Getting error while trying to connect a DB from ELK

sreya_14 · March 18, 2025, 11:11am

Getting connectivity error while trying to connect through default user and password for elasticsearch.

"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:54640}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[canon-dev-2][transport_worker][T#11]","log.logger":"org.elasticsearch.http.netty4.Netty4HttpServerTransport","elasticsearch.cluster.uuid":"Hbh2VExoTI2yifEp-BxlAw","elasticsearch.node.id":"D0-8vUujTVGttaORQTBIkQ","elasticsearch.node.name":"canon-dev-2","elasticsearch.cluster.name":"canon-elk-dev"}
{"@timestamp":"2025-03-18T11:00:22.969Z", "log.level": "INFO", "message":"Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user .

Can anyone help me out here?

stephenb · March 18, 2025, 2:07pm

Hi @sreya_14

As The error indicates that the client is trying to connect the elasticsearch on http where it should be trying to connect on https.

What version are you on?
How did you set up elasticsearch?
What client are you using to connect?
And can you curl the elasticsearch end point?

curl -v -u elastic https://<host-or-ip>:9200

sreya_14 · March 20, 2025, 11:07am

What version are you on?
Ans: We are having mixed version in our two clusters
In one node:
logstash-8.8.1-1.x86_64
elasticsearch-8.8.1-1.x86_64
and in an other server :
elasticsearch-7.17.8-1.x86_64

This version mismatch could be a reason for this error?

How did you set up elasticsearch?

Ans: Elastic search is present on two servers pldevelk02 and pldevelk02
What client are you using to connect?

Ans:
We have written a pipeline in logstash pldevelk03 and trying to connect to pldevelk02

input {
  jdbc {
    jdbc_driver_library => "/usr/share/logstash/logstash-core/lib/jars/ojdbc8.jar"
    jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
    jdbc_connection_string => "jdbc:oracle:thin:@//plexa2clnpd.canonhosted.net:1543/ERFSUPSVC"
    jdbc_user => "apps"
    jdbc_password => "ErfSupApps306"
    schedule => "* * * * *"  # Adjust the schedule as needed
    statement => "SELECT * FROM apps.ra_customer_trx_all where 1=1 and TRX_NUMBER = '1708100004049'"
  }
}

output {
  elasticsearch {
      hosts => ["https://pldevelk02.canonhosted.net:9201"]
      index => "oracle_index"
     }
  stdout { codec => json }
}

And can you curl the elasticsearch end point?

Ans : have run the curl

[apelkdev@pldevelk03 ~]$ curl -v -u elastic https://pldevelk02.canonhosted.net:9200
Enter host password for user 'elastic':

About to connect() to pldevelk02.canonhosted.net port 9200 (#0)
Trying 172.24.217.20...
Connected to pldevelk02.canonhosted.net (172.24.217.20) port 9200 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
SSL received a record that exceeded the maximum permissible length.
Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

Please suggest

stephenb · March 20, 2025, 5:17pm

So happens if you run just http

curl -v -u elastic http://pldevelk02.canonhosted.net:9200

or
curl -v http://pldevelk02.canonhosted.net:9200

Perhaps one of your Elastic clusters is HTTPS and the other is HTTP

You need to determine that

sreya_14 · March 24, 2025, 11:14am

yes after run without http it worked but only with a warning which seems to be for security

[apelkdev@pldevelk03 elasticsearch]$ curl -v http://pldevelk02.canonhosted.net:9200
* About to connect() to pldevelk02.canonhosted.net port 9200 (#0)
*   Trying 172.24.217.20...
* Connected to pldevelk02.canonhosted.net (172.24.217.20) port 9200 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: pldevelk02.canonhosted.net:9200
> Accept: */*
>
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< Warning: 299 Elasticsearch-7.17.8-120eabe1c8a0cb2ae87cffc109a5b65d213e9df1 "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."
< content-type: application/json; charset=UTF-8

Thanks for your help .
Can you let me know if the pipeline conf is ok to connect to DB ? because in elasticsearch llog we found this error

[2025-03-24T12:13:44,145][WARN ][o.e.h.n.Netty4HttpServerTransport] [canon-dev-2] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:41046}
[2025-03-24T12:13:46,626][WARN ][o.e.h.n.Netty4HttpServerTransport] [canon-dev-2] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:41050}
[2025-03-24T12:13:52,968][INFO ][o.e.x.s.a.RealmsAuthenticator] [canon-dev-2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2025-03-24T12:13:53,636][WARN ][o.e.h.n.Netty4HttpServerTransport] [canon-dev-2] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:41070}
[2025-03-24T12:14:02,971][INFO ][o.e.x.s.a.RealmsAuthenticator] [canon-dev-2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2025-03-24T12:14:05,409][WARN ][o.e.h.n.Netty4HttpServerTransport] [canon-dev-2] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:41084}
[2025-03-24T12:14:12,969][INFO ][o.e.x.s.a.RealmsAuthenticator] [canon-dev-2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[2025-03-24T12:14:13,071][WARN ][o.e.h.n.Netty4HttpServerTransport] [canon-dev-2] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:41102}
[2025-03-24T12:14:19,674][WARN ][o.e.h.n.Netty4HttpServerTransport] [canon-dev-2] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/172.24.217.21:9200, remoteAddress=/172.24.217.20:41108}
[2025-03-24T12:14:22,971][INFO ][o.e.x.s.a.RealmsAuthenticator] [canon-dev-2] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

Topic		Replies	Views
Failed to authenticate user [elastic] AND received plaintext http traffic on an https channel, closing connection Elasticsearch elastic-stack-security	3	562	October 15, 2021
Connection failed to Elasticsearch: failed to authenticate user Elasticsearch	7	3391	February 20, 2018
Authentication of [elastic] was terminated by realm [reserved] Elasticsearch docker	1	573	December 21, 2022
Authentication Error and SSL Elasticsearch elastic-stack-security	2	124	September 1, 2024
Authentication Exception Elasticsearch elastic-stack-security	3	1068	May 10, 2022

Getting error while trying to connect a DB from ELK

Related topics