Open kara-1234 opened 5 years ago
As far as I can tell TheHive is trying to communicate without SSL/TLS on.
Does xpack work without the SSL config? the errors don't seem to be related to xpack
Putting in the search username and password shows no error in elastic, but thehive has the following error.
2019-02-26 14:12:39, 342 [INFO] from org.elasticsearch.client.transport.TransportclientNodesService in elasticsearch[_client_][generic][T#3] - failed to get not info for [#transport#-1][Z6svhk8QiimhjMpX8NQ] {xx.xx.xx.xx:9300}, disconnecting...
org.elasticsearch.transport.ReportTransportException: [hive-1][xxx.xxx.xxx.xxx:9300][cluster:monitor/nodes/liveness]
Caused by: org.elasticsearch.ElasticserchSecurityException: missing authentication token for action [cluster:monitor/nodes/liveness]
at org.elasticsearch.xpack.security.suporrt.Exceptions.authenticationError(Exceptions.java:39)
at org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:74)
at org.elasticsearch.xpack.security.authc..AuthenticationService$AuditableTransportRequest.anonymousAccessDenied(AuthenticationService.java553)
I'm at a loss. =/
I am also experiencing this problem with X-Pack authentication. Was a solution posted somewhere? (Google didn't return anything more relevant than this.
Steps to reproduce:
application.conf entries: index = [index name] cluster = hive host = ["127.0.0.1:9300"] search.username = "username" search.password = "password" search.ssl.enabled = false
thehive errors: [info] o.e.c.t.TransportClientNodesService - failed to get node info for {#transport#-1}{hPf2z2MoSDq8kK5zH9MSgQ}{127.0.0.1}{127.0.0.1:9300}, disconnecting... org.elasticsearch.transport.RemoteTransportException: [node1][127.0.0.1:9300][cluster:monitor/nodes/liveness] Caused by: org.elasticsearch.ElasticsearchSecurityException: missing authentication token for action [cluster:monitor/nodes/liveness] at org.elasticsearch.xpack.core.security.support.Exceptions.authenticationError(Exceptions.java:18) at org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler.createAuthenticationError(DefaultAuthenticationFailureHandler.java:163) at org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:118) at org.elasticsearch.xpack.security.authc.AuthenticationService$AuditableTransportRequest.anonymousAccessDenied(AuthenticationService.java:658) at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$handleNullToken$19(AuthenticationService.java:467) at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.handleNullToken(AuthenticationService.java:472) at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeToken(AuthenticationService.java:356) at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$extractToken$9(AuthenticationService.java:327) at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.extractToken(AuthenticationService.java:345) at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$checkForApiKey$3(AuthenticationService.java:288)
Elasticsearch does not produce any errors.
Thank you in advance if you can provide any insight / assistance to get this working.
Same issue as #1046 I think :wink:
Request Type
Bug
Work Environment
Problem Description
I am running TheHive 3.2.1-1 and Elastic 5.6.12 without any problems. When I enabled X-Pack get "ElasticSearch Cluster is Unavailable"
Steps to Reproduce
Complementary information
TheHive Config
ES Config:
TheHive Log:
ES Log: