1. Describe your incident:
My dashboard is not being loaded in HTTPS at port 9000
2. Describe your environment:
OS Information:
Operating System: Ubuntu 22.04.1 LTS
Kernel: Linux 5.17.0-1020-oem
Architecture: x86-64
Package Version: Graylog 4.1, mongoDB 4.4
Service logs, configurations, and environment variables:
systemctl status from graylog (issued):
graylog-server[79052]: 23:41:38.322 [main] ERROR org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: unexpected end of stream on *http:// 192.168. 15.168: 9200/… - \n not found: limit=0 content=….
/etc/default/graylog-server (line to gralyog uses the ssl certificate):
GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/etc/graylog/server/certs/cacerts -Djavax.net.ssl.trustStorePassword=changeit”
3. What steps have you already taken to try and solve the problem?
Restart the graylog service and validate the config, with the correct setup, the graylog cannot start the service to open GUI (even with status running), the htt ps://i p:920 0 does not load the GUI and service has the status:
ERROR org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: unexpected end of stream on *htt p:/ /192 .1 68.15.16 8:9200/… - \n not found: limit=0 content=…
4. How can the community help?
Please, kidnly help me to evaluate what is wrong in this configuration between wazhu and gralyog to uses SSL for HTTPS.
Thank you and Best Regards,
I had a similar issue in the past.
To fix it, I edited /etc/graylog/server/server.conf and added:
elasticsearch_version = 7
Then restarted Graylog.
I assume that your GL server can reach ES.
Do the files
/etc/wazuh-dashboard/certs/dashboard-key.pem
/etc/wazuh-dashboard/certs/dashboard.pem
have the right permissions for the graylog user to read them?
If you accept a suggestion, install and configure nginx as a reverse proxy and access GL on port 80 or 443. Makes things easier…
Hi m_mlk
Thank you for your sugestion, I will not perform at this time, while I need to finish this install at least.
Regarding your fix, does not worked for me, see that I’ve edit the file with version proposed
Also see that certs has the readle chmod values 444 for root, users and everyone:
(I’ll sent in trailling below)
But even do, system is not found by Graylog after a restart
(I’ll sent in trailling below)
Thank you for your help.
I Found the fix guys, is totally simples.
Just edit the /etc/graylog/server/server.conf at the elasticsearch_hosts from http to https
from elasticsearch_hosts = http://:@:9200
to elasticsearch_hosts = https://:@:9200