Session Timeout
465 views
Skip to first unread message
Adrián AYS
Jan 26, 2022, 10:02:44 AM1/26/22
to Wazuh mailing list
Hello,
We are deploying Wazuh using Elastic Stack with basic license.
We have deployed on one ELK server and on another Wazuh Manager using the unattended installation, the connections between the servers are correct, and the agents we have deployed are working correctly, but we have encountered an error that we are unable to resolve.
When we enter kibana to manage the logs and the rest of the information, after 5 minutes the session returns a SESSION TIMEOUT that disconnects us.
We have added the following parameters to the kibana.yml file but we still have the same problem.
xpack.security.session.idleTimeout: "1h".
xpack.security.session.lifespan: "30d".
Are there any other fields we need to modify?
Thank you.
We are deploying Wazuh using Elastic Stack with basic license.
We have deployed on one ELK server and on another Wazuh Manager using the unattended installation, the connections between the servers are correct, and the agents we have deployed are working correctly, but we have encountered an error that we are unable to resolve.
When we enter kibana to manage the logs and the rest of the information, after 5 minutes the session returns a SESSION TIMEOUT that disconnects us.
We have added the following parameters to the kibana.yml file but we still have the same problem.
xpack.security.session.idleTimeout: "1h".
xpack.security.session.lifespan: "30d".
Are there any other fields we need to modify?
Thank you.
Harold Andre Rodriguez Cortes
Jan 26, 2022, 11:40:57 AM1/26/22
to Wazuh mailing list
Hi Adrian,
I am taking a look into your problem and see what workaround could we test.
Best Regards
Damian Nicastro
Jan 26, 2022, 11:57:15 AM1/26/22
to Wazuh mailing list
Hi @
Adrián AYS:
I hope you are fine.
By default, Kibana should not close sessions for inactivity:
Session management | Kibana Guide [7.10] | Elastic
Can you send me the whole kibana config file (/etc/kibana/kibana.yml) fand Kibana logs?
Can you send me the whole kibana config file (/etc/kibana/kibana.yml) fand Kibana logs?
# journalctl -u kibana --no-pager | grep -i session
or
# less /path/to/kibana.log | grep -i session
Thanks
Adrián AYS
Jan 27, 2022, 2:51:41 AM1/27/22
to Wazuh mailing list
Thank you both,
I've attached kibana.yml and the output of less /path/to/kibana.log | grep -i session
I have replaced the ip's in the files for security reasons, the rest is the original content.
Best regards!
Adrián AYS
Jan 27, 2022, 3:00:00 AM1/27/22
to Wazuh mailing list
One thing I forgot Damian, the Elastic Stack that is installed is version 7.14 not 7.10.
Thanks.
Thanks.
Damian Nicastro
Jan 27, 2022, 8:41:46 AM1/27/22
to Wazuh mailing list
Hi @Adrián AYS:
I hope you are fine.
I have been investigating a bit and it seems there was a problem with Session timeout in previous versions of Kibana. Although, it seems to be deprecated, you may try configuring:
xpack.security.sessionTimeout: "1800000"
That is 30 min in miliseconds.
That is 30 min in miliseconds.
I would like to see if we can get the keep alive value for HTTPS sessions, for that please run:
# curl https://<kibana_ip>:<https_port> --insecure --verbose
But I think the bottom of the problem is here:
{"type":"log","@timestamp":"2022-01-26T12:07:57+00:00","tags":["warning","plugins","security","config"],"pid":60413,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:07:57+00:00","tags":["warning","plugins","reporting","config"],"pid":60413,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:12:56+00:00","tags":["warning","plugins","security","config"],"pid":60646,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:12:56+00:00","tags":["warning","plugins","reporting","config"],"pid":60646,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:18:00+00:00","tags":["warning","plugins","security","config"],"pid":60884,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:18:00+00:00","tags":["warning","plugins","reporting","config"],"pid":60884,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:07:57+00:00","tags":["warning","plugins","reporting","config"],"pid":60413,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:12:56+00:00","tags":["warning","plugins","security","config"],"pid":60646,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:12:56+00:00","tags":["warning","plugins","reporting","config"],"pid":60646,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:18:00+00:00","tags":["warning","plugins","security","config"],"pid":60884,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2022-01-26T12:18:00+00:00","tags":["warning","plugins","reporting","config"],"pid":60884,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
It seems that your xpack is generating a new xpack.security.encryptionKey and not recognizing the one you have configured in kibana.yml.
You may need to check this and at some point maybe reissue your certificates for this.
You can also try disabling the xpack.security.enabled: false to temporarily overcome this issue.
I hope this helps.
Thanks
Reply all
Reply to author
Forward
0 new messages