That is an error from the auditbeat client. Any solutions to fix this problem?

Elastic Stack Beats
1

root@dcim:~# auditbeat setup
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://172.16.5.199:9200: 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Bearer realm=\"security\"","ApiKey","Basic realm=\"security\" charset=\"UTF-8\""]}},"status":401}]

2

Hello, in your auditbeat.yml are you specifying a username and password for connecting to Elasticsearch?

https://www.elastic.co/guide/en/beats/auditbeat/current/elasticsearch-output.html

3

Got it. Thank you

4

@Michael_Madden Could you help me?
I have followed that link https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash#step-2-6-4

    [root@elastic logstash]# systemctl start logstash
    [root@elastic logstash]# systemctl status logstash
    ● logstash.service - logstash
       Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
       Active: active (running) since Wed 2019-10-30 01:54:30 EDT; 16s ago
     Main PID: 23345 (java)
       CGroup: /system.slice/logstash.service
               └─23345 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX...

    Oct 30 01:54:30 elastic.nbc.org.kh.local systemd[1]: logstash.service holdoff time over, scheduling restart.
    Oct 30 01:54:30 elastic.nbc.org.kh.local systemd[1]: Stopped logstash.
    Oct 30 01:54:30 elastic.nbc.org.kh.local systemd[1]: Started logstash.
    Oct 30 01:54:30 elastic.nbc.org.kh.local logstash[23345]: OpenJDK 64-Bit Server VM warning: If the number...s=N
    Hint: Some lines were ellipsized, use -l to show in full. 

    [root@elastic logstash]# less /var/log/logstash/logstash-plain.log
    [2019-10-30T01:50:33,908][FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/var/lib/logstash/queue" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:489:in `validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:271:in `validate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:182:in `block in validate_all'", "org/jruby/RubyHash.java:1417:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:181:in `validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:283:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:242:in `run'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:73:in `<main>'"]}
    [2019-10-30T01:50:34,070][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
    [2019-10-30T01:51:10,940][FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/var/lib/logstash/queue" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:489:in `validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:271:in `validate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:182:in `block in validate_all'", "org/jruby/RubyHash.java:1417:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:181:in `validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:283:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:242:in `run'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:73:in `<main>'"]}
    [2019-10-30T01:51:10,961][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
    [2019-10-30T01:51:44,279][FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/var/lib/logstash/queue" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:489:in `validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:271:in `validate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:182:in `block in validate_all'", "org/jruby/RubyHash.java:1417:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:181:in `validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:283:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:242:in `run'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:73:in `<main>'"]}
    [2019-10-30T01:51:44,327][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.