Connect to the Web Interface
When your Graylog instance or cluster is up and running, the next thing you usually want to do is check out our web interface, which offers you great capabilities for searching and analyzing your indexed data and configuring your Graylog environment. By default you can access it using your browser on https://<graylog-server>:9000/.
Access the Web Interface
-
Open a browser and navigate to the URL
https://xxx.xxx.xxx.xxx:9000. -
If using a VM appliance, log in using
admin
The Graylog web interface was rewritten in JavaScript for 2.0 to be a client-side single-page browser application. This means its code is running solely in your browser, fetching all data via HTTP(S) from the REST API of your Graylog server.
Getting Started with the Web Interface
Now that you are connected to the web interface, you can start to explore Graylog!
After logging in you will be directed to the Getting Started page, which is customized with information specific to your Graylog experience:
-
Last Opened: A list of your most recently view saved searches and dashboards so you can resume your latest journey if desired.
-
Favorite Items: An overview of saved searches and dashboards that you have marked as favorite items.
-
Recent Activity: A list of recent actions by other Graylog users, including newly created content or content shared with you.
Configuration Options
If our default settings do not work for your environment, there are a number of options in the Graylog server configuration file that you can change to influence its behavior:
|
Setting |
Default |
Explanation |
|---|---|---|
|
|
127.0.0.1:9000 |
The network interface used by the Graylog HTTP interface. |
|
|
If not set, |
The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all clients using the Graylog web interface. |
|
|
If not set, |
The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API.Graylog web interface. |
|
|
true |
This is necessary for JS-clients accessing the server directly. If disabled, modern browsers will not be able to retrieve resources from the server. |
|
|
true |
Serve web interface assets using compression to reduce overall round-trip times. |
|
|
8192 |
The maximum size of the HTTP request headers in bytes. |
|
|
16 |
The size of the thread pool used exclusively for serving the HTTP interface. |
|
|
false |
This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping. |
|
|
(no default) |
The X.509 certificate chain file in PEM format to use for securing the HTTP interface. |
|
|
(no default) |
The PKCS#8 private key file in PEM format to use for securing the HTTP interface. |
|
|
(no default) |
The password to unlock the private key used for securing the HTTP interface. (only needed if the key is encrypted) |
How Does the Web Interface Connect to the Graylog Server?
The web interface is fetching all information it is showing from the REST API of the Graylog server. Therefore it needs to connect to it using HTTP(S). There are several ways how you can define which way the web interface connects to the Graylog server. The URI used by the web interface is determined in this exact order:
- If the HTTP(S) client going to the web interface port sends a
X-Graylog-Server-URL - If
http_external_uri - If
http_publish_urihttp_external_uriis not set. - If none of the above are defined,
https://$http_bind_address
The web interface assets (e.g. the index.html, CSS and JavaScript files) are accessible at the URI root (/ /api
For example, setting http_bind_address to 10.0.0.1:9000
- Web interface:
https://10.0.0.1:9000/ - REST API:
https://10.0.0.1:9000/api/
Browser Compatibility
Graylog strives to provide the best possible experience to everyone, which often means using modern web technology only available in recent browsers while keeping a reasonable compatibility with older and less-capable browsers. For supported browsers, we support the latest version of the browser as well as its previous two releases.
Here are the supported browsers for Graylog 6.1 along with the operating systems on which each browser is supported:
|
Browser |
OS |
Supported Versions |
|---|---|---|
|
Chrome |
Windows, OS X, Linux |
Latest plus two previous releases |
|
Firefox |
Windows, OS X, Linux |
Latest plus two previous releases |
|
Safari |
OS X |
Latest plus two previous releases |
Making the Web Interface Work with Load Balancers/Proxies
If you want to run a load balancer/reverse proxy in front of Graylog, you need to make sure that:
- The HTTP port of the load balancer/reverse proxy is accessible for clients
- The HTTP address for the Graylog server is properly set (as explained in How does the web interface connect to the Graylog server?), so it is resolvable and accessible for the load balancer/reverse proxy.
