talk to server... ERROR 401 Unauthorized: Unauthorized in filebeat
4,160 views
Skip to first unread message
Nithu Gatty
May 4, 2022, 12:14:22 PM5/4/22
to Wazuh mailing list
Hello,
I am getting below output when i run filebeat test output
lasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... ERROR 401 Unauthorized: Unauthorized
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... ERROR 401 Unauthorized: Unauthorized
Federico Pacher
May 5, 2022, 12:03:02 AM5/5/22
to Wazuh mailing list
Hi there,
Thank you for using Wazuh.
This problem of ERROR 401 Unauthorized: Unauthorized is because the user or password of Elasticsearch does not match with the user or password in the file /etc/filebeat/filebeat.yml
The filebeat.yml file contains something like this:
# Wazuh - Filebeat configuration file
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
protocol: https
username: "your_username"
password: "your_password"
ssl.certificate_authorities:
- /etc/filebeat/certs/root-ca.pem
ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
Thank you for using Wazuh.
This problem of ERROR 401 Unauthorized: Unauthorized is because the user or password of Elasticsearch does not match with the user or password in the file /etc/filebeat/filebeat.yml
The filebeat.yml file contains something like this:
# Wazuh - Filebeat configuration file
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
protocol: https
username: "your_username"
password: "your_password"
ssl.certificate_authorities:
- /etc/filebeat/certs/root-ca.pem
ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
This file contains the username and password to connect with Elasticsearch. To change the username or/and password of your Elasticsearch download the following script:
curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/resources/4.2/open-distro/tools/wazuh-passwords-tool.sh
curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/resources/4.2/open-distro/tools/wazuh-passwords-tool.sh
And run the following command:
bash wazuh-passwords-tool.sh -u your_username -p your_password
Where you have to complete your_username and your_password as it says in the filebeat.yml file.
Here you have the official documentation of Elasticsearch Tuning.
After this, you can run the command:
Where you have to complete your_username and your_password as it says in the filebeat.yml file.
Here you have the official documentation of Elasticsearch Tuning.
After this, you can run the command:
filebeat test output
and check the correct output.
I hope this information can solve your problem.
Regards
I hope this information can solve your problem.
Regards
Reply all
Reply to author
Forward
0 new messages