没有配置API令牌 - 启动graylog-sidecar时

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了没有配置API令牌 - 启动graylog-sidecar时相关的知识,希望对你有一定的参考价值。

我让ELK正在使用Kibana搜索日志,我也试图让Graylog工作。我发现logstash需要添加logstash-output-gelf来将消息转换为GELF格式,所以我安装并重新启动了服务:

[root@dev-graylog bin]# ./logstash-plugin install logstash-output-gelf
Validating logstash-output-gelf
Installing logstash-output-gelf
Installation successful

然后,在我需要收集日志的客户端,我已经以这种方式安装了graylog-sidecar,已经安装了filebeat:

wget https://github.com/Graylog2/collector-sidecar/releases/download/1.0.0/graylog-sidecar-1.0.0-1.x86_64.rpm
tar -vxzf graylog-sidecar-1.0.0-1.x86_64.rpm
sudo rpm -i graylog-sidecar-1.0.0-1.x86_64.rpm
sudo graylog-sidecar -service install
sudo systemctl start graylog-sidecar

我将使用Kibana使用的相同filebeat和logstash实例来设置graylog。灰狗接口已在端口9000上启动并运行,但在运行graylog-sidecar时,我收到错误“未配置API令牌”。我尝试过与Collector Sidecar相关的类似问题中给出的不同解决方案。但是,我已经能够在Graylog Sidecar(新版本)中发现问题。

需要哪种配置来摆脱这个错误?

环境具有以下特征:

  • CentOS Linux 7(核心)
  • Java:1.8.0_192
  • graylog-3.0.0-β-beta.2.tgz
  • MongoDB的Linux的-x86_64的-rhel62-4.0.6-rc1.tgz
  • 物流 - 6.6.0
  • elasticsearch-6.6.0.tar.gz graylog-sidecar-1.0.0-1.x86_64.rpm
  • Phelabeta-660-Linux的ksa8664taragaja

运行sudo systemctl启动graylog-sidecar时,我收到以下错误:

[root@c1 sidecar]# sudo systemctl status graylog-sidecar
● graylog-sidecar.service - Wrapper service for Graylog controlled collector
   Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-20 14:21:46 PST; 1min 29s ago
  Process: 21640 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
 Main PID: 21640 (code=exited, status=1/FAILURE)

Feb 20 14:21:46 c1.local.com systemd[1]: graylog-sidecar.service: main process exited, code=exited, status=1/FAILURE
Feb 20 14:21:46 c1.local.com systemd[1]: Unit graylog-sidecar.service entered failed state.
Feb 20 14:21:46 c1.local.com systemd[1]: graylog-sidecar.service failed.

在日记中,我可以看到以下内容:

Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service holdoff time over, scheduling restart.
Feb 20 14:23:46 c1.local.com systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 20 14:23:46 c1.local.com systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 20 14:23:46 c1.local.com graylog-sidecar[21651]: time="2019-02-20T14:23:46-08:00" level=fatal msg="No API token was configured."
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service: main process exited, code=exited, status=1/FAILURE
Feb 20 14:23:46 c1.local.com systemd[1]: Unit graylog-sidecar.service entered failed state.
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service failed.

在服务器上,graylog.conf:

rest_listen_uri = http://172.28.128.3:9000/api/
web_listen_uri = https://172.28.128.3:9000/

在客户端,sidecar.yml:

# The URL to the Graylog server API.
server_url: "http://172.28.128.3:9000/api/"

# The API token to use to authenticate against the Graylog server API.
# This field is mandatory
server_api_token: ""

# The node ID of the sidecar. This can be a path to a file or an ID string.
# If set to a file and the file doesn't exist, the sidecar will generate an
# unique ID and writes it to the configured path.
#
# Example file path: "file:/etc/graylog/sidecar/node-id"
# Example ID string: "6033137e-d56b-47fc-9762-cd699c11a5a9"
#
# ATTENTION: Every sidecar instance needs a unique ID!
#
node_id: "graylog-collector-sidecar"

# The node name of the sidecar. If this is empty, the sidecar will use the
# hostname of the host it is running on.
#node_name: ""

# The update interval in secods. This configures how often the sidecar will
# contact the Graylog server for keep-alive and configuration update requests.
update_interval: 5

# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: true

# This enables/disables the transmission of detailed sidecar information like
# collector statues, metrics and log file lists. It can be disabled to reduce
# load on the Graylog server if needed. (disables some features in the server UI)
send_status: true

