Page 1 of 2
Unable to login with nagiosadmin
Posted: Mon Dec 20, 2021 4:47 pm
by dfsocha
Recently I had an issue where the Nagios server ran out of disk space. I've since resolved this issue but now I'm having an issue where I cannot login as the nagiosadmin account.
I've run the script "reset_nagiosadmin_password.sh" and have tried multiple passwords but I'm still unable to login. I've searched on the forum and tried a few things such as clearing the transaction logs and some other items but still have not had any success with it.
Anyone have any ideas if there's a different curl command I can try or something else I should be doing? LDAP seems to be broken too so I can't login with LDAP like I used to.
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 12:33 pm
by pbroste
Hello
@dfsocha
Thanks for reaching out, want to run some 'api' commands to help figure things out.
Let's read the config info on the 'nagiosadmin' which is typically user '1':
Code: Select all
curl -XGET http://localhost:9200/nagioslogserver/user/1
- *change the user number to list other user info
Example results:
{"_index":"nagioslogserver","_type":"user","_id":"1","_version":5,"found":true,"_source":{"username":"nagiosadmin","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"280d44ab1e9f79b5cce2dd4f58f5fe91xxxxxx9f7447dffc318ceb79f2d02","auth_type":"admin","email":"
[email protected]","language":"default","apiaccess":"1","apikey":"2590634e60fxxxxxb9e111990e16b83da22b1bcf","created":"2021-06-14 12:10:14","created_by":0,"default_dashboard":"/dashboard/elasticsearch/AXoLSc8Q5hxpyzbmI-kt"}}
Make sure that the 'nagiosadmin' "auth_type" is admin and that 'apiaccess' of "1" (which means enabled) and that there is a apikey listed.
Now that you have an 'apikey' that is associated with 'nagiosadmin'; let's list all users:
Code: Select all
curl -k http://192.168.23.207/nagioslogserver/index.php/api/system/get_users?token=yourtokenhere
Run through the password reset via the commands directly from the script for confirmation:
New password:
Code: Select all
passhash=$(printf "yournewpasswordhere" | openssl sha256)
Verify:
conversion:
Update:
Code: Select all
update="{\"doc\":{\"password\":\"$passhash\"}}"
Verify:
API to change/update password:
Code: Select all
curl -XPOST http://localhost:9200/nagioslogserver/user/1/_update -d "$update"
Results:
{"_index":"nagioslogserver","_type":"user","_id":"1","_version":6}
Refresh:
Code: Select all
curl -XPOST http://localhost:9200/nagioslogserver/_refresh
Success:
{"_shards":{"total":2,"successful":2,"failed":0}}
Let us know if you are able to get into the web console to
update Active Directory configuration.
Thanks,
Perry
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 1:23 pm
by dfsocha
When I do curl -XGET
http://localhost:9200/nagioslogserver/user/1, this is the result I get:
Code: Select all
[root@NagiosLogServer ~]# curl -XGET http://localhost:9200/nagioslogserver/user/1
{"_index":"nagioslogserver","_type":"user","_id":"1","found":false}[root@NagiosLogServer ~]#
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 1:59 pm
by benhank
I don't work for nagios, but I had this issue too.
did you move the contents of /usr/local/nagioslogserver/elasticseach/data ?
If you did make sure you move everything in that directory. hope it helps
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 2:09 pm
by pbroste
Hello
@benhank
Here is the api command to setup nagiosadmin account:
Code: Select all
curl -k -XPOST http://localhost:9200/nagioslogserver/user/1 -d '{"_index":"nagioslogserver","_type":"user","_id":"1","_version":6,"found":true,"_source":{"username":"nagiosadmin","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"ecef7b1e64c70decb9786df778d470f7288c02eeb6b95c97dade5b46d768ab50","auth_type":"admin","email":"[email protected]","language":"default","apiaccess":"1","apikey":"2590634e60f5b041b9e111990e16b83da22b1bcd","created":"2021-06-14 12:10:14","created_by":0,"default_dashboard":"/dashboard/elasticsearch/AXoLSc8Q5hxpyzbmI-kt"}}'
The temp password is: temppassword
To verify:
Code: Select all
curl -XGET http://localhost:9200/nagioslogserver/user/1[/user]
Thanks,
Perry
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 2:20 pm
by pbroste
Looks like I may have had some extra configs that it may not like and here is the update:
Code: Select all
curl -k -XPOST http://localhost:9200/nagioslogserver/user/3 -d '{"_index":"nagioslogserver","_type":"user","_id":"3","_version":6,"_source":{"username":"nagiosadmin3","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"ecef7b1e64c70decb9786df778d470f7288c02eeb6b95c97dade5b46d768ab50","auth_type":"admin","email":"[email protected]","language":"default","apiaccess":"1","apikey":"2590634e60f5b041b9e111990e16b83da22b1bcd"}}'
This one creates an account: nagiosadmin3
with password: temppassword
Result example:
{"_index":"nagioslogserver","_type":"user","_id":"3","_version":1,"created":true}
Thanks,
Perry
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 2:28 pm
by dfsocha
Okay I ran that and it says "created:true" but when I try to login with nagiosadmin3 and password of temppassword, it doesn't work and says invalid username/password.
