2020-11-06T11:11:12.834+01:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 3.3

1. 2020-11-06T11:11:12.834+01:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 3.3.8 [org.graylog.aws.AWSPlugin]
2. 2020-11-06T11:11:12.838+01:00 INFO [CmdLineTool] Loaded plugin: Collector 3.3.8 [org.graylog.plugins.collector.CollectorPlugin]
3. 2020-11-06T11:11:12.839+01:00 INFO [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 3.3.8 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
4. 2020-11-06T11:11:13.188+01:00 INFO [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx2g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=deb
5. 2020-11-06T11:11:13.534+01:00 INFO [Version] HV000001: Hibernate Validator null
6. 2020-11-06T11:11:17.451+01:00 INFO [InputBufferImpl] Message journal is enabled.
7. 2020-11-06T11:11:17.480+01:00 INFO [NodeId] Node ID: 5878c5f6-33f4-4bfc-9a3b-1891f3ed7e0c
8. 2020-11-06T11:11:17.753+01:00 INFO [LogManager] Loading logs.
9. 2020-11-06T11:11:17.866+01:00 INFO [LogManager] Logs loading complete.
10. 2020-11-06T11:11:17.873+01:00 INFO [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
11. 2020-11-06T11:11:17.916+01:00 INFO [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=5000}
12. 2020-11-06T11:11:17.978+01:00 INFO [cluster] Cluster description not yet available. Waiting for 30000 ms before timing out
13. 2020-11-06T11:11:18.033+01:00 INFO [connection] Opened connection [connectionId{localValue:1, serverValue:40}] to localhost:27017
14. 2020-11-06T11:11:18.071+01:00 INFO [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 6, 8]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=5511410}
15. 2020-11-06T11:11:18.090+01:00 INFO [connection] Opened connection [connectionId{localValue:2, serverValue:41}] to localhost:27017
16. 2020-11-06T11:11:18.388+01:00 INFO [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
17. 2020-11-06T11:11:18.648+01:00 INFO [AbstractJestClient] Setting server pool to a list of 1 servers: [http://127.0.0.1:9200]
18. 2020-11-06T11:11:18.649+01:00 INFO [JestClientFactory] Using multi thread/connection supporting pooling connection manager
19. 2020-11-06T11:11:18.733+01:00 INFO [JestClientFactory] Using custom ObjectMapper instance
20. 2020-11-06T11:11:18.734+01:00 INFO [JestClientFactory] Node Discovery disabled...
21. 2020-11-06T11:11:18.734+01:00 INFO [JestClientFactory] Idle connection reaping disabled...
22. 2020-11-06T11:11:19.551+01:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
23. 2020-11-06T11:11:19.885+01:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
24. 2020-11-06T11:11:19.904+01:00 INFO [connection] Opened connection [connectionId{localValue:3, serverValue:42}] to localhost:27017
25. 2020-11-06T11:11:19.934+01:00 INFO [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy <BlockingWaitStrategy>.
26. 2020-11-06T11:11:19.985+01:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
27. 2020-11-06T11:11:20.039+01:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
28. 2020-11-06T11:11:20.089+01:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
29. 2020-11-06T11:11:20.139+01:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
30. 2020-11-06T11:11:20.183+01:00 WARN [GeoIpResolverEngine] GeoIP database file does not exist: /etc/graylog/server/GeoLite2-City.mmdb
31. 2020-11-06T11:11:20.896+01:00 INFO [ServerBootstrap] Graylog server 3.3.8+e223f85 starting up
32. 2020-11-06T11:11:20.896+01:00 INFO [ServerBootstrap] JRE: Ubuntu 11.0.9 on Linux 5.4.0-48-generic
33. 2020-11-06T11:11:20.897+01:00 INFO [ServerBootstrap] Deployment: deb
34. 2020-11-06T11:11:20.897+01:00 INFO [ServerBootstrap] OS: Ubuntu 20.04.1 LTS (focal)
35. 2020-11-06T11:11:20.897+01:00 INFO [ServerBootstrap] Arch: amd64
36. 2020-11-06T11:11:20.929+01:00 INFO [PeriodicalsService] Starting 30 periodicals ...
