Filbeat not Starting after enabling Security

Hi,

All the beats were working fine till i had not enabled security(username/password). But when i enabled it, everything went down, and when i try to start the filebeat, it throws an the below error

Error:- 2018-09-24T10:28:12.858+0800 ERROR instance/beat.go:743 Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: . Response: {"statusCode":401,"error":"Unauthorized"}.
Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: fail to get the Kibana version: HTTP GET request to /api/status fails: . Response: {"statusCode":401,"error":"Unauthorized"}.
Exiting: error loading config file: yaml: line 169: did not find expected key

Since i am using logstash, I have enabled it like this in filebeat.yml, let me know whether i need to use logstash credentials to push the details from filebeat>> logstash

output.logstash:

The Logstash hosts

hosts: ["XXXXXXXXX:5044"]

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

 username: "elastic"
 password: "XXXXX"

I Followed the documentation for the latest 6.4 version and based on that i created a filebeat user internal and try to run it and I get the following error.

Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: Error creating Kibana client: can not convert 'object' into 'string' accessing 'setup.kibana.host' (source:'filebeat.yml')

After enabling the security, whether you created the users for ES, Kibana and logstash?
Seems to be the issue with the credentials mismatch! Recommend to review the credentials of the respective users!
Mentioned that you are pushing logs to the Logstash!

1 Like

Yes, i am pushing logs to logstash, and the credentials seems to work fine now ,but now the filebeat harvestor is not working.

Could you paste the errors that are prompting in the beats log?

es:admin/create] is unauthorized for user [kibana]"})
[2018-09-25T13:52:28,360][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"action [indices:admin/create] is unauthorized for user [kibana]"})
[2018-09-25T13:52:28,360][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"action [indices:admin/create] is unauthorized for user [kibana]"})
[2018-09-25T13:52:28,360][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"action [indices:admin/create] is unauthorized for user [kibana]"})

But now the issue is fixed, as the user kibana didnt have the permissions. So yes you are right , user and roles played an important role now. The issue is fixed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.