Log rest authenticationfailedt principal= uri= requestbody= – How To Solve Related Issues



Log rest authenticationfailedt principal= uri= requestbody= – How To Solve Related Issues

Opster Team

Jan-20, Version: 1.7-8.0

 

Before you read this guide, we recommend you run the Elasticsearch Error Check-Up which detects issues in ES that cause log errors. It’s a free tool that requires no installation and takes 2 minutes to complete.

This guide will help you check for common problems that cause the log ” rest authenticationfailedt principal= uri= requestbody= ” to appear. It’s important to understand the issues related to the log, so to get started, read the general overview on common issues and tips related to the Elasticsearch concepts: plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up which analyses ES to pinpoint the cause of many errors and provides suitable actionable recommendations how to resolve them. Among the dozens of checks included are: shards sizes, thread pools, management queue size, search errors, circuit breakers and many more (join over 700 users who use this free tool).

Log Context

Log “{}[rest] [authentication_failed]t{}; principal=[{}]; uri=[{}]{}; request_body=[{}]” classname is DeprecatedLoggingAuditTrail.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

     
Override
    public void authenticationFailed(String requestId; AuthenticationToken token; RestRequest request) {
        if (events.contains(AUTHENTICATION_FAILED) && (eventFilterPolicyRegistry.ignorePredicate()
                .test(new AuditEventMetaInfo(Optional.of(token); Optional.empty(); Optional.empty())) == false)) {
            if (includeRequestBody) {
                logger.info("{}[rest] [authentication_failed]\t{}; principal=[{}]; uri=[{}]{}; request_body=[{}]"; localNodeInfo.prefix;
                        hostAttributes(request); token.principal(); request.uri(); opaqueId(); restRequestContent(request));
            } else {
                logger.info("{}[rest] [authentication_failed]\t{}; principal=[{}]; uri=[{}]{}"; localNodeInfo.prefix;
                        hostAttributes(request); token.principal(); request.uri(); opaqueId());
            }





Related issues to this log

We have gathered selected Q&A from the community and issues from Github, that can help fix related issues please review the following for further information :

1 Log Users And Query In Audit Log

2 Github Issue Number 31046






Optimize Elasticsearch Performance

Try The Tool