37. 2020-11-06T11:11:20.931+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.ThroughputCalculator] periodical in [0s], polling every [1s].
38. 2020-11-06T11:11:20.947+01:00 INFO [Periodicals] Starting [org.graylog.plugins.pipelineprocessor.periodical.LegacyDefaultStreamMigration] periodical, running forever.
39. 2020-11-06T11:11:20.950+01:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.AlertScannerThread] periodical. Not configured to run on this node.
40. 2020-11-06T11:11:20.950+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] periodical in [0s], polling every [1s].
41. 2020-11-06T11:11:20.953+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.ClusterHealthCheckThread] periodical in [120s], polling every [20s].
42. 2020-11-06T11:11:20.954+01:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.ContentPackLoaderPeriodical] periodical. Not configured to run on this node.
43. 2020-11-06T11:11:20.956+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.GarbageCollectionWarningThread] periodical, running forever.
44. 2020-11-06T11:11:20.964+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexerClusterCheckerThread] periodical in [0s], polling every [30s].
45. 2020-11-06T11:11:20.968+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRetentionThread] periodical in [0s], polling every [300s].
46. 2020-11-06T11:11:20.969+01:00 INFO [connection] Opened connection [connectionId{localValue:4, serverValue:43}] to localhost:27017
47. 2020-11-06T11:11:20.970+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRotationThread] periodical in [0s], polling every [10s].
48. 2020-11-06T11:11:20.970+01:00 INFO [LegacyDefaultStreamMigration] Legacy default stream has no connections, no migration needed.
49. 2020-11-06T11:11:20.971+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.NodePingThread] periodical in [0s], polling every [1s].
50. 2020-11-06T11:11:20.978+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.VersionCheckThread] periodical in [300s], polling every [1800s].
51. 2020-11-06T11:11:20.979+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.ThrottleStateUpdaterThread] periodical in [1s], polling every [1s].
52. 2020-11-06T11:11:20.980+01:00 INFO [Periodicals] Starting [org.graylog2.events.ClusterEventPeriodical] periodical in [0s], polling every [1s].
53. 2020-11-06T11:11:20.982+01:00 INFO [Periodicals] Starting [org.graylog2.events.ClusterEventCleanupPeriodical] periodical in [0s], polling every [86400s].
54. 2020-11-06T11:11:20.984+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.ClusterIdGeneratorPeriodical] periodical, running forever.
55. 2020-11-06T11:11:20.985+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRangesMigrationPeriodical] periodical, running forever.
56. 2020-11-06T11:11:20.990+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexRangesCleanupPeriodical] periodical in [15s], polling every [3600s].
57. 2020-11-06T11:11:21.025+01:00 INFO [connection] Opened connection [connectionId{localValue:5, serverValue:44}] to localhost:27017
58. 2020-11-06T11:11:21.026+01:00 INFO [connection] Opened connection [connectionId{localValue:8, serverValue:47}] to localhost:27017
59. 2020-11-06T11:11:21.026+01:00 INFO [connection] Opened connection [connectionId{localValue:7, serverValue:46}] to localhost:27017
60. 2020-11-06T11:11:21.027+01:00 INFO [connection] Opened connection [connectionId{localValue:6, serverValue:45}] to localhost:27017
61. 2020-11-06T11:11:21.030+01:00 INFO [PeriodicalsService] Not starting [org.graylog2.periodical.UserPermissionMigrationPeriodical] periodical. Not configured to run on this node.
62. 2020-11-06T11:11:21.031+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.ConfigurationManagementPeriodical] periodical, running forever.
63. 2020-11-06T11:11:21.041+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical, running forever.
64. 2020-11-06T11:11:21.053+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.IndexFailuresPeriodical] periodical, running forever.
