ES打印访问IP
一. 问题描述
ES安装searchguard插件后,客户端连接ES,密码输入错误,ES日志中提示password does not match,但是没有来源IP,导致我们不知道是谁连接的,后台一直刷新错误日志。
[2020-02-24T09:29:59,711][ERROR][c.f.s.a.BackendRegistry ] Unexpected exception com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]
[2020-02-24T09:29:59,711][INFO ][c.f.s.a.BackendRegistry ] Cannot authenticate user (or add roles) with ad 4 due to ElasticsearchSecurityException[com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]]; nested: UncheckedExecutionException[ElasticsearchSecurityException[password does not match]]; nested: ElasticsearchSecurityException[password does not match];, try next
[2020-02-24T09:29:59,711][ERROR][c.f.s.a.BackendRegistry ] Unexpected exception com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]
[2020-02-24T09:29:59,712][INFO ][c.f.s.a.BackendRegistry ] Cannot authenticate user (or add roles) with ad 4 due to ElasticsearchSecurityException[com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]]; nested: UncheckedExecutionException[ElasticsearchSecurityException[password does not match]]; nested: ElasticsearchSecurityException[password does not match];, try next
[2020-02-24T09:29:59,711][ERROR][c.f.s.a.BackendRegistry ] Unexpected exception com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]
[2020-02-24T09:29:59,711][ERROR][c.f.s.a.BackendRegistry ] Unexpected exception com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]
[2020-02-24T09:29:59,713][INFO ][c.f.s.a.BackendRegistry ] Cannot authenticate user (or add roles) with ad 4 due to ElasticsearchSecurityException[com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]]; nested: UncheckedExecutionException[ElasticsearchSecurityException[password does not match]]; nested: ElasticsearchSecurityException[password does not match];, try next
[2020-02-24T09:29:59,713][INFO ][c.f.s.a.BackendRegistry ] Cannot authenticate user (or add roles) with ad 4 due to ElasticsearchSecurityException[com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]]; nested: UncheckedExecutionException[ElasticsearchSecurityException[password does not match]]; nested: ElasticsearchSecurityException[password does not match];, try next
[2020-02-24T09:30:00,034][ERROR][c.f.s.a.BackendRegistry ] Unexpected exception com.google.common.util.concurrent.UncheckedExecutionException: ElasticsearchSecurityException[password does not match]
二. 解决办法
1. 修改日志级别,查看访问IP
修改logger.com.floragunn=trace,因为访问IP打印在trace级别中,默认INFO。
curl -u admin:admin --insecure -X PUT "https://localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d '{
"transient": {
"logger.com.floragunn": "trace"
}
}'
- transient 是临时更改,集群重启后就会恢复。
打开trace级别后日志会非常多 ,所以打印完日志及时改回去INFO
更详细请参看searchguard官方文档https://docs.search-guard.com/latest/troubleshooting-setting-log-level
2. 再次查看日志
在ERROR日志上方的resolve 后面会打印访问IP,我是本地测试,所以显示0.0.0.0
因为生产上trace日志非常多,ERROR那条日志和resolve之间会掺杂着很多其他的日志所以得慢慢向上找resolve。(ERROR和resolve会在1s之内,所以只查看这一秒钟的日志就行)
项目推荐
IT-CLOUD :IT服务管理平台,集成基础服务,中间件服务,监控告警服务等。
IT-CLOUD-ACTIVITI6 :Activiti教程源码。博文在本CSDN Activiti系列中。
IT-CLOUD-ELASTICSEARCH :elasticsearch教程源码。博文在本CSDN elasticsearch系列中。
IT-CLOUD-KAFKA :spring整合kafka教程源码。博文在本CSDN kafka系列中。
IT-CLOUD-KAFKA-CLIENT :kafka client教程源码。博文在本CSDN kafka系列中。开源项目,持续更新中,喜欢请 Star~