I don't have the password of and old graylog instalation. There is a a way to restore it

I received and old graylog installation and I have not password.
I read and there is:
root_username
root_password_sha2
password_secret
If there is some way to recover it the pass or entering using these values from I really appreciate any help.

Hello,
Maybe I can help you.
first you need access to Graylog server config file.
Next you need to reset the admin password on Gralog-server.
execute this;

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Copy the output and place it here in the configuration file.

root_password_sha2 =

Default file locations are shown here.

https://docs.graylog.org/en/4.0/pages/configuration/file_location.html

Here is the documentation for the above statement.
https://docs.graylog.org/en/4.0/pages/installation/os/centos.html#edit-the-configuration-file

Restart Graylog service and you should be able to log in the web UI.
Log in as admin and use the password that was created.

Hope that helps.

My Dear gsmith: I really appreciate your answer I will try it right now and let you know.
Thanks in advance!

Dear gsmith:
I enter into the console.
I execute the command:

echo -n “mypasshere” && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d" " -f1

and I got a value 64 letters password.
I replace the value in the root_password_sha2 in the “server.conf” file located in /etc/graylog/server.

I tried to restart the server in order to take the new password.

I tried with these:
sudo chkconfig graylog-server off
sudo systemctl daemon-reload
sudo systemctl start graylog-server.service

But the server not stop and it didn’t take the new pass.
Any help is welcome!

Regards,

Those are incorrect
sudo chkconfig graylog-server off is for starting service after a OS reboot.
sudo systemctl daemon-reload this is for your service/s that has been created or modify you need to reload.

If you need to restart a service try this.

sudo systemctl restart graylog-server

If that doesnt work try this.

sudo systemctl stop graylog-server

Then

sudo system start graylog-server

Hope that helps

1 Like

Dear gsmith:
I really appreciate your invaluable help and your time to give me some instrucctions.

I tried with the commands that you gave me. With the first it non stopped. With the 2nd commands the server stopped and restarted. So I am one step now I can stop and restart the server.

In the server.conf I change the value adding the key obteined from console with the command:

echo -n “admin” && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d" " -f1

and I got this value e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
and I put these value in
root_password_sha2 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

But when I try to login like admin it says:
“Invalid credentials, please verify them and retry.”

Thanks in advance

Hello,

I believe you executed the wrong command.

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

I execute what you showed above. Then I execute my command for Admin password.

You can see the difference in the screenshot below.

Then copy & paste the hash password in the server.conf file as shown below.

You can always use this command below, and maybe it will work better for you if need be.

Remember if you password has symbols in it make sure you use a quotation mark P@$$WORD!@# '

echo -n yourpassword | shasum -a 256

Example: Below in the cmd, copy the hash password then paste it in server.config file.

This is also shown in the configuration file. Example below.

This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256

I hope this helps

2 Likes

Dear gSmith:
I day sorry for my delay in answer I have some healthy issue.
Your solution works perfect and I could finally enter into this old vdi installation.
I really appreciate your help.

I tried to use this old installation but it didn’t worked.
So following your commands I stopped this old installation and I started a new fresh docker-compose graylog.
In this new installation I started to see the logs.
After 2 days graylog stop to work with messages like:

http://127.0.0.1:9000/config.js net::ERR_CONNECTION_REFUSED
I will check that and I will create a new topic if needed.

Thanks again for all the support

Mariano

1 Like