Call to get access token returned empty token without an error'
Guru668 opened this issue · 3 comments
While we configuring Falcon SIME connector in Linux machine we are facing below error.
Retrying work for partition=-1 due to error='falconhose[oauth2]: call to get access token returned empty token without an error'
Please check and update me with solution.
Thanks in advance
Guruprasad
getting the following error
INFO: REDISCOVERING for partition=-1 attempt#14205 [interval: 30s]
2021/06/30 08:02:15 discoverer.go:207: TRACE: Retrying work for partition=-1 due to error='falconhose[discoverer]: discovery failed with HTTP: 401, Payload:"meta": {
"query_time": 1.06e-7,
"powered_by": "crowdstrike-api-gateway",
"trace_id": "257e92d2-abf9-403c-9f42-f67598907c6c"
},
"errors": [
{
"code": 401,
"message": "access denied, invalid bearer token"
}
]
}
facing the same issue. @gauravm-optimus did you find the solution?
Check that you have the required scopes (read for Event Streams) and if so try to change the base url you're using for both the API and token request.
The base URLs available are:
48
49 US1 = "api.crowdstrike.com"
50 US2 = "api.us-2.crowdstrike.com"
51 EU1 = "api.eu-1.crowdstrike.com"
52 USGOV1 = "api.laggar.gcw.crowdstrike.com"
53 AUTO = "api.crowdstrike.com"
If you are using the default URL (AUTO) try changing the values set in /opt/crowdstrike/etc/cs.falconhoseclient.cfg in order to use the US2 or the EU1
api_url = https://api.crowdstrike.com/sensors/entities/datafeed/v2
request_token_url = https://api.crowdstrike.com/oauth2/token
US-2
api_url = https://api.us-2.crowdstrike.com/sensors/entities/datafeed/v2
request_token_url = https://api.us-2.crowdstrike.com/oauth2/token
EU-1
api_url = https://api.eu-1.crowdstrike.com/sensors/entities/datafeed/v2
request_token_url = https://api.eu-1.crowdstrike.com/oauth2/token