New setup - Unable to login

Graylog Central (peer support)
1

1. Describe your incident:
I have a new setup of Graylog on Ubuntu and am having issues logging into the web portal. It just loops back to the login screen. I used the guide here: Ubuntu installation on a fresh install of Ubuntu Server

2. Describe your environment:

  • OS Information: Ubuntu 20.04 with Opensearch

3. What steps have you already taken to try and solve the problem?
I’ve tried to generate everything and kicked back to a different password. I have set the root_password_sha2 as per the documentation using:

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

When I type in the incorrect password, I get the “invalid credentials” error, the correct password throws below on the first time and then just loops back to the login screen.

loading streams failed with the status fetcherror there was an error fetching a resource unauthorized

In the Graylog log, when I type in the incorrect password, I get the top line, corrrect password the bottom line:

2023-08-09T14:33:55.207+10:00 INFO  [SessionCreator] Invalid credentials in session create request. Actor: "urn:graylog:user:admin"
2023-08-09T14:33:58.905+10:00 INFO  [connection] Opened connection [connectionId{localValue:10, serverValue:36}] to localhost:27017

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

can you confirm you have both password_secret and root_password_sha2 appropriately set? Both should be set and not using double quotes:

image
image977×309 44.9 KB

3

This is what I have in my file

Graylog
Graylog1220×292 15.3 KB

I tried replacing it with the sha2 for “password” which i have as
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

but have the same symptom.

Does the password secret have to mean anything or is it just a random string?

4

As far as I can tell everything looks correct.

Does the password secret have to mean anything or is it just a random string?

its a random string.

To confirm, what happens when you type the correct password? Can you share a screenshot of the web browser?

2023-08-09T14:33:58.905+10:00 INFO [connection] Opened connection [connectionId{localValue:10, serverValue:36}] to localhost:27017

this is a normal message and nothing out of the ordinary.

5

This is what I get for th first sign in (Please ignore the insucure password warning)

Graylog2
Graylog21688×1396 137 KB

That error only shows up on the page first load, after that it just flicks to a “loading” and then back to the login page.

6

I have exactly same issue on Centos9. I followed these instructions CentOS installation

7

I have upgraded to 5.1 and it looks like the problem is with graylog-plugin-snmp-0.3.0.jar.

I removed the plugin and I could log in.

1 Like
8

Thanks. Where is the plugin located? Is there any fix coming ad I think SNMP is something we might need.

9

I ended up rebuilding my enviroment to 5.1 I noted that when in installed opensearch, it install 2.9 and not 2.5.
Rebuilt it all and able to log in now.

10

Probably no longer needed but in case anyone else happens upon this thread:

Where is the plugin located?

By default: /usr/share/graylog-server/plugin

Is there any fix coming ad I think SNMP

This is a fairly old plugin released in 2015 and has not had any changes or updates since. I don’t believe there are any plans to update it.

11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.