# A list of directories to scan for log files. The sidecar will scan each
# directory for log files and submits them to the server on each update.
#
# Example:
#     list_log_files:
#       - "/var/log/nginx"
#       - "/opt/app/logs"
#
# Default: empty list
list_log_files: []

# Directory where the sidecar stores internal data.
#cache_path: "/var/cache/graylog-sidecar"

# Directory where the sidecar stores logs for collectors and the sidecar itself.
log_path: "/var/log/graylog-sidecar"

# The maximum size of the log file before it gets rotated.
#log_rotate_max_file_size: "10MiB"

# The maximum number of old log files to retain.
#log_rotate_keep_files: 10

# Directory where the sidecar generates configurations for collectors.
#collector_configuration_directory: "/var/lib/graylog-sidecar/generated"

# A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the whitelist feature.
# Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match
# Example:
#     collector_binaries_whitelist:
#       - "/usr/bin/filebeat"
#       - "/opt/collectors/*"
#
# Example disable whitelisting:
#     collector_binaries_whitelist: []
#
# Default:
# collector_binaries_whitelist:
#  - "/usr/bin/filebeat"
#  - "/usr/bin/packetbeat"
#  - "/usr/bin/metricbeat"
#  - "/usr/bin/heartbeat"
#  - "/usr/bin/auditbeat"
#  - "/usr/bin/journalbeat"
#  - "/usr/share/filebeat/bin/filebeat"
#  - "/usr/share/packetbeat/bin/packetbeat"
#  - "/usr/share/metricbeat/bin/metricbeat"
#  - "/usr/share/heartbeat/bin/heartbeat"
#  - "/usr/share/auditbeat/bin/auditbeat"
#  - "/usr/share/journalbeat/bin/journalbeat"
#  - "/usr/bin/nxlog"
#  - "/opt/nxlog/bin/nxlog"

在客户端,我能够成功执行以下操作:

 [root@c1 filebeat]# curl -i -H 'Accept: application/json' 'http://172.28.128.3:9000/api/?pretty=true'
    HTTP/1.1 200 OK
    X-Graylog-Node-ID: 95c1074c-268c-4996-83ac-8fffeaae901c
    X-Runtime-Microseconds: 21775
    Content-Type: application/json
    Date: Thu, 21 Feb 2019 07:08:08 GMT
    Content-Length: 260

    {
      "cluster_id" : "55dc5eb8-616b-4d37-af4d-572d9cb61a29",
      "node_id" : "95c1074c-268c-4996-83ac-8fffeaae901c",
      "version" : "3.0.0-beta.2+a5d9cc0",
      "tagline" : "Manage your logs in the dark and have lasers going and make it look like you're from space!"

如何解决错误“没有配置API令牌”?这是让ELK和graylog一起工作的最佳方法吗?

谢谢你的帮助

答案

我刚刚今天早上安装了graylog-sidecar,我遇到了同样的问题,但我找到了一个解决方案(没有按照我的意愿进行测试)。

为了启动graylog-sidecar所需的API令牌应该来自Graylog网站。您应该进入系统/身份验证,在“用户”部分,您选择与边车相关的用户。在“操作”列中,如果您在“更多操作”中进行了陈词滥调,您将能够编辑令牌。您只需要记下一个令牌名称,创建它并复制它。然后,您只需将此标记粘贴到graylog-sidecar配置(sidecar.yml - > server_api_token:“API_TOKEN”)并启动服务。

此时,我可以告诉您,并非所有用户都能正常工作,因为graylog-sidecar需要获得执行API查询的权限。

我希望这能回答您关于错误“未配置API令牌”的问题。 关于第二个问题,我无法回答,因为我不使用Kibana和Logstash。

以上是关于没有配置API令牌 - 启动graylog-sidecar时的主要内容,如果未能解决你的问题,请参考以下文章

.NET Core 2 Web API JWT 令牌无法识别

api 端点未在 Sanctum 上进行 CSRF 令牌验证 - CSRF 令牌不匹配

如何在没有声明的情况下在api之间保存令牌?

我可以有两个 Spring Security 配置类:一个使用基本身份验证保护一些 API,另一个使用 JWT 令牌保护 API?

Spring Boot 自定义 JWT 过滤器不允许任何没有令牌的请求

Web API 更新的令牌认证