How to identify who speaks plain text
252 views
Skip to first unread message
Nicolas Condette
Jan 23, 2017, 4:27:51 AM1/23/17
to Search Guard
Hello,
"Someone speaks plaintext instead of ssl, will close the channel"
we setup searchguard and we encountered these WARNINGS in the elasticsearch.log :
We know ES nodes speak "cyphered" between them, and we have java programs connected as transport client too.
All seems OK, java programs work fine, ES work fine too. We success in connecting people, java programs.
We tired to find who speaks plain text unsuccessfully, that's why I write here to find some help.
Is there a debug mode or something like that which could be turned on to trace IP, or Caller ?
Thanks in advance for your help.
Jochen Kressin
Jan 23, 2017, 7:49:44 AM1/23/17
to Search Guard
The warnings you are seeing stem from the REST layer, not the Transport (Java) layer.
Most likely you have either additional plugins installed, or use applications like Kibana or logstash which also use the REST Api. HTTPS on the REST layer is optional btw, but of course recommended.
You can set loglevels to debug or trace like this:
ES 2.x:
com.floragunn: DEBUG|TRACE
in conf/logging.yml
ES 5.x
logger.fg.name = com.floragunn
logger.fg.level = debug|trace
in conf/log4j.properties
Condette, Nicolas
Jan 23, 2017, 10:09:34 AM1/23/17
to search...@googlegroups.com
Hello, thanks for your reply.
I found this directive: logger.com.floragunn.searchguard.ssl: DEBUG
Is it what you told us to do ?
Cordialement,
Nicolas CONDETTE
Norauto International
CRT, rue du Fort BP 225 - 59812 LESQUIN CEDEX
Tel: +33 (0)320607422 - Fax: +33 (0)320607555
E-Mail : ncon...@norauto.com
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/8HPbA8FF0BI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/99fc1f82-a464-488c-820b-ed3257313051%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jochen Kressin
Jan 23, 2017, 11:33:34 AM1/23/17
to Search Guard
Hi,
not quite ;) First, please check if you have any other systems / plugins / applications installed that make requests on the REST layer, means HTTP. Usually it's something like Kibana, logstash, watcher etc. and quite easy to detect. If you're not able to figure out which app / plugin causes the HTTP calls, you can enable the SG debug mode.
If you're using ES2.x, add the following line to the file conf/logging.yml:
com.floragunn: DEBUG
If you're using ES5.x, add the following two lines to the file conf/log4j.properties:
logger.fg.name = com.floragunn
logger.fg.level = debug
After that, restart the node(s) for the changes to take effect. You will see a lot of debug information in the logfile, and you should be able to determine where the calls come from by analyzing the logs.
To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
Condette, Nicolas
Jan 23, 2017, 11:54:20 AM1/23/17
to search...@googlegroups.com
In effect we have plugins nammed HQ, Head, Kopf.
But Warnings appear very frequently, more often than a human can do.
Cordialement,
Nicolas CONDETTE
Norauto International
CRT, rue du Fort BP 225 - 59812 LESQUIN CEDEX
Tel: +33 (0)320607422 - Fax: +33 (0)320607555
E-Mail : ncon...@norauto.com
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0f7eebbf-0446-4c02-b57c-cb490ce77a27%40googlegroups.com.
Condette, Nicolas
Jan 24, 2017, 5:27:45 AM1/24/17
to search...@googlegroups.com
Hello,
our provider put this line ine the logging.yml (ES 2.3.4), but there is not further information in the log than we had before.
Below, is an excerpt:
[2017-01-24 11:23:34,502][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [pp3sbodbrco01] Someone speaks plaintext instead of ssl, will close the channel
[2017-01-24 11:23:34,503][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [pp3sbodbrco01] Someone speaks plaintext instead of ssl, will close the channel
[2017-01-24 11:23:34,509][WARN ][com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] [pp3sbodbrco01] Someone speaks plaintext instead of ssl, will close the channel
[2017-01-24 11:23:34,510][WARN ][com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] [pp3sbodbrco01] Someone speaks plaintext instead of ssl, will close the channel
Cordialement,
Nicolas CONDETTE
Norauto International
CRT, rue du Fort BP 225 - 59812 LESQUIN CEDEX
Tel: +33 (0)320607422 - Fax: +33 (0)320607555
E-Mail : ncon...@norauto.com
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/0f7eebbf-0446-4c02-b57c-cb490ce77a27%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages