permalink
Hi Mike,

if you bind the GELF HTTP input to 127.0.0.1, only processes on the same
machine (or running in the Docker container) can access it.

Try binding the GELF HTTP input to the public IP address of the Docker
container or 0.0.0.0.

Cheers,
Jochen
Post by Mike Norris
Hi
I am having some troubles technically with a GELF HTTP input
I cannot POST a simple sample JSON message to my GELF endpoint, *I keep
getting "Unable to connect to the remote server"*
Graylog has been installed as a Docker runtime container(s) on my Windows
10 Surface laptop
Starting Graylog up is simple, the Docker process worked first time, so I
have the following
*a. Graylog V2.1.2 running*
*b. I can login to the console via htttp:127.0.0.1:9000
<http://127.0.0.1:9000> as admin/admin*
*c. I've created a basic GELF HTTP input in System ... Inputs*
Type = GELF HTTP
Bind address 127.0.0.1
Port 12201
removed any suggestion of TLS authentication, which is [optional] anyway
This endpoint is running ok
So in theory I have a listening process on port 12201 waiting and ready
for GELF messages
*d. I've tried POSTing simple requests as per the examples
in http://docs.graylog.org/en/2.1/pages/gelf.html
<http://docs.graylog.org/en/2.1/pages/gelf.html>*
*e. My tool of choice for the client is Windows .NET and I've tried both
PowerShell and C# programs*
All I think I have to do is deliver a correct json payload in a sim ple
HHTP request to the right endpoint for it to work
*Example - PowerShell code*
Set-ExecutionPolicy Unrestricted
Get-ExecutionPolicy
$resource = "http://localhost:12201/gelf"
$body = '"{version": "1.1","host": "example.org","short_message": "A
1,"_user_id": 9001,"_some_info":"foo","_some_env_var":"bar"}'
Invoke-WebRequest -Uri "http://127.0.0.1:12201/gelf" -Method Post
-TransferEncoding "gzip" -ContentType "application/json; charset=UTF-8"
-Body $body
I initailly wrote the PowerShell code without invoking gzip compression,
I've recently added that to no avail
*f. I don't understand why the error I get is Unable to connect, as
Graylog is quite happy to serve pages on the same IP address on port 9000*
The GELF INPUT is in a running state?
Is this one of those examples where my input is wrong and the error
message is misleading?
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b7452a2a-4bee-404c-b371-92494c4987d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mike Norris
2016-12-06 20:57:56 UTC
Permalink
Jochen

Thanks for this suggestion, but it still isn't working

I ran ipconfig /all on my windows box via the command line
and got IP address 10.0.75.1 for my Docker container (see below)

I tried using 10.0.75.1 as the bind address in Graylog inputs, this failed
to start up, so I reset it to 0.0.0.0
- this 0.0.0.0 setting allows the GELF HTTP input listener to start
successfully, 10.0.75.1 will not

Then I entered 10.0.75.1:9000 in my browser and the Graylog login page
appeared

Then I tried to send a HTTP Post with JSON body to address 10.0.75.1:12201,
as still get the same old error
e.g. Invoke-WebRequest : Unable to connect to the remote server

If I enter http://10.0.75.1:12201/gelf in my browser I also get the same
kind of error

IS it possible that the /gelf part of the URL is wrong? at a basic level
the browser will display a login page for http://10.0.75.1:900

I believe 10.0.75.1 is reachable but :12202 or /gelf is not ??

I remain confused by GELF over HTTP, its not https is it ???

