Xpack defaults, beats_system authentication error

We are running Elasticsearch 6.3.2 on our system and xpack.security.enabled is set to true on only the elastic nodes within our system. I have also ran the bin/elasticsearch-setup-passwords interactive setup on all three of our nodes so we have changed all of the passwords for elastic, kibana, logstash_system and beats_system. If you need any other info please let me know, first time poster here.

So a really basic question here but after reading the documentation for Elastic, Kibana and Logstash its stated that in Kibana that xpack.security.enabled is set to true by default. However when I go into our kibana.yml files there is nothing within the text that is set to xpack.security.enabled: true. Does this mean that I actually have to input xpack.security.enabled: true in order to turn xpack on in kibana?

Also, our system is getting an; elasticsearch: [2018-08-31T08:33:50,289][INFO ][o.e.x.s.a.AuthenticationService] [dch1090ql5app] Authentication of [beats_system] was terminated by realm [reserved] - failed to authenticate user [beats_system] error message and if I took a guess it has something to do with the fact that I ran the bin/elasticsearch-setup-passwords interactive command and changed the passwords. It seems to me that I'm missing a few steps in here and some help would be appreciated. If you could point me to what changes need to be made so that things can communicate again that would be appreciated. Thank you elastic community and enjoy your day!

Hi Ryan,

Security is enabled by default in kibana, you don't need to set

xpack.security.enabled: true


You don't need to run this in all your nodes, you should only need to run it once in your cluster.

This is your beats instance trying to communicate to Elasticsearch and failing. You need to go and set the newly configured beats_system password in each one of your beats.

Does this need to go in the elasticsearch, logstash or kibana yml file?
xpack.monitoring.elasticsearch.username: beats_system
xpack.monitoring.elasticsearch.password: beatspassword

Please see the docs on how to set up your beats for security

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.