Skip to main content

Kafka to Chronicle Auth Issues

  • May 21, 2025
  • 3 replies
  • 36 views
Z
Forum|alt.badge.img+1

Hey,

I'm trying to ingest log via Chronicle Frowarder using Kafka.I tried setting use_plain_mechanism: true in the _auth.conf to use SASL/Plain, but I am still encountering the 'SASL handshake failed' error, even though the credentials work during testing through KafkaClient. Does it use SASL_SSL by default, or do we need to specify it explicitly as well?

3 replies

kentphelps
Staff
Forum|alt.badge.img+12
  • kentphelps
  • Staff
  • May 22, 2025

It sounds like you are taking the correct steps.  Please open a case with support so they can troubleshoot why SASL/Plain is not working.

    Z
    Forum|alt.badge.img+1
    • zealousmaniac
    • Author
    • New Member
    • May 22, 2025

    Hey, I’ve already raised a support case. I’m wondering—similar to Bindplane, where we get the default authentication as Basic—is there an attribute we can define in _auth.conf to use SASL?

    S
    Forum|alt.badge.img
    Hello,
     
    Chronicle Forwarder does use SASL_SSL by default when you enable use_plain_mechanism: true in _auth.conf. However, you must explicitly specify both the mechanism (SASL/PLAIN) and the security protocol (SASL_SSL) in the Chronicle Forwarder Kafka configuration, or else the handshake can fail.
     
    You can check the below steps for your reference: - 
     
    1. Ensure these options are correctly set (_auth.conf):
    use_plain_mechanism: true
    username: "Your User name"
    password: "Your Password"
     
    2. Ensure these options are correctly set (Kafka.conf or forwarder.conf):
    kafka:
      bootstrap_servers:
        - "your.kafka.broker:9093"
      security_protocol: "SASL_SSL"
      sasl_mechanism: "PLAIN"
     
    3. Make sure that the broker endpoint that you're connecting to is actually listening on the SASL_SSL port (usually it's 9093). But if you're using something else, please update it accordingly. 
     
    Once these steps are done, test with Kafka_CLI. I think this should work. 
    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.