Generating new Sidecar Token via API

Graylog Central (peer support)
,
1

Hi Community,

we’re using Graylog actively since Version 4.1x and were really happy.
As the environment got bigger, we’ve come up with the idea to automate as much as possible. We built a whole batch script to install the graylog-sidecar on Windows Hosts via Group Policy Objects using a defined txt file, with the 51 char token in it, in a certain directory. Works fine so far.
The ultimate step would be: Generating the Sidecar Token via API. For Deployment Purposes it would make things more efficient.

So has anyone a clue or even done it so far?

Thanks in advance for any replys.

2

Here is an example using curl:

curl -XPOST https://<existing-token>:token@<graylog-host>/api/users/62556f575c21cf1c6ec9604c/tokens/<token-name>

Verify that 62556f575c21cf1c6ec9604c is the correct OID (object id) for your sidecar user, via the graylog UI: /system/users/edit/62556f575c21cf1c6ec9604c. If this is not the write OID use the one specific for your sidecar user.

Which will return something like:

{
    "id": "<token-id>",
    "name": "<token-name>",
    "token": "<token>",
    "last_access": "1970-01-01T00:00:00.000Z"
}
3

Hi drewmiranda-gl,

thanks for your very fast reply.
As I’ve never worked with curl so far, I was trying to do so on a Windows Server via Powershell.
Just to understand the procedure a quick question:

curl -XPOST https://<existing-token>:token@<graylog-host>/api/users/62556f575c21cf1c6ec9604c/tokens/<token-name>

The existing token verifies that I am allowed to generate new token for this user or is it just for authentication purposes?

Anyways, I created a new token for the sidecar-user. Unfortunatly, it doesn’t work.

My string looked like this:

curl.exe -X POST “https://token-char-string:token@fqdn/api/users/65e9a41e6618bd029bc8b232/tokens/newToken

I got rejected and got the following response: Malformed input to a URL Response. This could mean everything.

May you help me to get this work?

Thank you.

4

It’s been too long since i’ve used powershell :slight_smile:

Something like this will work:

$GRAYLOG_API_TOKEN = ""
$GRAYLOG_API_HOST = ""
$GRAYLOG_API_NEW_TOKEN_NAME = "new-token-1"

$pair = "$($GRAYLOG_API_TOKEN):token"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$params = @{
	Uri         	= "https://$GRAYLOG_API_HOST/api/users/62556f575c21cf1c6ec9604c/tokens/$GRAYLOG_API_NEW_TOKEN_NAME"
	Method      	= 'POST'
	ContentType 	= "application/json"
	Headers = @{
    	"Authorization" = "$($basicAuthValue)";
    	"X-Requested-By" = "Powershell";
	}
}
$response = Invoke-WebRequest @params
$jsonObj = ConvertFrom-Json $([String]::new($response.Content))
write-host $jsonObj.token

You may be able to simplify but will work as a rough example.

5

Thanks for your snippet. Kudos to you drewmiranda-gl.

I tested it on my test-environment. Unfortunately it still isn’t working.
I got the following error message as reply:
Invoke-WebRequest :

{“type”:“ApiError”,“message”:“Not allowed to create tokens for user graylog-sidecar”}

It seems that I’ve not the permission needed to create.
But the good thing is, this led me to the solution. I need to create the $GRAYLOG_API_TOKEN for the Administrator, not the Sidecar-User. As the change was applied, it worked fine and i got the new token value for the sidecar user.

1 Like
6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.