search

elastic / elasticsearch

Free and Open, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
68.55k stars 24.35k forks source link

Authentication API Logging #106075

Open Harmlos opened 4 months ago

Harmlos commented 4 months ago

Description

Currently, when logging authentication via the API, in case of an error, the following message is displayed:

{"@timestamp":"2024-03-07T14:00:20.001Z", "log.level": "WARN", "message":"Authentication using apikey failed - unable to find apikey with id HBjhbh", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[test-elk-coordinator][transport_worker][T#11]","log.logger":"org.elasticsearch.xpack.security.authc.ApiKeyAuthenticator","elasticsearch.cluster.uuid":"sdafsdfafdsf","elasticsearch.node.id":"asdgfsadf","elasticsearch.node.name":"test-elk-coordinator","elasticsearch.cluster.name":"test-elk-cluster"}

Unfortunately, based on this event, it is impossible to determine which client is experiencing authentication issues. I kindly request considering the possibility of adding client IP address information to the log output.

elasticsearchmachine commented 4 months ago

Pinging @elastic/es-security (Team:Security)