65. 2020-11-06T11:11:21.054+01:00 INFO [Periodicals] Starting [org.graylog2.periodical.TrafficCounterCalculator] periodical in [0s], polling every [1s].
66. 2020-11-06T11:11:21.056+01:00 INFO [Periodicals] Starting [org.graylog2.indexer.fieldtypes.IndexFieldTypePollerPeriodical] periodical in [0s], polling every [3600s].
67. 2020-11-06T11:11:21.057+01:00 INFO [Periodicals] Starting [org.graylog.scheduler.periodicals.ScheduleTriggerCleanUp] periodical in [120s], polling every [86400s].
68. 2020-11-06T11:11:21.057+01:00 INFO [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredSidecarsThread] periodical in [0s], polling every [600s].
69. 2020-11-06T11:11:21.058+01:00 INFO [Periodicals] Starting [org.graylog.plugins.sidecar.periodical.PurgeExpiredConfigurationUploads] periodical in [0s], polling every [600s].
70. 2020-11-06T11:11:21.060+01:00 INFO [Periodicals] Starting [org.graylog.plugins.views.search.db.SearchesCleanUpJob] periodical in [3600s], polling every [28800s].
71. 2020-11-06T11:11:21.063+01:00 INFO [Periodicals] Starting [org.graylog.events.periodicals.EventNotificationStatusCleanUp] periodical in [120s], polling every [86400s].
72. 2020-11-06T11:11:21.063+01:00 INFO [Periodicals] Starting [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] periodical in [0s], polling every [3600s].
73. 2020-11-06T11:11:21.149+01:00 INFO [IndexRetentionThread] Elasticsearch cluster not available, skipping index retention checks.
74. 2020-11-06T11:11:21.549+01:00 ERROR [AbstractRotationStrategy] Cannot perform rotation of index <icdi_0> in index set <ICDI> with strategy <org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy> at this moment
75. 2020-11-06T11:11:21.630+01:00 INFO [JerseyService] Enabling CORS for HTTP endpoint
76. 2020-11-06T11:11:21.646+01:00 ERROR [AbstractRotationStrategy] Cannot perform rotation of index <remo_0> in index set <RENAULT> with strategy <org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy> at this moment
77. 2020-11-06T11:11:31.087+01:00 ERROR [AbstractRotationStrategy] Cannot perform rotation of index <icdi_0> in index set <ICDI> with strategy <org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy> at this moment
78. 2020-11-06T11:11:36.012+01:00 INFO [IndexRangesCleanupPeriodical] Skipping index range cleanup because the Elasticsearch cluster is unreachable or unhealthy
79. 2020-11-06T11:11:58.822+01:00 INFO [JerseyService] Started REST API at <178.248.160.225:9000>
80. 2020-11-06T11:11:58.823+01:00 INFO [ServiceManagerListener] Services are healthy
81. 2020-11-06T11:11:58.824+01:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
82. 2020-11-06T11:11:58.824+01:00 INFO [ServerBootstrap] Services started, startup times in ms: {InputSetupService [RUNNING]=4, BufferSynchronizerService [RUNNING]=21, JobSchedulerService [RUNNING]=23, OutputSetupService [RUNNING]=23, JournalReader [RUNNING]=27, EtagService [RUNNING]=29, KafkaJournal [RUNNING]=32, UrlWhitelistService [RUNNING]=33, GracefulShutdownService [RUNNING]=34, ConfigurationEtagService [RUNNING]=44, MongoDBProcessingStatusRecorderService [RUNNING]=49, LookupTableService [RUNNING]=141, PeriodicalsService [RUNNING]=164, StreamCacheService [RUNNING]=177, JerseyService [RUNNING]=37895}
83. 2020-11-06T11:11:58.828+01:00 INFO [ServerBootstrap] Graylog server up and running.