Mike

--- output from ipconfig /all)
*Ethernet adapter vEthernet (DockerNAT):*

* Connection-specific DNS Suffix . :*
* Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter*
* Physical Address. . . . . . . . . : 00-15-5D-15-4C-00*
* DHCP Enabled. . . . . . . . . . . : No*
* Autoconfiguration Enabled . . . . : Yes*
* IPv4 Address. . . . . . . . . . . : 10.0.75.1(Preferred)*
* Subnet Mask . . . . . . . . . . . : 255.255.255.0*
Post by Jochen Schalanda
Hi Mike,
if you bind the GELF HTTP input to 127.0.0.1, only processes on the same
machine (or running in the Docker container) can access it.
Try binding the GELF HTTP input to the public IP address of the Docker
container or 0.0.0.0.
Cheers,
Jochen
Hi
I am having some troubles technically with a GELF HTTP input
I cannot POST a simple sample JSON message to my GELF endpoint, *I keep
getting "Unable to connect to the remote server"*
Graylog has been installed as a Docker runtime container(s) on my Windows
10 Surface laptop
Starting Graylog up is simple, the Docker process worked first time, so I
have the following
*a. Graylog V2.1.2 running*
*b. I can login to the console via htttp:127.0.0.1:9000
<http://127.0.0.1:9000> as admin/admin*
*c. I've created a basic GELF HTTP input in System ... Inputs*
Type = GELF HTTP
Bind address 127.0.0.1
Port 12201
removed any suggestion of TLS authentication, which is [optional] anyway
This endpoint is running ok
So in theory I have a listening process on port 12201 waiting and ready
for GELF messages
*d. I've tried POSTing simple requests as per the examples
in http://docs.graylog.org/en/2.1/pages/gelf.html
<http://docs.graylog.org/en/2.1/pages/gelf.html>*
*e. My tool of choice for the client is Windows .NET and I've tried both
PowerShell and C# programs*
All I think I have to do is deliver a correct json payload in a sim ple
HHTP request to the right endpoint for it to work
*Example - PowerShell code*
Set-ExecutionPolicy Unrestricted
Get-ExecutionPolicy
$resource = "http://localhost:12201/gelf"
$body = '"{version": "1.1","host": "example.org","short_message": "A
1,"_user_id": 9001,"_some_info":"foo","_some_env_var":"bar"}'
Invoke-WebRequest -Uri "http://127.0.0.1:12201/gelf" -Method Post
-TransferEncoding "gzip" -ContentType "application/json; charset=UTF-8"
-Body $body
I initailly wrote the PowerShell code without invoking gzip compression,
I've recently added that to no avail
*f. I don't understand why the error I get is Unable to connect, as
Graylog is quite happy to serve pages on the same IP address on port 9000*
The GELF INPUT is in a running state?
Is this one of those examples where my input is wrong and the error
message is misleading?
--
You received this message because you are subscribed to a topic in the
Google Groups "Graylog Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/graylog2/J7Ja2RGzE_4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/b7452a2a-4bee-404c-b371-92494c4987d2%40googlegroups.com
<https://groups.google.com/d/msgid/graylog2/b7452a2a-4bee-404c-b371-92494c4987d2%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAO7j4bcsuUadQ4RMLgWx9U-OMC%2B1C5WvZ4Xc4Sg9c3-%3DH-dm%2Bg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Jochen Schalanda
2016-12-07 08:21:53 UTC
Permalink
Hi Mike,

keep in mind that you need to expose each port explicitly in Docker, see
https://docs.docker.com/engine/reference/commandline/port/ and
https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose
.

Cheers,
Jochen
Post by Jochen Schalanda
Jochen
Thanks for this suggestion, but it still isn't working
I ran ipconfig /all on my windows box via the command line
and got IP address 10.0.75.1 for my Docker container (see below)
I tried using 10.0.75.1 as the bind address in Graylog inputs, this failed
to start up, so I reset it to 0.0.0.0
- this 0.0.0.0 setting allows the GELF HTTP input listener to start
successfully, 10.0.75.1 will not
Then I entered 10.0.75.1:9000 in my browser and the Graylog login page
appeared
Then I tried to send a HTTP Post with JSON body to address 10.0.75.1:12201,
as still get the same old error
e.g. Invoke-WebRequest : Unable to connect to the remote server
If I enter http://10.0.75.1:12201/gelf in my browser I also get the same
kind of error
IS it possible that the /gelf part of the URL is wrong? at a basic level
the browser will display a login page for http://10.0.75.1:900
I believe 10.0.75.1 is reachable but :12202 or /gelf is not ??
I remain confused by GELF over HTTP, its not https is it ???
Mike
--- output from ipconfig /all)
*Ethernet adapter vEthernet (DockerNAT):*
* Connection-specific DNS Suffix . :*
* Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter*
* Physical Address. . . . . . . . . : 00-15-5D-15-4C-00*
* DHCP Enabled. . . . . . . . . . . : No*
* Autoconfiguration Enabled . . . . : Yes*
* IPv4 Address. . . . . . . . . . . : 10.0.75.1(Preferred)*
* Subnet Mask . . . . . . . . . . . : 255.255.255.0*
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mike Norris
2016-12-07 17:21:20 UTC
Permalink
Jochen

