ES Cluster: relation between password error and disk utilization high

security

(Rijin) #1

Hi All ,

 Its a doubt,

 I am trying to co-relate one issue and a situation.

My ES cluster (6.4 , 3 Master 2 Data) and kibana and logstash is working well . X-pack is enabled in ES and kibana ( elastic:changeme connected) . And enabled Security audit logs in all machines.

Indexed lots of sample log in Data node.

After 5 days ES data node's /var/log/elasticsearch directory ( Partition) disk usage is breached 90% .

When I am checked on next day elasticsearch is rejecting password form kibana and logstash filter .

used this command also :
curl --user elastic:changeme -XGET 'ip:9200/_cat/indices?v'

Password error showing . But I am sure about the password . It is "changeme"

Is it because of disk usage issue ?
I think security index is crashed. because of disc-usage is very high .


(Ioannis Kakavas) #2

Please take a look at your logs (elasticsearch.log in /var/log/elasticsearch ) from the node that you attempt to authenticate against. The issue would probably manifest in there as ERROR messages. If unsure, share some of these logs here so that we can offer some constructive feedback.


(Rijin) #3

I Lost the logs. Re installed now . Authentication failed . Password incorrect is the error message .

Header issue


(Rijin) #4

Is there any chance to user authentication affecting by high disk usage ?


(Ioannis Kakavas) #5

So, you have new logs now. Can you please take a look and tell us what you see ? It's much more productive than answering hypothetical questions.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.