Here's the command I ran and it's output:
Code: Select all
[root@NagiosLogServer ~]# curl -k -XPOST http://localhost:9200/nagioslogserver/user/3 -d '{"_index":"nagioslogserver","_type":"user","_id":"3","_version":6,"_source":{"username":"nagiosadmin3","username_lower":"nagiosadmin","name":"Nagios Administrator","password":"ecef7b1e64c70decb9786df778d470f7288c02eeb6b95c97dade5b46d768ab50","auth_type":"admin","email":"[email protected]","language":"default","apiaccess":"1","apikey":"2590634e60f5b041b9e111990e16b83da22b1bcd"}}'
{"_index":"nagioslogserver","_type":"user","_id":"3","_version":1,"created":true}[root@NagiosLogServer ~]#
Re: Unable to login with nagiosadmin
Posted: Tue Dec 21, 2021 5:28 pm
by pbroste
Hello
@dfsocha
Thanks for the details, next step is to delete the user account and then rebuild.
Code: Select all
curl -XDELETE http://localhost:9200/nagioslogserver/user/1
To rebuild:
Code: Select all
curl -XPUT 'http://localhost:9200/nagioslogserver/user/2' -d '{"username":"nagiosadmin","password":"c678bcf3b5138b9263a95c44d28097f22c2e02877193d2c25313478821d45c19","auth_type":"admin","email":"[email protected]","language":"default","apiaccess":"1","apikey":"1396e08757545557073844695e5b64caa0bd3ad3","created":"2015-01-23 10:00:00","created_by":0,"default_dashboard":"/dashboard/elasticsearch/default"}'
Verify:
Code: Select all
curl -XGET http://localhost:9200/nagioslogserver/user/2
Verify api works:
Code: Select all
curl -k http://yourhostaddresshere/nagioslogserver/index.php/api/system/get_users?token=theapitokenfoundinpreviouscommand
This will create a user named "nagiosadmin" with the password "nagiosls".
Let me know how things look,
Perry
Re: Unable to login with nagiosadmin
Posted: Wed Dec 22, 2021 9:44 am
by dfsocha
I ran all those and it said the user was created and the API verified the user was there but using the username nagiosadmin and password of nagiosls still doesn't let me login.
Re: Unable to login with nagiosadmin
Posted: Wed Dec 22, 2021 3:34 pm
by pbroste
Hello
@dfsocha
Thanks for following up, and want to gather more info and a System Profile from you so we can see what is going on.
Code: Select all
tar -czvf /tmp/logs.tar.gz /usr/local/nagioslogserver/var/auditlog.log /var/log/httpd/ /var/log/apache2/
This will create /tmp/logs.tar.gz.
And the System Profile by:
Code: Select all
/usr/local/nagioslogserver/scripts/profile.sh
This will create /tmp/system-profile.tar.gz.
Note that this file can be very large and may not be able to be uploaded through the ticketing system. You can split the file into smaller files with the split command on the NLS(or other Linux machine) command line:
Code: Select all
split -b 45000000 /tmp/system-profile.tar.gz system-profile- -d
The above command will split the system-profile.tar.gz into 45MB segments and save them to files with the naming convention system-profile-nn. Please send each split in a separate [PM] 'Private Message'.
I'd also like to get a copy of the current settings index. This can be gathered by running:
Code: Select all
curl -XPOST http://localhost:9200/nagioslogserver/_export?path=/tmp/nagioslogserver.tar.gz
The file it creates and that we'd like to see is /tmp/nagioslogserver.tar.gz.
Please send the following:
- /tmp/logs.tar.gz
- /tmp/nagioslogserver.tar.gz
- /tmp/system-profile.tar.gz or the splits depending on size
Thanks,
Perry