I am seeing this log repeated twice a minute on one of my ES servers: [2023-05-10T00:11:33,186][WARN ][o.e.x.s.a.RealmsAuthenticator] [secesprd02] Authentication to realm default_native failed - Password authentication failed for beat_setup The problem is that there is no indication of where the a…

Trace source of authentication failures from logs

Russell_Fulton (Russell Fulton) May 10, 2023, 12:40am 2

OK, I found the xpack.audit setting but that does not work since I am using the basic licence.

Topic		Replies	Views
Source of authentication Elasticsearch	2	370	June 30, 2020
Security audit index shows tons of fake failed authentications/min (5.1.1) - SOLVED Elasticsearch	3	1345	March 6, 2017
Failed to authenticate user [elastic] Elasticsearch elastic-stack-security	4	806	September 8, 2020
Elasticsearch Audit Logs decipher Elasticsearch	3	181	December 19, 2023
Locating rogue clients with authentication errors Elasticsearch	1	290	December 28, 2020