84. 2020-11-06T11:11:58.850+01:00 INFO [InputStateListener] Input [Syslog UDP/5f97fb04413915007603c647] is now STARTING
85. 2020-11-06T11:11:58.993+01:00 INFO [InputStateListener] Input [Syslog UDP/5f97fb04413915007603c647] is now RUNNING
86. 2020-11-06T11:11:59.000+01:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=UDP-INPUT-5015, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=5878c5f6-33f4-4bfc-9a3b-1891f3ed7e0c} (channel [id: 0x2678e269, L:/0:0:0:0:0:0:0:0%0:5015]) should be 262144 but is 425984.
87. 2020-11-06T11:11:59.000+01:00 WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=UDP-INPUT-5015, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=5878c5f6-33f4-4bfc-9a3b-1891f3ed7e0c} (channel [id: 0xafbd4d35, L:/0:0:0:0:0:0:0:0%0:5015]) should be 262144 but is 425984.
88. 2020-11-06T11:15:01.005+01:00 INFO [AbstractRotationStrategy] Deflector index <EPC> (index set <epc_3>) should be rotated, Pointing deflector to new index now!
89. 2020-11-06T11:15:01.007+01:00 INFO [MongoIndexSet] Cycling from <epc_3> to <epc_4>.
90. 2020-11-06T11:15:01.007+01:00 INFO [MongoIndexSet] Creating target index <epc_4>.
91. 2020-11-06T11:15:01.092+01:00 INFO [Indices] Successfully created index template epc-template
92. 2020-11-06T11:15:28.747+01:00 INFO [MongoIndexSet] Waiting for allocation of index <epc_4>.
93. 2020-11-06T11:15:28.754+01:00 INFO [MongoIndexSet] Index <epc_4> has been successfully allocated.
94. 2020-11-06T11:15:28.756+01:00 INFO [MongoIndexSet] Pointing index alias <epc_deflector> to new index <epc_4>.
95. 2020-11-06T11:15:31.351+01:00 INFO [SystemJobManager] Submitted SystemJob <00224810-2019-11eb-96d5-00155d01051b> [org.graylog2.indexer.indices.jobs.SetIndexReadOnlyAndCalculateRangeJob]
96. 2020-11-06T11:15:31.351+01:00 INFO [MongoIndexSet] Successfully pointed index alias <epc_deflector> to index <epc_4>.
97. 2020-11-06T11:16:01.626+01:00 INFO [SetIndexReadOnlyJob] Flushing old index <epc_3>.
98. 2020-11-06T11:16:23.686+01:00 INFO [SetIndexReadOnlyJob] Setting old index <epc_3> to read-only.
99. 2020-11-06T11:16:24.174+01:00 INFO [SystemJobManager] Submitted SystemJob <1f9f58e0-2019-11eb-96d5-00155d01051b> [org.graylog2.indexer.indices.jobs.OptimizeIndexJob]
100. 2020-11-06T11:16:24.190+01:00 INFO [OptimizeIndexJob] Optimizing index <epc_3>.
101. 2020-11-06T11:16:24.223+01:00 INFO [CreateNewSingleIndexRangeJob] Calculating ranges for index epc_3.
102. 2020-11-06T11:16:27.513+01:00 INFO [MongoIndexRangeService] Calculated range of [epc_3] in [3287ms].
103. 2020-11-06T11:16:27.521+01:00 INFO [CreateNewSingleIndexRangeJob] Created ranges for index epc_3.
104. 2020-11-06T11:16:27.536+01:00 INFO [SystemJobManager] SystemJob <00224810-2019-11eb-96d5-00155d01051b> [org.graylog2.indexer.indices.jobs.SetIndexReadOnlyAndCalculateRangeJob] finished in 26188ms.
105. 2020-11-06T11:19:41.013+01:00 INFO [SystemJobManager] SystemJob <1f9f58e0-2019-11eb-96d5-00155d01051b> [org.graylog2.indexer.indices.jobs.OptimizeIndexJob] finished in 196837ms.
106.