Users and Teams / Users Overview "IOException encountered while reading from a byte array input stream"

Graylog Central (peer support)
1

Description of your problem

Hi,
We currently have a freshly set up Graylog environment in development and encounter the following problem when trying to access “Users and Teams” under the “System” tab in the Web Interface:

Error
Loading users failed with status: IOException encountered while reading from a byte array input stream - There was an error fetching a resource: Internal Server Error. Additional information: IOException encountered while reading from a byte array input stream

We checked the mongodb replica set and users collection of the graylog database which contains the property “email”, and there seems everything to be just right. Also a freshly created user (within graylog web interface) with an email address shows up in the database.

Operating system information

All components are running on
Ubuntu 20.04

Package versions

We operate 10 VM’s:
3 x MongoDB 4.4.7
5 x Elasticsearch 7.10.2
2 x Graylog v4.1.3+9d79c05

The server.log throws the following error:

server-log 
2021-09-10T10:04:43.815+02:00 ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
java.lang.RuntimeException: IOException encountered while reading from a byte array input stream
	at org.mongojack.internal.stream.JacksonDBDecoder.decode(JacksonDBDecoder.java:67) ~[graylog.jar:?]
	at com.mongodb.DBDecoderAdapter.decode(DBDecoderAdapter.java:49) ~[graylog.jar:?]
	at com.mongodb.DBDecoderAdapter.decode(DBDecoderAdapter.java:29) ~[graylog.jar:?]
	at com.mongodb.operation.CommandResultArrayCodec.decode(CommandResultArrayCodec.java:52) ~[graylog.jar:?]
	at com.mongodb.operation.CommandResultDocumentCodec.readValue(CommandResultDocumentCodec.java:60) ~[graylog.jar:?]
	at org.bson.codecs.BsonDocumentCodec.decode(BsonDocumentCodec.java:84) ~[graylog.jar:?]
	at org.bson.codecs.BsonDocumentCodec.decode(BsonDocumentCodec.java:41) ~[graylog.jar:?]
	at org.bson.internal.LazyCodec.decode(LazyCodec.java:48) ~[graylog.jar:?]
	at org.bson.codecs.BsonDocumentCodec.readValue(BsonDocumentCodec.java:101) ~[graylog.jar:?]
	at com.mongodb.operation.CommandResultDocumentCodec.readValue(CommandResultDocumentCodec.java:63) ~[graylog.jar:?]
	at org.bson.codecs.BsonDocumentCodec.decode(BsonDocumentCodec.java:84) ~[graylog.jar:?]
	at org.bson.codecs.BsonDocumentCodec.decode(BsonDocumentCodec.java:41) ~[graylog.jar:?]
	at com.mongodb.internal.connection.ReplyMessage.<init>(ReplyMessage.java:51) ~[graylog.jar:?]
	at com.mongodb.internal.connection.InternalStreamConnection.getCommandResult(InternalStreamConnection.java:413) ~[graylog.jar:?]
	at com.mongodb.internal.connection.InternalStreamConnection.receiveCommandMessageResponse(InternalStreamConnection.java:309) ~[graylog.jar:?]
	at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:259) ~[graylog.jar:?]
	at com.mongodb.internal.connection.UsageTrackingInternalConnection.sendAndReceive(UsageTrackingInternalConnection.java:99) ~[graylog.jar:?]
	at com.mongodb.internal.connection.DefaultConnectionPool$PooledConnection.sendAndReceive(DefaultConnectionPool.java:450) ~[graylog.jar:?]
	at com.mongodb.internal.connection.CommandProtocolImpl.execute(CommandProtocolImpl.java:72) ~[graylog.jar:?]
	at com.mongodb.internal.connection.DefaultServer$DefaultServerProtocolExecutor.execute(DefaultServer.java:226) ~[graylog.jar:?]
	at com.mongodb.internal.connection.DefaultServerConnection.executeProtocol(DefaultServerConnection.java:269) ~[graylog.jar:?]
	at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:131) ~[graylog.jar:?]
	at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:123) ~[graylog.jar:?]
	at com.mongodb.operation.CommandOperationHelper.executeCommand(CommandOperationHelper.java:343) ~[graylog.jar:?]
	at com.mongodb.operation.CommandOperationHelper.executeCommand(CommandOperationHelper.java:334) ~[graylog.jar:?]
	at com.mongodb.operation.CommandOperationHelper.executeCommandWithConnection(CommandOperationHelper.java:220) ~[graylog.jar:?]
	at com.mongodb.operation.FindOperation$1.call(FindOperation.java:731) ~[graylog.jar:?]
	at com.mongodb.operation.FindOperation$1.call(FindOperation.java:725) ~[graylog.jar:?]
	at com.mongodb.operation.OperationHelper.withReadConnectionSource(OperationHelper.java:463) ~[graylog.jar:?]
	at com.mongodb.operation.FindOperation.execute(FindOperation.java:725) ~[graylog.jar:?]
	at com.mongodb.operation.FindOperation.execute(FindOperation.java:89) ~[graylog.jar:?]
	at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.execute(MongoClientDelegate.java:196) ~[graylog.jar:?]
	at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.execute(MongoClientDelegate.java:177) ~[graylog.jar:?]
	at com.mongodb.DBCursor.initializeCursor(DBCursor.java:989) ~[graylog.jar:?]
	at com.mongodb.DBCursor.hasNext(DBCursor.java:172) ~[graylog.jar:?]
	at org.mongojack.DBCursor.hasNext(DBCursor.java:330) ~[graylog.jar:?]
	at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:268) ~[graylog.jar:?]
	at org.graylog2.database.PaginatedDbService.asImmutableList(PaginatedDbService.java:129) ~[graylog.jar:?]
	at org.graylog2.database.PaginatedDbService.findPaginatedWithQueryAndSort(PaginatedDbService.java:124) ~[graylog.jar:?]
	at org.graylog2.users.PaginatedUserService.findPaginated(PaginatedUserService.java:51) ~[graylog.jar:?]
	at org.graylog2.rest.resources.users.UsersResource.getPage(UsersResource.java:253) ~[graylog.jar:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_292]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_292]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_292]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_292]
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391) ~[graylog.jar:?]
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80) ~[graylog.jar:?]
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244) [graylog.jar:?]
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) [graylog.jar:?]
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) [graylog.jar:?]
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) [graylog.jar:?]
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:356) [graylog.jar:?]
	at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200) [graylog.jar:?]
	at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:180) [graylog.jar:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_292]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_292]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_292]
Caused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of `org.graylog2.users.UserOverviewDTO$Builder`, problem: Missing required properties: email
 at [Source: de.undercouch.bson4jackson.io.LittleEndianInputStream@5affa03e; pos: 44]
	at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:1608) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.DeserializationContext.handleInstantiationProblem(DeserializationContext.java:1073) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.wrapInstantiationProblem(BeanDeserializerBase.java:1754) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.finishBuild(BuilderBasedDeserializer.java:178) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.deserialize(BuilderBasedDeserializer.java:193) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3985) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2343) ~[graylog.jar:?]
	at org.mongojack.internal.stream.JacksonDBDecoder.decode(JacksonDBDecoder.java:80) ~[graylog.jar:?]
	at org.mongojack.internal.stream.JacksonDBDecoder.decode(JacksonDBDecoder.java:64) ~[graylog.jar:?]
	... 67 more
Caused by: java.lang.IllegalStateException: Missing required properties: email
	at org.graylog2.users.AutoValue_UserOverviewDTO$Builder.build(AutoValue_UserOverviewDTO.java:404) ~[graylog.jar:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_292]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_292]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_292]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_292]
	at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.finishBuild(BuilderBasedDeserializer.java:176) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.deser.BuilderBasedDeserializer.deserialize(BuilderBasedDeserializer.java:193) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:3985) ~[graylog.jar:?]
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2343) ~[graylog.jar:?]
	at org.mongojack.internal.stream.JacksonDBDecoder.decode(JacksonDBDecoder.java:80) ~[graylog.jar:?]
	at org.mongojack.internal.stream.JacksonDBDecoder.decode(JacksonDBDecoder.java:64) ~[graylog.jar:?]
	... 67 more

Thank you for taking the time to check on this Topic. Please excuse if there is anything obvious missing and let me know, I’m quite new to this community as well as to Graylog itself.

