Fresh Install Graylog v6 not able to login

1. Describe your incident:
Installed Graylog server, it looks like it’s running but i cant login.

I created root password using the command below:
echo -n “Enter Password: " && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” " -f1

but when logging in error is shown below:

image1688×1072 124 KB

2. Describe your environment:

• OS Information: Ubuntu 22

• Package Version: v6

3. What steps have you already taken to try and solve the problem?
Changed PW but still same error

4. How can the community help?
Any tips?

I understand this is a dumb question, but i have seen this happen often enough i have to ask, you are sure that you didnt get password and secret switched up in server.conf right?

Thank you! That was my bad i did get a new issue now. For some reason I’m getting this notification even if i put is_leader = true and running on a single-node

image1775×554 52.9 KB

Hey @mouse1122 ,
The error banner does not disappear by itself. Did it come back when you “deleted” it?
Did you apply the server changes by restarting the graylog-server.service?
Greetings

yes it comes back when i delete it. And yes, i did restart the graylog-server.services but error is still popping up

You can try different things.

1. check the Node-ID
   node_id_file: …
   look at the file. Are the permissions correct, does the file exist?
   To be sure you can delete the id and let graylog create a new one:
   sudo rm /etc/graylog/server/node-id
sudo systemctl restart graylog-server

2. Check MongoDB connection

3. Check Cluster-Status
   curl -X GET http://localhost:9000/api/system/cluster

Hi
Here’s the node-id:

I removed it and restarted the service, unfortunately it didnt recreate the node-id

Check Cluster-Status
curl -X GET http://localhost:9000/api/system/cluster

image827×102 4.34 KB

Sorry, Im not really very good at this

Oh you recreated the node id?
Can you show me the bind_address, …in your server.conf?
It seems that the api has a problem.

bind addr is set as below:
http_bind_address = [serverIP]:9000

no, i havent recreated the node-id. the server is dead right now lol

I appreciate your patience btw

I think it is possible to recreat the id file
sudo nano /etc/graylog/server/node-id
48e78d68-a258-488a-8a2f-ad034da0ed37

or
uuidgen | sudo tee /etc/graylog/server/node-id

Permission on that file:

and the api call didnt work because the node is dead

ermm…the server is alive again but i’m getting the same error

image1667×635 63.3 KB

Run the health check of the cluster again

Let me rethink this and i come back.

Try following:
You change the default port 9000 to a different for example 8080
And you use for the bin address a wildcard address
Publish and external stay your fqdn or ip
http_bind_address = 0.0.0.0:8080
http_publish_uri = http://yourip:8080/
http_external_uri = http://yourip:8080/

possibly check your firewall settings

do you have asccess to your api?
fqdn/ip and port are the same to access the web ui
http://<fqdn/ip>:<port>/api/api-browser/

HI Marvin, yes these are set correctly. and i can access http://<fqdn/ip>:/api/api-browser/ this

image1456×761 45.3 KB

Okay, here I am again, I installed Graylog 6 by myself and set it up like in the manual.
https://go2docs.graylog.org/current/downloading_and_installing_graylog/installing_graylog.html?tocpath=Installing%20Graylog|_____0
It worked absolutely fine…
I can only assume that maybe your connection to MongoDB on port 27017 (TCP) is sometimes failing, this could be a firewall or routing problem if you are not using the loopback address. I dont know if its possible but you can try to do a TCP dump on that port or change the Mongo URI in your Server.conf.

/etc/mongod.conf

net:
  port: 27017
  bindIp: 0.0.0.0

And in the server.conf of graylog

mongodb_uri = mongodb://your.mashine.example:27017/graylog

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.