Interesting tip but still not working ;-(

I have tried to allow http://10.0.75.1 to respond to client request running
on my machine

I want to achive the following

send GELF HHTP requests from my windows machine running Powershell into
Graylog running inside a Docker environment

10.0.75.1 is the IP address of the docker system as we know from ipconfig
/all

I've tried my best to add OR expose ports 12201 and 12202

a. I want to run HTTP GELF on port 12201 and allow the outside world (i.e
my laptop which is running docker and the container) to send GELF POSTS to
10.0.51.1:12202 .. or .. 127.0.0.1:12201
b. I want to also try TCP GELF on port 12202

nb: I did this by entering ................... docker run -p
127.0.0.1:12201:12201
graylog2/server

The docker run -p produces a shed load of messages on the console, tons !!
- which made me think it had failed
- but docker ps shows the following

CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS
NAMES
7d81b1f47a9d graylog2/server "/docker-entrypoint.s" 6 seconds ago
Up 4 seconds 9000/tcp, 12900/tcp, 0.0.0.0:12201->12001/tcp
small_curie
a3492b1cf60a graylog2/server "/docker-entrypoint.s" 18 minutes ago
Up 18 minutes 9000/tcp, 12900/tcp, 0.0.0.0:12202->12002/tcp
peaceful_einstein
ebdef3e02b89 graylog2/server "/docker-entrypoint.s" 31 minutes ago
Up 31 minutes 0.0.0.0:9000->9000/tcp, 12900/tcp
gigantic_jennings
dd421c87f1f5 elasticsearch:2 "/docker-entrypoint.s" 5 days ago
Up 7 hours 9200/tcp, 9300/tcp
some-elasticsearch
2a466a04134c mongo:3 "/entrypoint.sh mongo" 5 days ago
Up 7 hours 27017/tcp
some-mongo

It looks like I have port 12201 accessible ??

BUT ... I still can''t get a successful send of a single message via GELF
HTTP or GELF TCP

I get The underlying connection was closed: The connection was closed
unexpectedly.

I've tried every variation of docker run --expose and docker run -p I can
think of

It's so frustrating but I cannot get GELF HTTP or TCP to work

Publish or expose port (-p, –expose)¶
<https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose#publish-or-expose-port--p---expose>

$ docker run -p 127.0.0.1:80:8080 ubuntu bash

This binds port 8080 of the container to port 80 on 127.0.0.1 of the host
machine. The Docker User Guide
<https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/>
explains in detail how to manipulate ports in Docker.

$ docker run --expose 80 ubuntu bash

This exposes port 80 of the container without publishing the port to the
host system’s interfaces.
Post by Jochen Schalanda
Hi Mike,
keep in mind that you need to expose each port explicitly in Docker, see
https://docs.docker.com/engine/reference/commandline/port/ and
https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose
.
Cheers,
Jochen
Jochen
Thanks for this suggestion, but it still isn't working
I ran ipconfig /all on my windows box via the command line
and got IP address 10.0.75.1 for my Docker container (see below)
I tried using 10.0.75.1 as the bind address in Graylog inputs, this failed
to start up, so I reset it to 0.0.0.0
- this 0.0.0.0 setting allows the GELF HTTP input listener to start
successfully, 10.0.75.1 will not
Then I entered 10.0.75.1:9000 in my browser and the Graylog login page
appeared
Then I tried to send a HTTP Post with JSON body to address 10.0.75.1:12201,
as still get the same old error
e.g. Invoke-WebRequest : Unable to connect to the remote server
If I enter http://10.0.75.1:12201/gelf in my browser I also get the same
kind of error
IS it possible that the /gelf part of the URL is wrong? at a basic level
the browser will display a login page for http://10.0.75.1:900
I believe 10.0.75.1 is reachable but :12202 or /gelf is not ??
I remain confused by GELF over HTTP, its not https is it ???
Mike
--- output from ipconfig /all)
*Ethernet adapter vEthernet (DockerNAT):*
* Connection-specific DNS Suffix . :*
* Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter*
* Physical Address. . . . . . . . . : 00-15-5D-15-4C-00*
* DHCP Enabled. . . . . . . . . . . : No*
* Autoconfiguration Enabled . . . . : Yes*
* IPv4 Address. . . . . . . . . . . : 10.0.75.1(Preferred)*
* Subnet Mask . . . . . . . . . . . : 255.255.255.0*
--
You received this message because you are subscribed to a topic in the
Google Groups "Graylog Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/graylog2/J7Ja2RGzE_4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com
<https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAO7j4bfBMA58acgSKsn%3DUFNgRZwxq%3D4ftuA79ugxF9twkb%3Dqaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Mike Norris
2016-12-15 15:21:14 UTC
Permalink
I finally got this to work, here are my tips

