Closed parthuA1 closed 8 years ago
lmangani
commented
8 years ago Hi @parthuA1 I would guess the client sending data to the _bulk request is using something other than root (or no user at all)? If in doubt, could you try perform a manual authenticated CURL request to your ES instance running with Elasticfence and provide anonymized input/output?
parthuA1
commented
8 years ago I mentioned the root and rootpassword in logstash config file and now I don't get the Invalid User: /_bulk anymore. But I still keep getting
[plugin.elasticfence ] Invalid User: /
Any other thoughts? I am able to get cluster health using curl command provided I give the root and rootpassword.
lmangani
commented
8 years ago You should capture traffic on the server port and see what requests is triggering the warning. Could be logstash trying to setup _templates for instance (just a guess)
parthuA1
commented
8 years ago How can I capture traffic on the server port? Is there a command for it?
lmangani
commented
8 years ago you could use ngrep -W byline port 9200 or similar to get a chop at it (unless its encrypted of course)
lmangani
commented
8 years ago
I have installed the plugin "Elasticfence" (for Basic HTTP Auth for my ES 2.3.2). And wrote the following two lines in my elasticsearch.yml:
elasticfence.disabled: false elasticfence.root.password: rootpassword
When I restart the cluster, I keep getting this over and over again in the log file:
[INFO ][plugin.elasticfence ] Invalid User: /_bulk [INFO ][plugin.elasticfence ] Invalid User: /
What am I to do to avert this? Is there any setting I missed? Just FYI, I also have Logstash shoving logs into Elasticsearch. I mentioned the same username and password I added on the UI for Elasticfence in the Logstash Config File for output plugin of Elasitcsearch.