Skip to main content

Hey,

I'm trying to ingest log via Chronicle Frowarder using Kafka.I tried setting use_plain_mechanism: true in the _auth.conf to use SASL/Plain, but I am still encountering the 'SASL handshake failed' error, even though the credentials work during testing through KafkaClient. Does it use SASL_SSL by default, or do we need to specify it explicitly as well?

It sounds like you are taking the correct steps.  Please open a case with support so they can troubleshoot why SASL/Plain is not working.

Hey, I’ve already raised a support case. I’m wondering—similar to Bindplane, where we get the default authentication as Basic—is there an attribute we can define in _auth.conf to use SASL?

Hello,
 
Chronicle Forwarder does use SASL_SSL by default when you enable use_plain_mechanism: true in _auth.conf. However, you must explicitly specify both the mechanism (SASL/PLAIN) and the security protocol (SASL_SSL) in the Chronicle Forwarder Kafka configuration, or else the handshake can fail.
 
You can check the below steps for your reference: - 
 
1. Ensure these options are correctly set (_auth.conf):
use_plain_mechanism: true
username: "Your User name"
password: "Your Password"
 
2. Ensure these options are correctly set (Kafka.conf or forwarder.conf):
kafka:
  bootstrap_servers:
    - "your.kafka.broker:9093"
  security_protocol: "SASL_SSL"
  sasl_mechanism: "PLAIN"
 
3. Make sure that the broker endpoint that you're connecting to is actually listening on the SASL_SSL port (usually it's 9093). But if you're using something else, please update it accordingly. 
 
Once these steps are done, test with Kafka_CLI. I think this should work. 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.