Hi,
I have a 2 node ES cluster running on RHEL7 with searchguard installed and configured with http client cert auth.
Though my cluster is in a green state, and I am having no issues with my applications connecting, I am seeing the following in the logs:
[2018-05-31T14:00:08,931][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for null
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from clientcert http authenticator
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] User still not authenticated after checking 1 auth domains
which is repeatedly spamming my logs, even when I have no applications running against my ES cluster. How can I determine where this is coming from?
i think you need to use some networking tools like netstat or tcpdump to find out the ip address of the requestor
···
On Thursday, 31 May 2018 21:07:26 UTC+2, jive.t…y@g…l.com wrote:
Hi,
I have a 2 node ES cluster running on RHEL7 with searchguard installed and configured with http client cert auth.
- ES cluster works perfectly.
- Curl with key/cert works for the role defined things
Though my cluster is in a green state, and I am having no issues with my applications connecting, I am seeing the following in the logs:
[2018-05-31T14:00:08,931][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for null
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from clientcert http authenticator
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] User still not authenticated after checking 1 auth domains
which is repeatedly spamming my logs, even when I have no applications running against my ES cluster. How can I determine where this is coming from?
I will try that, thank you
···
On Thursday, May 31, 2018 at 2:07:26 PM UTC-5, jive.tu...@gmail.com wrote:
Hi,
I have a 2 node ES cluster running on RHEL7 with searchguard installed and configured with http client cert auth.
- ES cluster works perfectly.
- Curl with key/cert works for the role defined things
Though my cluster is in a green state, and I am having no issues with my applications connecting, I am seeing the following in the logs:
[2018-05-31T14:00:08,931][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for null
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from clientcert http authenticator
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] User still not authenticated after checking 1 auth domains
which is repeatedly spamming my logs, even when I have no applications running against my ES cluster. How can I determine where this is coming from?
I think is logstash trying to access elasticseaarch, that was happening also on my server
El El jue, 31 de may. de 2018 a las 18:48, jive.turkey.guy@gmail.com escribió:
···
I will try that, thank you
On Thursday, May 31, 2018 at 2:07:26 PM UTC-5, jive.tu...@gmail.com wrote:
Hi,
I have a 2 node ES cluster running on RHEL7 with searchguard installed and configured with http client cert auth.
- ES cluster works perfectly.
- Curl with key/cert works for the role defined things
Though my cluster is in a green state, and I am having no issues with my applications connecting, I am seeing the following in the logs:
[2018-05-31T14:00:08,931][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for null
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from clientcert http authenticator
[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry ] User still not authenticated after checking 1 auth domains
which is repeatedly spamming my logs, even when I have no applications running against my ES cluster. How can I determine where this is coming from?
–
You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a54c04aa-a664-4a19-b90b-6f80e9439862%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.