Log rest runasdeniedt roles= uri= requestbody= – How To Solve Related Issues


Log rest runasdeniedt roles= uri= requestbody= – How To Solve Related Issues

Opster Team

Jan-20, Version: 1.7-8.0

 

Before you begin reading this guide, we recommend you try running the Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log ” rest runasdeniedt roles= uri= requestbody= ” to appear. It’s important to understand the issues related to the log, so to get started, read the general overview on common issues and tips related to the Elasticsearch concepts: plugin.

Advanced users might want to skip right to the common problems section in each concept or try running the Check-Up which analyses ES to pinpoint the cause of many errors and provides suitable actionable recommendations how to resolve them (free tool that requires no installation).

Log Context

Log “{}[rest] [run_as_denied]t{}; {}; roles=[{}]; uri=[{}]; request_body=[{}]{}” classname is DeprecatedLoggingAuditTrail.java
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

         if (events.contains(RUN_AS_DENIED)
                && (eventFilterPolicyRegistry.ignorePredicate().test(new AuditEventMetaInfo(Optional.of(authentication.getUser());
                        Optional.of(effectiveRealmName(authentication)); Optional.of(authorizationInfo); Optional.empty())) == false)) {
            final String[] roleNames = (String[]) authorizationInfo.asMap().get(LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME);
            if (includeRequestBody) {
                logger.info("{}[rest] [run_as_denied]\t{}; {}; roles=[{}]; uri=[{}]; request_body=[{}]{}"; localNodeInfo.prefix;
                        hostAttributes(request); runAsSubject(authentication); arrayToCommaDelimitedString(roleNames); request.uri();
                        restRequestContent(request); opaqueId());
            } else {
                logger.info("{}[rest] [run_as_denied]\t{}; {}; roles=[{}]; uri=[{}]{}"; localNodeInfo.prefix; hostAttributes(request);
                        runAsSubject(authentication); arrayToCommaDelimitedString(roleNames); request.uri(); opaqueId());




 

Optimize Elasticsearch Performance

Try The Tool