Continuous background task error in the Kibana log

Search Guard
1

The Kibana log files contains the following error in every 5 minutes:

{“service”:{“node”:{“roles”:[“background_tasks”,“ui”]}},“ecs”:{“version”:“8.4.0”},“@timestamp”:“2023-09-27T14:11:58.623+02:00”,“message”:“License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).”,“log”:{“level”:“ERROR”,“logger”:“plugins.security.authentication”},“process”:{“pid”:2384537},“span”:{“id”:“31c09bf6778ddda8”},“trace”:{“id”:“ee44023350b3fb43494c85ca28e229ec”}}
{“service”:{“node”:{“roles”:[“background_tasks”,“ui”]}},“ecs”:{“version”:“8.4.0”},“@timestamp”:“2023-09-27T14:11:58.624+02:00”,“message”:“Error executing alerting apiKey invalidation task: Unauthorized: authentication_exception”,“log”:{“level”:“WARN”,“logger”:“plugins.alerting”},“process”:{“pid”:2384537},“span”:{“id”:“31c09bf6778ddda8”},“trace”:{“id”:“ee44023350b3fb43494c85ca28e229ec”}}

Meanwhile in the elastic log:

[2023-09-27T14:11:58,609][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [kibana1] Authentication failed for null from [request=/.kibana_8.5.3/_search, directIpAddress=127.0.0.1, originatingIpAddress=127.0.0.1, clientCertSubject=null]

This is a background task executed every 5 minutes. Is it possible to fix it or disable it? The Kibana works fine.

Elasticsearch version:
8.5.3 + SG FLX 1.1.1

Server OS version:
RHEL 8.7

Kibana version (if relevant):
8.5.3 + SG FLX 1.1.0

2

Hi @korodif

Could you share your elasticsearch.yml and kibana.yml files to reproduce the issue? Feel free to remove or change any sensitive details.

3

Hi Eugene,

Here they are:

elasticsearch.yml:

cluster.name: elk-cl
node.name: ${HOSTNAME}
node.roles: [ remote_cluster_client ]
path.data: /opt/elasticsearch
path.logs: /opt/elasticsearch/log
network.host: ens192
http.host: local
http.port: 9200
discovery.seed_hosts: [“elk1.example.local”,“elk2.example.local”,“elk3.example.local”]

xpack.security.enabled: false

searchguard.ssl.transport.pemcert_filepath: example.local.cer
searchguard.ssl.transport.pemkey_filepath: example.local.key
searchguard.ssl.transport.pemtrustedcas_filepath: chain.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: example.local.cer
searchguard.ssl.http.pemkey_filepath: example.local.key
searchguard.ssl.http.pemtrustedcas_filepath: chain.pem
searchguard.ssl.cert_reload_enabled: true

searchguard.authcz.admin_dn:

  • CN=sgadmin

searchguard.restapi.roles_enabled: [“SGS_ALL_ACCESS”]
cluster.routing.allocation.total_shards_per_node: 2000
cluster.max_shards_per_node: 2000
ingest.geoip.downloader.enabled: false

kibana.yml

server.port: 5601
server.host: “kibanahost01.example.local”
server.publicBaseUrl: “https://kibana.example.local
server.name: “kibanahost01.example.local”
elasticsearch.hosts: [“https://localhost:9200”]
elasticsearch.username: “kibanaserver”
elasticsearch.password: “xxx”
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana.example.local.cer
server.ssl.key: /etc/kibana/kibana.example.local.key
elasticsearch.ssl.certificateAuthorities: [ “/etc/kibana/chain.pem” ]
elasticsearch.ssl.verificationMode: none

logging:
appenders:
rolling-file:
type: rolling-file
fileName: /var/log/kibana/kibana.log
policy:
type: time-interval
interval: 24h
modulate: true
strategy:
type: numeric
pattern: ‘-%i’
max: 7
layout:
type: json
root:
appenders: [rolling-file]
level: info

xpack.reporting.roles.enabled: false
monitoring.ui.ccs.enabled: false
xpack.security.encryptionKey: “yyy”
xpack.encryptedSavedObjects:
encryptionKey: “yyy”
xpack.reporting.enabled: false
telemetry.optIn: false
xpack.fleet.agents.enabled: false

4

I have a very similar problem.

In kibana:

Oct 16 12:08:40 XXX kibana[3622]: {"ecs":{"version":"1.12.0"},"@timestamp":"2023-10-16T12:08:40.175+02:00","message":"Error executing alerting apiKey invalidation task: Unauthorized","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":3622}}
Oct 16 12:28:43 XXX kibana[3622]: {"ecs":{"version":"1.12.0"},"@timestamp":"2023-10-16T12:28:43.154+02:00","message":"Error executing alerting apiKey invalidation task: Unauthorized","log":{"level":"WARN","logger":"plugins.alerting"},"process":{"pid":3622}}

But in Elastic, it’s:

[2023-10-16T12:28:43,152][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [XXXX] Authentication failed for n/a from [request=/.kibana_7.17.12/_search, directIpAddress=XXXX.47, originatingIpAddress=XXX.47, clientCertSubject=null]
[2023-10-16T12:33:44,287][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [XXXX] Error while mapping auth credentials for trusted_origin[9fc5067b]
com.floragunn.searchguard.authc.CredentialsException: No user name found

Elastic is 7.17.12, SG is 1.3.0, OS is Rocky 8.8. JVM is temurin17.

5

Any other peoples having the same problem ?

6

Do you have any information about this?

7

Hi,

These error messages are shown by xpack and they are not related to the Search Guard plugin.

As per the documentation below, in Kibana you can ignore all warnings and error in the logs which originates from plugins.security.* or plugins.securitySolution or plugins.alerting or plugins.taskManager

Thanks,
Eugene

8

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.