Jdbc_password_filepath not functioning in input-jdbc filter

Hi everyone,

I'm currently building some Logstash input filters which works great. The one thing I can't get working though is the jdbc_password_filepath setting.

The query below is what I'm trying to run, with some stuff like SID, username/password anonymized. When I comment the jdbc_password_filepath and uncomment jdbc_password everything works fine so there's nothing wrong with the code. The credential file has the logstash user as owner and has read write permissions for the user (600). The file is 1 line large and only contains the plain text password, copy/pasted from the config file.

input { jdbc { jdbc_validate_connection => true jdbc_connection_string => "jdbc:oracle:thin:@SID" jdbc_user => "jdbcuser" #jdbc_password => "jdbcpassword" jdbc_password_filepath => "/etc/logstash/credential_file" jdbc_driver_library => "/opt/logstash/config/lib/ojdbc7.jar" jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver" statement => "SELECT query FROM table" schedule => "*/5 * * * *" tags => [jdbc] } }

The error message Logstash shows me is:

:error=>"Java::JavaSql::SQLException: ORA-01017: invalid username/password; logon denied\n"}

Since the credentials work from inside the input config it appears the issue is with the jdbc_password_filepath parameter. Or the password file is not formatted correctly, but the documentation doesn't mention anything about formatting.

Any ideas would be welcome!

Have you tried using e.g. Wireshark to inspect the network traffic and see what password is actually sent? Does it match what's being sent when you're not using a password file? (I'm assuming it's an unencrypted TCP connection.)

Apparently it's a bug. There's already a pr for it: https://github.com/logstash-plugins/logstash-input-jdbc/pull/217

Wireshark would've indeed be a good next step to look at, thanks for the suggestion.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.