I currently have a 3-node Graylog cluster which is seemingly running fine. I have access to the data sent to my outputs, I can view metrics related to my nodes, etc.
However, in the Graylog logs there are a lot of the following messages, but only on my Master node:
WARN [ProxiedResource] Unable to call https://<SlaveNode1_IP>:9000/api/system/metrics/multiple on node <SlaveNode1_ID>, result: Unauthorized
WARN [ProxiedResource] Unable to call https://<SlaveNode2_IP>:9000/api/system/metrics/multiple on node <SlaveNode2_ID>, result: Unauthorized
Now obviously this seems like an authentication error. When running curl from the command line, here are the results:
root@MASTER:~# curl -i https://<SlaveNode1_IP>:9000/api/?pretty=true
HTTP/1.1 200 OK
Date: Tue, 12 Nov 2019 19:53:29 GMT
“cluster_id” : ClusterID,
“node_id” : NodeID,
“version” : “3.1.0+aa5175e”,
“tagline” : “Manage your logs in the dark and have lasers going and make it look like you’re from >space!”
root@MASTER:~# curl -i https://<SlaveNode1_IP>:9000/api/system
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm=“Graylog Server”
Date: Tue, 12 Nov 2019 19:17:53 GMT
As we can see, it seems to be able to connect just fine to /api, but when attempting to connect to /api/system it’s getting an “Unauthorized” error. I also attempted to use the API Browser (System -> Nodes -> API Browser) on the Slave nodes, and if requesting a response from /system/metrics, I get a popup asking for authentication, which matches the behavior from calling /api/system from curl.
Now although everything seems to be working nonetheless, I’m worried this might hide a problem down the line. I have nothing apart from the mentioned line in the logs, so it doesn’t tell me what it’s trying to fetch and for what purpose.
Is there an authentication option I might be missing somewhere? What is considered a “ProxiedResource”?
Graylog Version: 3.1.0
ElasticSearch Version: 6.8.3
MongoDB Version: 4.0.12