Authentication finally failed for null... who is null?

[jive.tu...@gmail.com]

Hi,

I have a 2 node ES cluster running on RHEL7 with searchguard installed and configured with http client cert auth.

- ES cluster works perfectly.

- Curl with key/cert works for the role defined things

Though my cluster is in a green state, and I am having no issues with my applications connecting, I am seeing the following in the logs:

[2018-05-31T14:00:08,931][WARN ][c.f.s.a.BackendRegistry  ] Authentication finally failed for null

[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry  ] Try to extract auth creds from clientcert http authenticator

[2018-05-31T14:00:08,976][DEBUG][c.f.s.a.BackendRegistry  ] User still not authenticated after checking 1 auth domains

which is repeatedly spamming my logs, even when I have no applications running against my ES cluster. How can I determine where this is coming from?

[Search Guard]

i think you need to use some networking tools like netstat or tcpdump to find out the ip address of the requestor

[jive.tu...@gmail.com]

I will try that, thank you

[Jordano Moscoso]

I think is logstash trying to access elasticseaarch, that was happening also on my server

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a54c04aa-a664-4a19-b90b-6f80e9439862%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.