Locating rogue clients with authentication errors

Im using filebeat to export elasticsearch logs to well... elasticsearch. I get the authentication errors but not where they come from. I tried changing the log level to TRACE for the rest package but no luck.
Is there a way to trace where the authentication is coming from?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.