search

catinello / nagios-check-graylog2

Nagios Graylog2 checks via REST API the availability of the service.
BSD 2-Clause "Simplified" License
9 stars 10 forks source link

Authentication issue #4

Open Trustys opened 7 years ago

Trustys commented 7 years ago

Hello,

First of all, thanks a lot for this great plugin.

Here is my issue : I can't authenticate using a non admin user: I created a graylog limited user (role: reader) but when I run checkgraylog2, I have a 403 error (if I use an admin user, it works )

[root@localhost cacti]# ./check_graylog2 -l http://192.168.1.2:12900/ -insecure -u limited_user -p big_password

CRITICAL - Graylog2 API replied with HTTP code 403|time=0.000000;;;; total=0;;;; sources=0;;;; throughput=0;;;; index_failures=0;;;;

Is there any way to use a non admin user (as the passwords is used/stored in clear I prefer no to use an admin user)

Also, can you tell me which graylog metrics you use to check graylog health ? I found some on https://www.graylog.org/blog/86-back-to-basics-monitoring-graylog but I didn't found how to check if the service is running and how to check source number

Thanks for your help !

catinello commented 7 years ago

Are you able to reach the API with your user via curl or through a browser? I guess not and that means that there is some kind of limitation on your user/api. Which probably has to be resolved on the graylog server side.

I imagine that this is a hint from the project to use tokens instead of user authentication in the future. Unfortunately I'm not using graylog anymore and my time is very limited to work on this. PR's are welcome though.

Trustys commented 7 years ago

Thanks for this quick response catinello !

I'm able to reach/request the API with my limited user through a browser. Really strange...I will do more test and give an update

Anyway, I can't succeed to find any API call like api/system/metrics/org.graylog2.journal.entries-uncommitted in your code. So I'm asking how can you grab the graylog informations ? :-)