Continous failure user logs every second

Hi Team,

in our Production environment we are receiving the below mentioned log every second and it is piling up the data to almost one GB of logs a day. kindly find the error log message and advise how to stop this logs.

2018-05-31 00:00:13,228 ERROR: org.graylog2.restclient.models.UserService - Unauthorized to load user CCR_GT
org.graylog2.restclient.lib.APIException: API call failed GET http://@10.46.176.190:12900/users/CCR_GT returned 401 Unauthorized body:
        at org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder.execute(ApiClientImpl.java:481) ~[org.graylog2.graylog2-rest-client-1.0.1.jar:na]
        at org.graylog2.restclient.models.UserService.retrieveUserWithSessionId(UserService.java:160) ~[org.graylog2.graylog2-rest-client-1.0.1.jar:na]
        at lib.security.RedirectAuthenticator.authenticateSessionUser(RedirectAuthenticator.java:122) [graylog-web-interface.graylog-web-interface-1.0.1.jar:1.0.1]
        at lib.security.RedirectAuthenticator.getUsername(RedirectAuthenticator.java:54) [graylog-web-interface.graylog-web-interface-1.0.1.jar:1.0.1]
        at play.mvc.Security$AuthenticatedAction.call(Security.java:37) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.core.j.JavaAction$$anonfun$11.apply(JavaAction.scala:82) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.core.j.JavaAction$$anonfun$11.apply(JavaAction.scala:82) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na]
        at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na]
        at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:40) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:46) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:32) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at scala.concurrent.impl.Future$.apply(Future.scala:31) [org.scala-lang.scala-library-2.10.4.jar:na]
        at scala.concurrent.Future$.apply(Future.scala:485) [org.scala-lang.scala-library-2.10.4.jar:na]
        at play.core.j.JavaAction$class.apply(JavaAction.scala:82) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1.apply(Router.scala:252) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5.apply(Action.scala:130) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5.apply(Action.scala:130) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.utils.Threads$.withContextClassLoader(Threads.scala:21) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4.apply(Action.scala:129) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4.apply(Action.scala:128) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at scala.Option.map(Option.scala:145) [org.scala-lang.scala-library-2.10.4.jar:na]
        at play.api.mvc.Action$$anonfun$apply$1.apply(Action.scala:128) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.mvc.Action$$anonfun$apply$1.apply(Action.scala:121) [com.typesafe.play.play_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Iteratee$$anonfun$mapM$1.apply(Iteratee.scala:483) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Iteratee$$anonfun$mapM$1.apply(Iteratee.scala:483) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1.apply(Iteratee.scala:519) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1.apply(Iteratee.scala:519) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14.apply(Iteratee.scala:496) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14.apply(Iteratee.scala:496) [com.typesafe.play.play-iteratees_2.10-2.3.6.jar:2.3.6]
        at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na]
        at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24) [org.scala-lang.scala-library-2.10.4.jar:na]
        at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:41) [com.typesafe.akka.akka-actor_2.10-2.3.4.jar:na]
        at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:393) [com.typesafe.akka.akka-actor_2.10-2.3.4.jar:na]
        at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) [org.scala-lang.scala-library-2.10.4.jar:na]
        at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) [org.scala-lang.scala-library-2.10.4.jar:na]
        at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [org.scala-lang.scala-library-2.10.4.jar:na]
        at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [org.scala-lang.scala-library-2.10.4.jar:na]

Regards,
Rajesh

The unauthorized HTTP client trying to access the details of the user “CCR_GT” has to stop.

Also, it looks like you’re using a very old version of Graylog (and the Graylog web interface). I’d strongly recommend upgrading to a newer version (e. g. Graylog 2.4.5).

Hi Jochen,

Thank you for the swift response. Is there a way to stop Unauthorized client to access the user details.

Regards,

Yes. Stop the clients.

Other than that, they’ll only receive an “Unauthorized” response and won’t see the actual user details.

You could of course also try to find out the IP address of these clients and create a firewall rule to block them from communicating with the machine running Graylog.

Hi Jochen,

In the log I am not able to find the IP of the client. Is there any other place where we can check the details.

http://@10.46.176.190:12900/users/CCR_GT is the Gray log server.

Regards,

You could use Wireshark to find out which client is trying to access the mentioned HTTP resource.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.