Authentication finally failed for admin
39 views
Skip to first unread message
Thaynara Soares
Oct 4, 2024, 2:27:33 PMOct 4
to Wazuh | Mailing List
I have a communication problem between my Index 01 and Index 02 with my wazuh worker01, worker02 and the master
My environment:
-Wazuh 4.9.0
-Index01
-Index02
-Master
-Worker01
-Worker02
Log:
[WARN ][o.o.s.a.BackendRegistry ] [wazuh-index01] Authentication finally failed for admin from
Matías Mercado
Oct 4, 2024, 4:47:01 PMOct 4
to Wazuh | Mailing List
Hi Thaynara,
Could you please provide more details about this issue? What communication problem are you experiencing? I would like more information so that I can help you troubleshoot it. Additionally, it seems that the log was not fully included in this email.
Regards,
Matías
Regards,
Matías
Message has been deleted
Thaynara Soares
Oct 4, 2024, 5:26:04 PMOct 4
to Wazuh | Mailing List
It doesn't actually fully include the log
- cat /opt/var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
[2024-10-04T17:23:11,451][WARN ][o.o.s.a.BackendRegistry ] [wazuh-index01] Authentication finally failed for admin from (IP DO WAZUH MASTER):39830
[2024-10-04T17:23:12,932][WARN ][o.o.s.a.BackendRegistry ] [wazuh-index01] Authentication finally failed for admin from (IP DO WAZUH WORKER01):48892
[2024-10-04T17:23:52,608][WARN ][o.o.s.a.BackendRegistry ] [wazuh-index01] Authentication finally failed for admin from 1 (IP DO WAZUH WORKER02):40216
[2024-10-04T17:23:12,932][WARN ][o.o.s.a.BackendRegistry ] [wazuh-index01] Authentication finally failed for admin from (IP DO WAZUH WORKER01):48892
[2024-10-04T17:23:52,608][WARN ][o.o.s.a.BackendRegistry ] [wazuh-index01] Authentication finally failed for admin from 1 (IP DO WAZUH WORKER02):40216
I would like to know why you are giving this error? Can it affect my environment or is this type of log normal?
Matías Mercado
Oct 7, 2024, 5:41:54 PMOct 7
to Wazuh | Mailing List
Hi Thaynara,
I'm thinking that thiscould be a problem after you upgrade your environment. Did you updated your user and password during the upgrade? This is a step you may be missed:
Before doing that step, you could made a backup of your current keystore folder with the following command:
# cp -pr /var/ossec/queue/keystore /path/to/backup
After completing that keystore update, please restart your services (manager, indexer, dashboard and filebeat).
If that doesn't solve your issue, it's possible that the admin password got change recently, did you remember changing that password? These are the steps to perform the password change:
https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html#changing-the-password-for-single-user
https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html#changing-the-password-for-single-user
Regards,
Matías.
Matías.
Reply all
Reply to author
Forward
0 new messages