Hi Community,
we’re using Graylog actively since Version 4.1x and were really happy.
As the environment got bigger, we’ve come up with the idea to automate as much as possible. We built a whole batch script to install the graylog-sidecar on Windows Hosts via Group Policy Objects using a defined txt file, with the 51 char token in it, in a certain directory. Works fine so far.
The ultimate step would be: Generating the Sidecar Token via API. For Deployment Purposes it would make things more efficient.
So has anyone a clue or even done it so far?
Thanks in advance for any replys.
Here is an example using curl:
curl -XPOST https://<existing-token>:token@<graylog-host>/api/users/62556f575c21cf1c6ec9604c/tokens/<token-name>
Verify that 62556f575c21cf1c6ec9604c is the correct OID (object id) for your sidecar user, via the graylog UI: /system/users/edit/62556f575c21cf1c6ec9604c. If this is not the write OID use the one specific for your sidecar user.
Which will return something like:
{
"id": "<token-id>",
"name": "<token-name>",
"token": "<token>",
"last_access": "1970-01-01T00:00:00.000Z"
}
Hi drewmiranda-gl,
thanks for your very fast reply.
As I’ve never worked with curl so far, I was trying to do so on a Windows Server via Powershell.
Just to understand the procedure a quick question:
curl -XPOST https://<existing-token>:token@<graylog-host>/api/users/62556f575c21cf1c6ec9604c/tokens/<token-name>
The existing token verifies that I am allowed to generate new token for this user or is it just for authentication purposes?
Anyways, I created a new token for the sidecar-user. Unfortunatly, it doesn’t work.
My string looked like this:
curl.exe -X POST “https://token-char-string:token@fqdn/api/users/65e9a41e6618bd029bc8b232/tokens/newToken”
I got rejected and got the following response: Malformed input to a URL Response. This could mean everything.
May you help me to get this work?
Thank you.
It’s been too long since i’ve used powershell 
Something like this will work:
$GRAYLOG_API_TOKEN = ""
$GRAYLOG_API_HOST = ""
$GRAYLOG_API_NEW_TOKEN_NAME = "new-token-1"
$pair = "$($GRAYLOG_API_TOKEN):token"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$params = @{
Uri = "https://$GRAYLOG_API_HOST/api/users/62556f575c21cf1c6ec9604c/tokens/$GRAYLOG_API_NEW_TOKEN_NAME"
Method = 'POST'
ContentType = "application/json"
Headers = @{
"Authorization" = "$($basicAuthValue)";
"X-Requested-By" = "Powershell";
}
}
$response = Invoke-WebRequest @params
$jsonObj = ConvertFrom-Json $([String]::new($response.Content))
write-host $jsonObj.token
You may be able to simplify but will work as a rough example.
Thanks for your snippet. Kudos to you drewmiranda-gl.
I tested it on my test-environment. Unfortunately it still isn’t working.
I got the following error message as reply:
Invoke-WebRequest :
{“type”:“ApiError”,“message”:“Not allowed to create tokens for user graylog-sidecar”}
It seems that I’ve not the permission needed to create.
But the good thing is, this led me to the solution. I need to create the $GRAYLOG_API_TOKEN for the Administrator, not the Sidecar-User. As the change was applied, it worked fine and i got the new token value for the sidecar user.