NB: MY CHALLENGE WAS THAT I AM WORKING WITH GRAYLOG IN A DOCKER CONTAINER

1. Download and install and use Kitematic, rather than trying to use docker
run -p to faffa about with port nos
2. User Kitematic to map the ports allocated within the docker container to
be usable to the outside world

I found it much easier to use kitematic to expose ports like 12201 which is
used by GELF; rather than using the docker command line

So having exposed port 12201 in the docker container via Kitematic to
localhost, now I can run some programs that log messages to Graylog via GELF
- in this screenshot there are 3 x containers running, in reverse order we
have mongo db, elastic search and top of the list graylog
- graylog has been changed to allow requests sent to localhost:12202 to be
processed, without this mod, graylog will not listen on port 12201 for your
request

[image: pasted1]
Post by Jochen Schalanda
Jochen
Interesting tip but still not working ;-(
I have tried to allow http://10.0.75.1 to respond to client request
running on my machine
I want to achive the following
send GELF HHTP requests from my windows machine running Powershell into
Graylog running inside a Docker environment
10.0.75.1 is the IP address of the docker system as we know from ipconfig
/all
I've tried my best to add OR expose ports 12201 and 12202
a. I want to run HTTP GELF on port 12201 and allow the outside world (i.e
my laptop which is running docker and the container) to send GELF POSTS to
10.0.51.1:12202 .. or .. 127.0.0.1:12201
b. I want to also try TCP GELF on port 12202
nb: I did this by entering ................... docker run -p
127.0.0.1:12201:12201 graylog2/server
The docker run -p produces a shed load of messages on the console, tons !!
- which made me think it had failed
- but docker ps shows the following
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS
NAMES
7d81b1f47a9d graylog2/server "/docker-entrypoint.s" 6 seconds ago
Up 4 seconds 9000/tcp, 12900/tcp, 0.0.0.0:12201->12001/tcp
small_curie
a3492b1cf60a graylog2/server "/docker-entrypoint.s" 18 minutes
ago Up 18 minutes 9000/tcp, 12900/tcp, 0.0.0.0:12202->12002/tcp
peaceful_einstein
ebdef3e02b89 graylog2/server "/docker-entrypoint.s" 31 minutes
ago Up 31 minutes 0.0.0.0:9000->9000/tcp, 12900/tcp
gigantic_jennings
dd421c87f1f5 elasticsearch:2 "/docker-entrypoint.s" 5 days ago
Up 7 hours 9200/tcp, 9300/tcp
some-elasticsearch
2a466a04134c mongo:3 "/entrypoint.sh mongo" 5 days ago
Up 7 hours 27017/tcp
some-mongo
It looks like I have port 12201 accessible ??
BUT ... I still can''t get a successful send of a single message via GELF
HTTP or GELF TCP
I get The underlying connection was closed: The connection was closed
unexpectedly.
I've tried every variation of docker run --expose and docker run -p I can
think of
It's so frustrating but I cannot get GELF HTTP or TCP to work
Publish or expose port (-p, –expose)¶
<https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose%23publish-or-expose-port--p---expose>
$ docker run -p 127.0.0.1:80:8080 ubuntu bash
This binds port 8080 of the container to port 80 on 127.0.0.1 of the host
machine. The Docker User Guide
<https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/>
explains in detail how to manipulate ports in Docker.
$ docker run --expose 80 ubuntu bash
This exposes port 80 of the container without publishing the port to the
host system’s interfaces.
Hi Mike,
keep in mind that you need to expose each port explicitly in Docker, see
https://docs.docker.com/engine/reference/commandline/port/ and
https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose
.
Cheers,
Jochen
Jochen
Thanks for this suggestion, but it still isn't working
I ran ipconfig /all on my windows box via the command line
and got IP address 10.0.75.1 for my Docker container (see below)
