Discussion:
[graylog2] Load Balancer health check with Big-IP F5
Marty
2016-04-12 23:38:35 UTC
Permalink
Hi Folks,

Graylog V1.3.4

Just wondering if anyone has integrated the Graylog LB state into the F5
native http health check.
I can't get this to work when sending:

GET /system/lbstatus HTTP/1.1


From the command line (using netcat) on the graylog node, this also fails.
Just get a newline (no output).

$ echo -e "GET /system/lbstatus HTTP/1.1\r\n" | nc 127.0.0.1 12900

Using nc natively is OK, as seen below. Need to send <cr> twice, as shown.

$ nc 127.0.0.1 12900
GET /system/lbstatus HTTP/1.1<cr>
<cr>
HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
X-Runtime-Microseconds: 240
Transfer-Encoding: chunked

5
ALIVE
0
<ctrl c>

Using curl is fine:

S curl -w '\n' http://127.0.0.1:12900/system/lbstatus
ALIVE

I got around this on the F5, by using curl with an external script.

Just wondering if there is an issue or I'm doing something incorrect.

Cheers,
Martin
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/05364332-c760-472e-9e67-4eb4d2db5205%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jochen Schalanda
2016-04-13 10:18:49 UTC
Permalink
Hi Marty,

the second CRLF is required by the HTTP/1.0 and HTTP/1.1 protocols, so it's
not broken but simply as specified (see
https://tools.ietf.org/html/rfc7230#section-3 for details). If you really
want to use netcat for that stuff instead of a proper HTTP client like curl,
you'll have success with the following command:

echo -e "GET /system/lbstatus HTTP/1.1\r\nConnection: close\r\n\r\n" | nc
127.0.0.1 12900


Cheers,
Jochen
Post by Marty
Hi Folks,
Graylog V1.3.4
Just wondering if anyone has integrated the Graylog LB state into the F5
native http health check.
GET /system/lbstatus HTTP/1.1
From the command line (using netcat) on the graylog node, this also fails.
Just get a newline (no output).
$ echo -e "GET /system/lbstatus HTTP/1.1\r\n" | nc 127.0.0.1 12900
Using nc natively is OK, as seen below. Need to send <cr> twice, as shown.
$ nc 127.0.0.1 12900
GET /system/lbstatus HTTP/1.1<cr>
<cr>
HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
X-Runtime-Microseconds: 240
Transfer-Encoding: chunked
5
ALIVE
0
<ctrl c>
S curl -w '\n' http://127.0.0.1:12900/system/lbstatus
ALIVE
I got around this on the F5, by using curl with an external script.
Just wondering if there is an issue or I'm doing something incorrect.
Cheers,
Martin
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/97aa096f-c669-4f35-8000-fcedbb1ea0c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Marty
2016-04-15 12:00:14 UTC
Permalink
Hi Jochen,

Thanks for the clarification (as per rfc). It just seems intermittent, when
using echo and piped to nc. I don't always get an answer, via this way.

Cheers,
Marty
Post by Jochen Schalanda
Hi Marty,
the second CRLF is required by the HTTP/1.0 and HTTP/1.1 protocols, so
it's not broken but simply as specified (see
https://tools.ietf.org/html/rfc7230#section-3 for details). If you really
want to use netcat for that stuff instead of a proper HTTP client like
echo -e "GET /system/lbstatus HTTP/1.1\r\nConnection: close\r\n\r\n" | nc
127.0.0.1 12900
Cheers,
Jochen
Post by Marty
Hi Folks,
Graylog V1.3.4
Just wondering if anyone has integrated the Graylog LB state into the F5
native http health check.
GET /system/lbstatus HTTP/1.1
From the command line (using netcat) on the graylog node, this also
fails. Just get a newline (no output).
$ echo -e "GET /system/lbstatus HTTP/1.1\r\n" | nc 127.0.0.1 12900
Using nc natively is OK, as seen below. Need to send <cr> twice, as shown.
$ nc 127.0.0.1 12900
GET /system/lbstatus HTTP/1.1<cr>
<cr>
HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
X-Runtime-Microseconds: 240
Transfer-Encoding: chunked
5
ALIVE
0
<ctrl c>
S curl -w '\n' http://127.0.0.1:12900/system/lbstatus
ALIVE
I got around this on the F5, by using curl with an external script.
Just wondering if there is an issue or I'm doing something incorrect.
Cheers,
Martin
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2b61eae4-e35c-4a12-b27e-fabc0441e3e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Micha -
2016-04-13 14:34:49 UTC
Permalink
Hi Martin,