Br, Theo

2

Hello,

I’ve been looking over your GL logs. I need to ask a few questions about your setup.

  • After setting up your cluster are you logged into the Web UI with the default Admin credentials and then navigating to Users & Teams then this error is shown on the Web UI?
  • The error shown only occurs in your GL log file when you’re trying to make a User profile?
  • Does this issue prevent you for using Graylog and/or configuring any settings?
  • Is this the only section of Graylog Web UI that’s having issues?
  • Did you see anything in the MongoDb logs that may pertain to this issue?
  • Is it possible to show any of your Config files?

I used the title of this post for a search and came across this.

To be honest, I haven’t had this error before and if it is ONLY related to Users & Teams. I’m not 100% sure but assuming this issue has something to do with how Authentication is configured for this cluster. Considering this is a fresh install and nothing else has been configured I’m kind of unable to determine the issue yet.

EDIT:
I’ve also been trying to find out what these two errors are related to in your logs


aused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of `org.graylog2.users.UserOverviewDTO$Builder`, problem: Missing required properties: email

And

Caused by: java.lang.IllegalStateException: Missing required properties: email

EDIT2:
Part of your log show this.

[Source: de.undercouch.bson4jackson.io.LittleEndianInputStream@5affa03e; pos: 44]

Which lead me here.

And Here

3

Hi,

Thanks for your help!
First of all, to answer your questions:

  • After setting up your cluster are you logged into the Web UI with the default Admin credentials and then navigating to Users & Teams then this error is shown on the Web UI?
    Exactly like that.

  • The error shown only occurs in your GL log file when you’re trying to make a User profile?
    The error shows up in the server.log when navigating to Users & Teams. Creating a User works just fine.

  • Does this issue prevent you for using Graylog and/or configuring any settings?
    As of now, it does not seem to prevent me from using or configuring Graylog. So, I already configured some inputs as well as created a user, which did work out as expected.

  • Is this the only section of Graylog Web UI that’s having issues?
    yes

  • Did you see anything in the MongoDb logs that may pertain to this issue?
    Not at all. When tailing -f the mongodb logs while reproducing the error, nothing else than the usual logs show up.

  • Is it possible to show any of your Config files?

server.conf of master node 
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = replaced
root_username = masteruser
root_password_sha2 = replaced
root_email = test@test.test # I configured this to test if the error shows up when an email addresss is configured for the root user. It does. ....
bin_dir = /usr/share/graylog-server/bin
data_dir = /opt/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = graylog.mydomain:9000/
http_publish_uri = https://graylog.mydomain:9000/
http_external_uri = https://graylog.mydomain:9000/
http_enable_tls = true
http_tls_cert_file = /path/to/cert/cert.pem
http_tls_key_file = /path/to/cert/pkcs8-plain.pem
elasticsearch_hosts = http://elasticsearch1.mydomain:9200,http://elasticsearch2.mydomain:9200,http://elasticsearch3.mydomain:9200,http://elasticsearch4.mydomain:9200,http://elasticsearch5.mydomain:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /opt/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://username:passwordreplaced@mongodb1.mydomain:27017,mongodb2.mydomain:27017,mongodb3.mydomain:27017/GraylogDB?authSource=GraylogDB&replicaSet=replset_name
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32
mongod.conf of primary node 
# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /opt/mongo
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
  logRotate: reopen

processManagement:
  pidFilePath: /tmp/mongodb.pid

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1,192.168.0.50
  tls:
    mode: preferTLS
    certificateKeyFile: /path/to/cert.pem
    CAFile: /path/to/CA-file.crt
    clusterFile: /path/to/file.pem

# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

security:
  authorization: enabled
  clusterAuthMode: x509
#operationProfiling:

#replication:
replication:
  replSetName: replset_name

Thanks for the links! I’m gonna go through them and let you know if they helped.
Br

4

Hmmmm…I think @gsmith might be onto something. The fact that this seems to be erroring with:
Caused by: java.lang.IllegalStateException: Missing required properties: email

Makes me think that there might be a requirement that a user have an email address associated with it. Can you run a curl -u admin -k https://localhost:9000/api/users | jq . > graylog_users.json and see if any of them are missing emails? This might be a long shot, as the schema for the /users endpoint doesn’t indicate that an email is required, but this has me thinking otherwise.

1 Like
5

Hello,

Thanks for that added information. This is strange so I decided to test the following my lab.

I was unable to replicate your error. I would test out what @aaronsachs suggested then post your finding here.

6

I ran the suggested api call and it seems like the database user does not have an email address.
Is this user supposed to get shown here? Now it seems to me that I made a mistake while initial mongodb configuration.

graylog_users.json 
{
  "users": [
    {
      "id": "local:admin",
      "username": "admin",
      "email": "test@test.test",
      "first_name": null,
      "last_name": null,
      "full_name": "Administrator",
      "permissions": [
        "*"
      ],
      "grn_permissions": [],
      "preferences": {
        "updateUnfocussed": false,
        "enableSmartSearch": true
      },
      "timezone": "UTC",
      "session_timeout_ms": 28800000,
      "external": false,
      "startpage": null,
      "roles": [
        "Admin"
      ],
      "read_only": true,
      "session_active": true,
      "last_activity": "2021-09-14T06:15:51.384+0000",
      "client_address": "192.168.0.120",
      "account_status": "enabled"
    },
    {
      "id": "6128cc981792c002104d9458",
      "username": "dbuser",
      "email": "",
      "first_name": null,
      "last_name": null,
      "full_name": "",
      "permissions": [
        "users:edit:dbuser",
        "users:tokenlist:dbuser",
        "users:tokencreate:dbuser",
        "users:passwordchange:dbuser",
        "users:tokenremove:dbuser"
      ],
      "grn_permissions": [],
      "preferences": {
        "updateUnfocussed": false,
        "enableSmartSearch": true
      },
      "timezone": null,
      "session_timeout_ms": 28800000,
      "external": false,
      "startpage": null,
      "roles": [],
      "read_only": false,
      "session_active": false,
      "last_activity": null,
      "client_address": null,
      "account_status": "enabled"
    },
    {
      "id": "61321645b5aba249f2b89102",
      "username": "graylog-sidecar",
      "email": "sidecar@graylog.local",
      "first_name": "Sidecar",
      "last_name": "System User (built-in)",
      "full_name": "Sidecar System User (built-in)",
      "permissions": [
        "users:edit:graylog-sidecar",
        "users:tokenremove:graylog-sidecar",
        "users:tokencreate:graylog-sidecar",
        "users:tokenlist:graylog-sidecar",
        "users:passwordchange:graylog-sidecar",
        "metrics:read",
        "messagecount:read",
        "journal:read",
        "messages:analyze",
        "sidecar_collectors:read",
        "fieldnames:read",
        "messages:read",
        "indexercluster:read",
        "system:read",
        "jvmstats:read",
        "sidecar_collector_configurations:read",
        "inputs:read",
        "sidecars:update",
        "buffers:read",
        "clusterconfigentry:read",
        "decorators:read",
        "throughput:read"
      ],
      "grn_permissions": [],
      "preferences": {
        "updateUnfocussed": false,
        "enableSmartSearch": true
      },
      "timezone": "UTC",
      "session_timeout_ms": 28800000,
      "external": false,