I tried using 10.0.75.1 as the bind address in Graylog inputs, this failed
to start up, so I reset it to 0.0.0.0
- this 0.0.0.0 setting allows the GELF HTTP input listener to start
successfully, 10.0.75.1 will not
Then I entered 10.0.75.1:9000 in my browser and the Graylog login page
appeared
Then I tried to send a HTTP Post with JSON body to address 10.0.75.1:12201,
as still get the same old error
e.g. Invoke-WebRequest : Unable to connect to the remote server
If I enter http://10.0.75.1:12201/gelf in my browser I also get the same
kind of error
IS it possible that the /gelf part of the URL is wrong? at a basic level
the browser will display a login page for http://10.0.75.1:900
I believe 10.0.75.1 is reachable but :12202 or /gelf is not ??
I remain confused by GELF over HTTP, its not https is it ???
Mike
--- output from ipconfig /all)
*Ethernet adapter vEthernet (DockerNAT):*
* Connection-specific DNS Suffix . :*
* Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter*
* Physical Address. . . . . . . . . : 00-15-5D-15-4C-00*
* DHCP Enabled. . . . . . . . . . . : No*
* Autoconfiguration Enabled . . . . : Yes*
* IPv4 Address. . . . . . . . . . . : 10.0.75.1(Preferred)*
* Subnet Mask . . . . . . . . . . . : 255.255.255.0*
--
You received this message because you are subscribed to a topic in the
Google Groups "Graylog Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/graylog2/J7Ja2RGzE_4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com
<https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAO7j4bdhq0sfWCE5Gh3k2o-RJdWn2GkdMucaOnFcnNtgyxHFeg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Lisa Deng
2017-02-20 11:24:35 UTC
Permalink
A year or so late, but I was using this helpful thread to get graylog
working in docker.
For future readers:
I ended up publishing the ports in the docker-compose file, and it worked,
no problem. It was correctly published. I am on ubuntu and I did NOT have
to download kitematic.
After publishing ports in the docker-compose file it showed up as
0.0.0.0:(number) => number/tcp, and ended up working.
Post by Mike Norris
I finally got this to work, here are my tips
NB: MY CHALLENGE WAS THAT I AM WORKING WITH GRAYLOG IN A DOCKER CONTAINER
1. Download and install and use Kitematic, rather than trying to use
docker run -p to faffa about with port nos
2. User Kitematic to map the ports allocated within the docker container
to be usable to the outside world
I found it much easier to use kitematic to expose ports like 12201 which
is used by GELF; rather than using the docker command line
So having exposed port 12201 in the docker container via Kitematic to
localhost, now I can run some programs that log messages to Graylog via GELF
- in this screenshot there are 3 x containers running, in reverse order we
have mongo db, elastic search and top of the list graylog
- graylog has been changed to allow requests sent to localhost:12202 to be
processed, without this mod, graylog will not listen on port 12201 for your
request
[image: pasted1]
Post by Jochen Schalanda
Jochen
Interesting tip but still not working ;-(
I have tried to allow http://10.0.75.1 to respond to client request
running on my machine
I want to achive the following
send GELF HHTP requests from my windows machine running Powershell into
Graylog running inside a Docker environment
10.0.75.1 is the IP address of the docker system as we know from ipconfig
/all
I've tried my best to add OR expose ports 12201 and 12202
a. I want to run HTTP GELF on port 12201 and allow the outside world (i.e
my laptop which is running docker and the container) to send GELF POSTS to
10.0.51.1:12202 .. or .. 127.0.0.1:12201
b. I want to also try TCP GELF on port 12202
nb: I did this by entering ................... docker run -p
127.0.0.1:12201:12201 graylog2/server
The docker run -p produces a shed load of messages on the console, tons !!
