The Kibana log files contains the following error in every 5 minutes:
{“service”:{“node”:{“roles”:[“background_tasks”,“ui”]}},“ecs”:{“version”:“8.4.0”},“@timestamp”:“2023-09-27T14:11:58.623+02:00”,“message”:“License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false).”,“log”:{“level”:“ERROR”,“logger”:“plugins.security.authentication”},“process”:{“pid”:2384537},“span”:{“id”:“31c09bf6778ddda8”},“trace”:{“id”:“ee44023350b3fb43494c85ca28e229ec”}}
{“service”:{“node”:{“roles”:[“background_tasks”,“ui”]}},“ecs”:{“version”:“8.4.0”},“@timestamp”:“2023-09-27T14:11:58.624+02:00”,“message”:“Error executing alerting apiKey invalidation task: Unauthorized: authentication_exception”,“log”:{“level”:“WARN”,“logger”:“plugins.alerting”},“process”:{“pid”:2384537},“span”:{“id”:“31c09bf6778ddda8”},“trace”:{“id”:“ee44023350b3fb43494c85ca28e229ec”}}
Meanwhile in the elastic log:
[2023-09-27T14:11:58,609][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [kibana1] Authentication failed for null from [request=/.kibana_8.5.3/_search, directIpAddress=127.0.0.1, originatingIpAddress=127.0.0.1, clientCertSubject=null]
This is a background task executed every 5 minutes. Is it possible to fix it or disable it? The Kibana works fine.
Elasticsearch version:
8.5.3 + SG FLX 1.1.1
Server OS version:
RHEL 8.7
Kibana version (if relevant):
8.5.3 + SG FLX 1.1.0
[2023-10-16T12:28:43,152][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [XXXX] Authentication failed for n/a from [request=/.kibana_7.17.12/_search, directIpAddress=XXXX.47, originatingIpAddress=XXX.47, clientCertSubject=null]
[2023-10-16T12:33:44,287][WARN ][c.f.s.a.b.RequestAuthenticationProcessor] [XXXX] Error while mapping auth credentials for trusted_origin[9fc5067b]
com.floragunn.searchguard.authc.CredentialsException: No user name found
Elastic is 7.17.12, SG is 1.3.0, OS is Rocky 8.8. JVM is temurin17.
These error messages are shown by xpack and they are not related to the Search Guard plugin.
As per the documentation below, in Kibana you can ignore all warnings and error in the logs which originates from plugins.security.* or plugins.securitySolution or plugins.alerting or plugins.taskManager