Kafka to Chronicle Auth Issues

zealousmaniac

Hey,

I'm trying to ingest log via Chronicle Frowarder using Kafka.I tried setting use_plain_mechanism: true in the _auth.conf to use SASL/Plain, but I am still encountering the 'SASL handshake failed' error, even though the credentials work during testing through KafkaClient. Does it use SASL_SSL by default, or do we need to specify it explicitly as well?

kentphelps

It sounds like you are taking the correct steps. Please open a case with support so they can troubleshoot why SASL/Plain is not working.

zealousmaniac

Hey, I’ve already raised a support case. I’m wondering—similar to Bindplane, where we get the default authentication as Basic—is there an attribute we can define in _auth.conf to use SASL?

Shresthpaul133

Hello,

Chronicle Forwarder does use SASL_SSL by default when you enable use_plain_mechanism: true in _auth.conf. However, you must explicitly specify both the mechanism (SASL/PLAIN) and the security protocol (SASL_SSL) in the Chronicle Forwarder Kafka configuration, or else the handshake can fail.

You can check the below steps for your reference: -

1. Ensure these options are correctly set (_auth.conf):

use_plain_mechanism: true

username: "Your User name"

password: "Your Password"

2. Ensure these options are correctly set (Kafka.conf or forwarder.conf):

kafka:

bootstrap_servers:

- "your.kafka.broker:9093"

security_protocol: "SASL_SSL"

sasl_mechanism: "PLAIN"

3. Make sure that the broker endpoint that you're connecting to is actually listening on the SASL_SSL port (usually it's 9093). But if you're using something else, please update it accordingly.

Once these steps are done, test with Kafka_CLI. I think this should work.