- which made me think it had failed
- but docker ps shows the following
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS
NAMES
7d81b1f47a9d graylog2/server "/docker-entrypoint.s" 6 seconds
ago Up 4 seconds 9000/tcp, 12900/tcp, 0.0.0.0:12201->12001/tcp
small_curie
a3492b1cf60a graylog2/server "/docker-entrypoint.s" 18 minutes
ago Up 18 minutes 9000/tcp, 12900/tcp, 0.0.0.0:12202->12002/tcp
peaceful_einstein
ebdef3e02b89 graylog2/server "/docker-entrypoint.s" 31 minutes
ago Up 31 minutes 0.0.0.0:9000->9000/tcp, 12900/tcp
gigantic_jennings
dd421c87f1f5 elasticsearch:2 "/docker-entrypoint.s" 5 days ago
Up 7 hours 9200/tcp, 9300/tcp
some-elasticsearch
2a466a04134c mongo:3 "/entrypoint.sh mongo" 5 days ago
Up 7 hours 27017/tcp
some-mongo
It looks like I have port 12201 accessible ??
BUT ... I still can''t get a successful send of a single message via GELF
HTTP or GELF TCP
I get The underlying connection was closed: The connection was closed
unexpectedly.
I've tried every variation of docker run --expose and docker run -p I can
think of
It's so frustrating but I cannot get GELF HTTP or TCP to work
Publish or expose port (-p, –expose)¶
<https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose%23publish-or-expose-port--p---expose>
$ docker run -p 127.0.0.1:80:8080 ubuntu bash
This binds port 8080 of the container to port 80 on 127.0.0.1 of the
host machine. The Docker User Guide
<https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/>
explains in detail how to manipulate ports in Docker.
$ docker run --expose 80 ubuntu bash
This exposes port 80 of the container without publishing the port to the
host system’s interfaces.
Post by Jochen Schalanda
Hi Mike,
keep in mind that you need to expose each port explicitly in Docker, see
https://docs.docker.com/engine/reference/commandline/port/ and
https://docs.docker.com/engine/reference/commandline/run/#/publish-or-expose-port--p---expose
.
Cheers,
Jochen
Post by Jochen Schalanda
Jochen
Thanks for this suggestion, but it still isn't working
I ran ipconfig /all on my windows box via the command line
and got IP address 10.0.75.1 for my Docker container (see below)
I tried using 10.0.75.1 as the bind address in Graylog inputs, this
failed to start up, so I reset it to 0.0.0.0
- this 0.0.0.0 setting allows the GELF HTTP input listener to start
successfully, 10.0.75.1 will not
Then I entered 10.0.75.1:9000 in my browser and the Graylog login page
appeared
Then I tried to send a HTTP Post with JSON body to address
10.0.75.1:12201, as still get the same old error
e.g. Invoke-WebRequest : Unable to connect to the remote server
If I enter http://10.0.75.1:12201/gelf in my browser I also get the
same kind of error
IS it possible that the /gelf part of the URL is wrong? at a basic
level the browser will display a login page for http://10.0.75.1:900
I believe 10.0.75.1 is reachable but :12202 or /gelf is not ??
I remain confused by GELF over HTTP, its not https is it ???
Mike
--- output from ipconfig /all)
*Ethernet adapter vEthernet (DockerNAT):*
* Connection-specific DNS Suffix . :*
* Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter*
* Physical Address. . . . . . . . . : 00-15-5D-15-4C-00*
* DHCP Enabled. . . . . . . . . . . : No*
* Autoconfiguration Enabled . . . . : Yes*
* IPv4 Address. . . . . . . . . . . : 10.0.75.1(Preferred)*
* Subnet Mask . . . . . . . . . . . : 255.255.255.0*
--
You received this message because you are subscribed to a topic in the
Google Groups "Graylog Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/graylog2/J7Ja2RGzE_4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com
<https://groups.google.com/d/msgid/graylog2/68539b75-8ed5-4cc1-80cf-85093daae690%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/23450862-53b0-40c7-8869-e18a32690fc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...