      "startpage": null,
      "roles": [
        "Reader",
        "Sidecar System (Internal)"
      ],
      "read_only": false,
      "session_active": false,
      "last_activity": null,
      "client_address": null,
      "account_status": "enabled"
    },
    {
      "id": "613b0ea824dbc41ee5f555d4",
      "username": "testuser",
      "email": "test@test.test",
      "first_name": "Test",
      "last_name": "Test",
      "full_name": "Test Test",
      "permissions": [
        "users:tokenlist:testuser",
        "users:edit:testuser",
        "users:tokencreate:testuser",
        "users:tokenremove:testuser",
        "users:passwordchange:testuser",
        "metrics:read",
        "messagecount:read",
        "journal:read",
        "messages:analyze",
        "*",
        "fieldnames:read",
        "messages:read",
        "indexercluster:read",
        "system:read",
        "jvmstats:read",
        "inputs:read",
        "buffers:read",
        "clusterconfigentry:read",
        "decorators:read",
        "throughput:read"
      ],
      "grn_permissions": [],
      "preferences": {
        "updateUnfocussed": false,
        "enableSmartSearch": true
      },
      "timezone": null,
      "session_timeout_ms": 3600000,
      "external": false,
      "startpage": null,
      "roles": [
        "Admin",
        "Reader"
      ],
      "read_only": false,
      "session_active": false,
      "last_activity": null,
      "client_address": null,
      "account_status": "enabled"
    },
    {
      "id": "613f5b2626c9b03cdd887916",
      "username": "testuser2",
      "email": "test2@test2.test2",
      "first_name": "testuser2",
      "last_name": "test",
      "full_name": "Alex test",
      "permissions": [
        "users:tokencreate:testuser2",
        "users:passwordchange:testuser2",
        "users:tokenlist:testuser2",
        "users:edit:testuser2",
        "users:tokenremove:testuser2",
        "metrics:read",
        "messagecount:read",
        "journal:read",
        "messages:analyze",
        "fieldnames:read",
        "messages:read",
        "indexercluster:read",
        "system:read",
        "jvmstats:read",
        "inputs:read",
        "buffers:read",
        "clusterconfigentry:read",
        "decorators:read",
        "throughput:read"
      ],
      "grn_permissions": [],
      "preferences": {
        "updateUnfocussed": false,
        "enableSmartSearch": true
      },
      "timezone": null,
      "session_timeout_ms": 3600000,
      "external": false,
      "startpage": null,
      "roles": [
        "Reader"
      ],
      "read_only": false,
      "session_active": false,
      "last_activity": null,
      "client_address": null,
      "account_status": "enabled"
    }
  ]
}
7

Hello,

I believe thats your issue.

I’m not sure how you added a “dbuser” to Users without a email, so I would assume you did it internally.
I tried creating User on the Web UI but as you can see it would not create my user.

image
image1282×468 20.8 KB

This is example of what I did to secure MongoDb for Graylog’s database.
Once logged in the Mongo shell I executed this.

use some_db
db.createUser(
  {
    user: "myUserAdmin",
    pwd: passwordPrompt(), // or cleartext password
    roles: [
      { role: "userAdminAnyDatabase", db: "admin" },
      { role: "readWriteAnyDatabase", db: "admin" }
    ]
  }
)

Enabled security in the Mongod.config file.

security:
  authorization: enabled

Restart Mongo service. Then I adjusted Graylog configuration file with that username:password like you did above. Restart Graylog service. Should be good.

Hope that helps

8

Hi,
I have no idea how this “dbuser” actually got into the users collection of graylog. However, by manually deleting this user with:

db.users.deleteOne({"_id" : ObjectId("…") } );

resolved the issue…

It seems like I somehow accidentally created this mongodb document while configuring the database user.

Great thanks for your help!

1 Like
9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.