Evaluating Search Guard - How to enable debug lo level.
23 views
Skip to first unread message
vigneshwa...@piecestech.com
Feb 7, 2019, 11:19:11 PM2/7/19
to Search Guard Community Forum
When asking questions, please provide the following information:
* Search Guard and Elasticsearch version 6.6.0.
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: local-keystore.jks
searchguard.ssl.transport.truststore_filepath: local-truststore.jks
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: local-keystore.jks
searchguard.ssl.http.truststore_filepath: local-truststore.jks
searchguard.ssl.transport.enforce_hostname_verification: true
searchguard.ssl.transport.resolve_hostname: true
Hi,
We are currently evaluating search guard. Using self signed certificates. 3 Node cluster. Using truststore in the relative path of /etc/elasticsearch and we are currently getting the below error.
io.netty.handler.codec.DecoderException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Not sure how to enable debug logs on elasticsearch for ssl using the log4j2.
SG
Feb 11, 2019, 2:50:04 AM2/11/19
to search...@googlegroups.com
Check that local-truststore.jks is not empty (that could be the reason for "the trustAnchors parameter must be non-empty")
To enable debug see https://docs.search-guard.com/latest/troubleshooting-setting-log-level#turn-on-debug-logging-temporarily
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8c38e381-288f-40d0-8241-2b2a4aa71606%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
To enable debug see https://docs.search-guard.com/latest/troubleshooting-setting-log-level#turn-on-debug-logging-temporarily
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8c38e381-288f-40d0-8241-2b2a4aa71606%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Jochen Kressin
Feb 18, 2019, 5:33:31 AM2/18/19
to Search Guard Community Forum
Please also follow the TLS troubleshooting guide if you run into any certificate issues:
Reply all
Reply to author
Forward
0 new messages