For tthis monitor you dont't need an external Monitor on the F5

Just Configure the monitor like one of that, and it should work

AS HTTP/1.0

*Send String:*
GET /system/lbstatus HTTP/1.0\r\n\r\n

*Receive String:*
Alive

OR as HTTP/1.1

*Send String:*
GET /system/lbstatus HTTP/1.1\r\nHost: dummy\r\n\r\n

*Receive String:*
Alive


Regards
Micha
Post by Marty
Hi Folks,
Graylog V1.3.4
Just wondering if anyone has integrated the Graylog LB state into the F5
native http health check.
GET /system/lbstatus HTTP/1.1
From the command line (using netcat) on the graylog node, this also fails.
Just get a newline (no output).
$ echo -e "GET /system/lbstatus HTTP/1.1\r\n" | nc 127.0.0.1 12900
Using nc natively is OK, as seen below. Need to send <cr> twice, as shown.
$ nc 127.0.0.1 12900
GET /system/lbstatus HTTP/1.1<cr>
<cr>
HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
X-Runtime-Microseconds: 240
Transfer-Encoding: chunked
5
ALIVE
0
<ctrl c>
S curl -w '\n' http://127.0.0.1:12900/system/lbstatus
ALIVE
I got around this on the F5, by using curl with an external script.
Just wondering if there is an issue or I'm doing something incorrect.
Cheers,
Martin
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/43f7d237-ca8f-4ef4-97a3-25666c94deba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Marty
2016-04-15 12:06:21 UTC
Permalink
Hi Micha,

Totally understand and was configuring the F5 as you've shown. Its just
that I don't seem to get an answer (ALIVE), confusing, hence script and
curl. Will try again.
This method always works for yourself without fail ?

Thanks for your help.

Cheers,
Marty
Post by Micha -
Hi Martin,
For tthis monitor you dont't need an external Monitor on the F5
Just Configure the monitor like one of that, and it should work
AS HTTP/1.0
*Send String:*
GET /system/lbstatus HTTP/1.0\r\n\r\n
*Receive String:*
Alive
OR as HTTP/1.1
*Send String:*
GET /system/lbstatus HTTP/1.1\r\nHost: dummy\r\n\r\n
*Receive String:*
Alive
Regards
Micha
Post by Marty
Hi Folks,
Graylog V1.3.4
Just wondering if anyone has integrated the Graylog LB state into the F5
native http health check.
GET /system/lbstatus HTTP/1.1
From the command line (using netcat) on the graylog node, this also
fails. Just get a newline (no output).
$ echo -e "GET /system/lbstatus HTTP/1.1\r\n" | nc 127.0.0.1 12900
Using nc natively is OK, as seen below. Need to send <cr> twice, as shown.
$ nc 127.0.0.1 12900
GET /system/lbstatus HTTP/1.1<cr>
<cr>
HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
X-Runtime-Microseconds: 240
Transfer-Encoding: chunked
5
ALIVE
0
<ctrl c>
S curl -w '\n' http://127.0.0.1:12900/system/lbstatus
ALIVE
I got around this on the F5, by using curl with an external script.
Just wondering if there is an issue or I'm doing something incorrect.
Cheers,
Martin
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/665163bf-84a8-4088-87ca-6b18f29905cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Micha -
2016-04-15 12:19:13 UTC
Permalink
Hi Marty,

at the moment i just using one Node so i still wasn't place one of our F5
Clusters in front of Graylog. I just tested the monitor via telnet like i
always do for new monitors.

f5ve]# telnet graylogserver 12900
Trying graylogserver...
Connected to graylogserver .
Escape character is '^]'.
GET /system/lbstatus HTTP/1.0

HTTP/1.1 200 OK
X-Graylog-Node-ID: c02340cc-d5b7-4f27-aba6-b795c51865b8
X-Runtime-Microseconds: 187
Content-Type: text/plain
Date: Fri, 15 Apr 2016 12:15:48 GMT
Connection: close
Content-Length: 5

ALIVE

alternative you could change the receive string from ALIVE to just 200 and
test if the pool stays up - if that doesnt work also - i guess there is a
problem somewhere else.

