Monitoring Splunk

ta-postgres Authentication issue

marcoscala
Builder

hi!
I'm trying to monitor a Postgres DB using the ta-postgres TA.

I have an authentication issue: the DBA created a user "splunk" and provided me with the password. I have tried the following configuration options in ta-postgres/local/postgrestats.conf:

Option 1.
[default]
defaultdb =
host = host.domain
port = 5432
user = splunk
password = {md5}splunk83fef3dd6477

Option 2.
[default]
defaultdb =
host = host.domain
port = 5432
user = splunk
password = md5bacb6374010b3f7af42dc7a670da9db4
(md5 coded password from the postgres db)

In both cases I get the following error message on the DB in the "postgresql*.log :
UTC FATAL: password authentication failed for user "splunk"

Thanks for support!!!

Tags (1)
0 Karma
1 Solution

marcoscala
Builder

Actually, digging in the code of the ta, we found that the bin/postgrestats.py uses the connect method from psycopg2:

psycopg2.connect(connect_string(defaultdb, dbhost, dbport, dbuser, dbpassword))

Cheching online it looks like the dbpassword must be passed NOT MD5ed...

so the working final config for me was:

password = splunk83fef3dd6477

with the password in clear!!!

Hope this will help!!!

View solution in original post

0 Karma

marcoscala
Builder

Actually, digging in the code of the ta, we found that the bin/postgrestats.py uses the connect method from psycopg2:

psycopg2.connect(connect_string(defaultdb, dbhost, dbport, dbuser, dbpassword))

Cheching online it looks like the dbpassword must be passed NOT MD5ed...

so the working final config for me was:

password = splunk83fef3dd6477

with the password in clear!!!

Hope this will help!!!

0 Karma

marcoscala
Builder

Here is the source of our findings:

https://wiki.postgresql.org/wiki/Psycopg2_Tutorial

0 Karma
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...