1. Describe your incident:
I added a user in order to create an API token to monitor indexer failures from Zabbix. Both Zabbix and Graylog are on the same machine.
Using the API browser to generate the URL, and using the token I get a Not Authorized error despite the user having Reader permissions.
2. Describe your environment:
- OS Information: Debian 12 AMD64
- Package Version: Graylog 6.0.7
Whats happening:
curl -v -u xxxxxxxxxxxxxxxx:token -H 'Accept: application/json' -X GET 'http://127.0.0.1:9000/api/system/indexer/failures/count?since=2024-10-25T11%3A00%3A00.000Z'
* Trying 127.0.0.1:9000...
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
* Server auth using Basic with user 'xxxxxxxxxxxxxxxxxxxxxxxxx'
> GET /api/system/indexer/failures/count?since=2024-10-25T11%3A00%3A00.000Z HTTP/1.1
> Host: 127.0.0.1:9000
> Authorization: Basic xxxxxxxxxxxxxxx
> User-Agent: curl/7.88.1
> Accept: application/json
>
< HTTP/1.1 403 Forbidden
< X-Graylog-Node-ID: 3e272ba8-ed29-40c1-b7db-9a2850d5b65e
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-Runtime-Microseconds: 7617
< Content-Type: application/json
< Content-Length: 46
<
* Connection #0 to host 127.0.0.1 left intact
{"type":"ApiError","message":"Not authorized"}
3. What steps have you already taken to try and solve the problem?
- switch user to non service account
- adding other reader roles
- restarting graylog service
4. How can the community help?
Why can’t my new user access the indexer API?