Greets
Micha
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f5822ec8-c2e8-466a-a45b-c31091d1dfab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Marty
2016-04-15 13:04:10 UTC
Permalink
Hi Mica,

Yes nc or telnet is always fine, though my headers and output is different
from yours for 1.0 or 1.1, see below, Always two CR to get answer.

# telnet 127.0.0.1 12900
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /system/lbstatus HTTP/1.0

HTTP/1.0 200 OK
Content-Length: 5
Content-Type: text/plain
X-Graylog-Node-ID: 5f5ad36e-7968-4ea4-b92c-dea47f3f6920
X-Runtime-Microseconds: 333

ALIVEConnection closed by foreign host.

# telnet 127.0.0.1 12900
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /system/lbstatus HTTP/1.1

HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: 5f5ad36e-7968-4ea4-b92c-dea47f3f6920
X-Runtime-Microseconds: 323
Transfer-Encoding: chunked

5
ALIVE
0

^]quit

telnet> quit
Connection closed.


Cheers,
Marty
Post by Jochen Schalanda
Hi Marty,
at the moment i just using one Node so i still wasn't place one of our F5
Clusters in front of Graylog. I just tested the monitor via telnet like i
always do for new monitors.
f5ve]# telnet graylogserver 12900
Trying graylogserver...
Connected to graylogserver .
Escape character is '^]'.
GET /system/lbstatus HTTP/1.0
HTTP/1.1 200 OK
X-Graylog-Node-ID: c02340cc-d5b7-4f27-aba6-b795c51865b8
X-Runtime-Microseconds: 187
Content-Type: text/plain
Date: Fri, 15 Apr 2016 12:15:48 GMT
Connection: close
Content-Length: 5
ALIVE
alternative you could change the receive string from ALIVE to just 200 and
test if the pool stays up - if that doesnt work also - i guess there is a
problem somewhere else.
Greets
Micha
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/515242ed-433d-4708-bf30-7ad30587f9ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Stefan
2016-06-08 10:45:27 UTC
Permalink
Hi Marty

Graylog 2.0.1.

We have tls enabled for the REST API. If I try to connect and check the
lbstatus using telnet I always get a "Connection closed by foreign host."
back. Do you maybe have an idea how to solve this?

Thank you and kind regards, Stefan
Post by Marty
Hi Mica,
Yes nc or telnet is always fine, though my headers and output is different
from yours for 1.0 or 1.1, see below, Always two CR to get answer.
# telnet 127.0.0.1 12900
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /system/lbstatus HTTP/1.0
HTTP/1.0 200 OK
Content-Length: 5
Content-Type: text/plain
X-Graylog-Node-ID: 5f5ad36e-7968-4ea4-b92c-dea47f3f6920
X-Runtime-Microseconds: 333
ALIVEConnection closed by foreign host.
# telnet 127.0.0.1 12900
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
GET /system/lbstatus HTTP/1.1
HTTP/1.1 200 OK
Content-Type: text/plain
X-Graylog-Node-ID: 5f5ad36e-7968-4ea4-b92c-dea47f3f6920
X-Runtime-Microseconds: 323
Transfer-Encoding: chunked
5
ALIVE
0
^]quit
telnet> quit
Connection closed.
Cheers,
Marty
Post by Jochen Schalanda
Hi Marty,
at the moment i just using one Node so i still wasn't place one of our F5
Clusters in front of Graylog. I just tested the monitor via telnet like i
always do for new monitors.
f5ve]# telnet graylogserver 12900
Trying graylogserver...
Connected to graylogserver .
Escape character is '^]'.
GET /system/lbstatus HTTP/1.0
HTTP/1.1 200 OK
X-Graylog-Node-ID: c02340cc-d5b7-4f27-aba6-b795c51865b8
X-Runtime-Microseconds: 187
Content-Type: text/plain
Date: Fri, 15 Apr 2016 12:15:48 GMT
Connection: close
Content-Length: 5
ALIVE
alternative you could change the receive string from ALIVE to just 200
and test if the pool stays up - if that doesnt work also - i guess there is
a problem somewhere else.
Greets
Micha
--
You received this message because you are subscribed to the Google Groups "Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8777618f-1e16-448c-a531-d6bdb88fc1b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...