I am seeing this log repeated twice a minute on one of my ES servers:
[2023-05-10T00:11:33,186][WARN ][o.e.x.s.a.RealmsAuthenticator] [secesprd02] Authentication to realm default_native failed - Password authentication failed for beat_setup
The problem is that there is no indication of where the authentication attempt originated from.
How can I tell which host is causing this?
I have used netstat to check who is connecting to the server but there is nothing unexpected. I have looked for repeated short session but there aren't any.