我正在尝试创建一个Graylog Server - Graylog Collector设置,其中graylog收集器在一台机器上收集syslog文件并将它们发送到服务器。
我已经使用AWS AMI创建了Graylog Server,它正在按预期工作。
我在同一台机器上安装了一个Graylog Collector,我可以在该实例的源列表中看到它。
我的问题是当我尝试连接到远程Graylog收集器时。
Graylog Collector配置文件如下所示:
server-url = "http://xxx.xxx.xxx.xxx:12900/"
inputs {
syslog {
type = "file"
path = "/var/log/syslog"
}
}
outputs {
graylog-server {
type = "gelf"
host = "xxx.xxx.xxx.xxx"
port = 12201
}
}
其中xxx.xxx.xxx.xxx是我尝试连接的graylog服务器的私有IP地址。
来自graylog服务器配置的摘录是:
rest_listen_uri = http://0.0.0.0:12900/
两个实例的安全组如下:
-----------------------------------------------------------------
| Type | Protocol | Port Range | Source |
-----------------------------------------------------------------
| Custom TCP Rule | TCP | 12201 | 0.0.0.0/0 |
-----------------------------------------------------------------
| Custom TCP Rule | TCP | 12900 | 0.0.0.0/0 |
-----------------------------------------------------------------
当我查看graylog收集器的日志时,我收到以下消息:
2015-11-14T23:41:33.948+0000 ERROR [gelfTcpTransport-1-1] gelfclient.transport.GelfTcpTransport - Connection failed: Connection refused: /xxx.xxx.xxx.xxx:12201
2015-11-14T23:41:34.949+0000 ERROR [gelfTcpTransport-1-1] gelfclient.transport.GelfTcpTransport - Connection failed: Connection refused: /xxx.xxx.xxx.xxx:12201
2015-11-14T23:41:35.951+0000 ERROR [gelfTcpTransport-1-1] gelfclient.transport.GelfTcpTransport - Connection failed: Connection refused: /xxx.xxx.xxx.xxx:12201
2015-11-14T23:41:36.953+0000 ERROR [gelfTcpTransport-1-1] gelfclient.transport.GelfTcpTransport - Connection failed: Connection refused: /xxx.xxx.xxx.xxx:12201
2015-11-14T23:41:37.956+0000 ERROR [gelfTcpTransport-1-1] gelfclient.transport.GelfTcpTransport - Connection failed: Connection refused: /xxx.xxx.xxx.xxx:12201
2015-11-14T23:41:38.698+0000 WARN [HeartbeatService RUNNING] collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog server: ConnectException: Connection refused
(同样xxx.xxx.xxx.xxx是我尝试连接的graylog服务器的私有IP地址)
我在端口12201和端口12900上的2台机器之间运行了traceroute,没有任何问题。
任何人都可以告诉我在配置中可能缺少哪些内容以允许这两个连接吗?
两者都在运行Ubuntu 14.04。
谢谢,
肖恩
答案 0 :(得分:1)
心跳错误与graylog-collector与graylog-server的注册有关。收集器需要向Graylog服务器注册,以便它可以出现在Web界面的System-> Collector菜单中。 在graylog-collector配置文件集中 “enable-registration = false”(不带引号) 作为全局配置删除此心跳错误。 这将消除心跳错误,并且日志仍将在graylog服务器上进行,没有任何问题。
答案 1 :(得分:0)
尝试更改Graylog Web中的设置,"System -> Inputs"菜单,编辑从端口12201收听的输入设置(在我的情况下称为"Appliance Gelf UDP"),然后更改"Bind Adress"到您的私人IP。在我的情况下,所有内容都在localhost(收集器和包含Graylog服务器的vagrant虚拟机)中,我写了"127.0.0.1",并且"HeartbeatService RUNNING] collector.heartbeat.HeartbeatService - Unable to send heartbeat to Graylog server: ConnectException: Connection refused"错误消息已从Graylog Collector'中消失。 s log。
这是健康收集器的STDOUT输出开始:
2015-12-18T12:26:24.027+0100 INFO [main] cli.commands.Run - Starting Collector v0.4.1 (commit 36a0856)
2015-12-18T12:26:24.032+0100 INFO [main] cli.commands.Run - Running on Windows 8.1 Windows 8.1 6.3 (amd64)
2015-12-18T12:26:25.311+0100 INFO [main] collector.utils.CollectorId - Collector ID: ff0f70f5-2d48-4b5c-9943-88031ea5e0fc
2015-12-18T12:26:25.349+0100 INFO [main] outputs.gelf.GelfOutput - Starting GELF transport: org.graylog2.gelfclient.GelfConfiguration@7ca65d82
2015-12-18T12:26:25.761+0100 INFO [gelfTcpTransport-1-1] gelfclient.transport.GelfTcpTransport - Channel disconnected!
2015-12-18T12:26:25.761+0100 INFO [main] cli.commands.Run - Service RUNNING: BufferProcessor [RUNNING]
2015-12-18T12:26:25.761+0100 INFO [main] cli.commands.Run - Service RUNNING: FileObserver [RUNNING]
2015-12-18T12:26:25.761+0100 INFO [main] cli.commands.Run - Service RUNNING: MemoryReporterService [RUNNING]
2015-12-18T12:26:25.761+0100 INFO [main] cli.commands.Run - Service RUNNING: MetricService [RUNNING]
2015-12-18T12:26:25.762+0100 INFO [main] cli.commands.Run - Service RUNNING: HeartbeatService [RUNNING]
2015-12-18T12:26:25.764+0100 INFO [main] cli.commands.Run - Service RUNNING: GelfOutput{port='12201', id='gelf-tcp', client-send-buffer-size='-1', host='127.0.0.1', inputs='', client-reconnect-delay='1000', client-connect-timeout='5000', client-tcp-no-delay='true', client-queue-size='512'}