- If you use SSL, your certificates must be valid and trusted by your clients.
For the configuration use cases below we assume the following:
- Your Graylog server configuration contains
http_bind_address = 127.0.0.1:9000 - The hostname for the setup is
graylog.example.org - The IP address for that hostname is
192.168.0.10
Using a Layer 3 Load Balancer (Forwarding TCP Ports)
- Configure your load balancer to forward connections going to
192.168.0.10:80127.0.0.1:9000. - Start the Graylog server as usual.
- Access the web interface on
https://graylog.example.org. - Read up on Using HTTPS .
NGINX
Proxy web interface and API traffic using HTTP
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name graylog.example.org;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://127.0.0.1:9000;
}
}
NGINX can be used for SSL Termination, you would only need to modify the server listen
If you are deploying multiple Graylog Servers you can use HTTPS/SSL to connect to the Graylog Servers (read Using HTTPS) and use HTTPS/SSL on NGINX. Note that configuration for TLS certificates, keys and ciphers is omitted from the sample config below.
Proxy web interface and API traffic using HTTPS (TLS)
server
{
listen 443 ssl http2;
server_name graylog.example.org;
# <- your SSL Settings here!
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:9000;
}
}
If you want to serve several different applications under one domain name, you can also serve the Graylog web interface using a path prefix.
Proxy web interface and API traffic under a path prefix using HTTP
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name applications.example.org;
location /graylog/
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:9000;
}
}This makes your Graylog setup available under the following URLs:
- Web interface:
https://applications.example.org/graylog/ - REST API:
https://applications.example.org/graylog/api/
Apache httpd 2.x
Proxy web interface and API traffic using HTTP
<VirtualHost *:80>
ServerName graylog.example.org
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
RequestHeader set X-Graylog-Server-URL "http://graylog.example.org/"
ProxyPass http://127.0.0.1:9000/
ProxyPassReverse http://127.0.0.1:9000/
</Location>
</VirtualHost>
Proxy web interface and API traffic using HTTPS (TLS)
<VirtualHost *:443>
ServerName graylog.example.org
ProxyRequests Off
SSLEngine on
# <- your SSL Settings here!
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
RequestHeader set X-Graylog-Server-URL "https://graylog.example.org/"
ProxyPass http://127.0.0.1:9000/
ProxyPassReverse http://127.0.0.1:9000/
</Location>
</VirtualHost>
HAProxy 1.6
Proxy web interface and API traffic using HTTP
frontend http
bind 0.0.0.0:80
option forwardfor
http-request add-header X-Forwarded-Host %[req.hdr(host)]
http-request add-header X-Forwarded-Server %[req.hdr(host)]
http-request add-header X-Forwarded-Port %[dst_port]
acl is_graylog hdr_dom(host) -i -m str graylog.example.org
use_backend graylog if is_graylog
backend graylog
description The Graylog Web backend.
http-request set-header X-Graylog-Server-URL http://graylog.example.org/
use-server graylog_1
server graylog_1 127.0.0.1:9000 maxconn 20 check
Multiple Backends (roundrobin) with Health-Check (using HTTP)
frontend graylog_http
bind *:80
option forwardfor
http-request add-header X-Forwarded-Host %[req.hdr(host)]
http-request add-header X-Forwarded-Server %[req.hdr(host)]
http-request add-header X-Forwarded-Port %[dst_port]
acl is_graylog hdr_dom(host) -i -m str graylog.example.org
use_backend graylog
backend graylog
description The Graylog Web backend.
balance roundrobin
option httpchk HEAD /api/system/lbstatus
http-request set-header X-Graylog-Server-URL http://graylog.example.org/
server graylog1 192.168.0.10:9000 maxconn 20 check
server graylog2 192.168.0.11:9000 maxconn 20 check
server graylog3 192.168.0.12:9000 maxconn 20 check
