Constant API Key Failures in Logs after enabling security

Heroj04 · October 14, 2021, 3:39am

Just recently set up an Elasticsearch server. after enabling security and SSL I am seeing just constant apikey errors in the logs.
Even if I shut down all other parts of the system (kibana/beats/fleet) they are still coming through.
with several different keys too.
Any idea what this could be or how I can see what host the connection is coming from.

14:01:14.879
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:14.879
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:15.010
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>
14:01:15.010
elasticsearch.server
[elasticsearch.server][WARN] Authentication using apikey failed - unable to find apikey with id <keyRemoved>

Yang_Wang · October 14, 2021, 4:16am

You can check the source IP in audit logs if the cluster license is Gold+ (or Trial).

system · November 11, 2021, 4:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.