searchguard usage on windows
693 views
Skip to first unread message
vinod hy
Jun 26, 2017, 6:37:11 AM6/26/17
to Search Guard
Hi All,
I am using ELK in my development environment and i was able to set it up properly in windows environment. The complete ELK flow is working fine and i am able to see output in kibana. Now my requirement is to secure the ELK communication using SSL certificates. I have used x-pack for the same and i was able to achieve it. Since its not free, i am exploring searchguard and i am stuck.
first of all please let me know if i can go ahead with searchguard. My application is an enterprise application. All the communication has to be made secure once the application goes to production environment.
which one do you recommend. x-pack or searchguard. is only cost the difference? or is there any other difference.
Regards,
Vinod H Y
SG
Jun 26, 2017, 11:18:07 AM6/26/17
to search...@googlegroups.com
> Am 26.06.2017 um 12:37 schrieb vinod hy <hy.vi...@gmail.com>:
>
> Hi All,
>
> I am using ELK in my development environment and i was able to set it up properly in windows environment. The complete ELK flow is working fine and i am able to see output in kibana. Now my requirement is to secure the ELK communication using SSL certificates. I have used x-pack for the same and i was able to achieve it. Since its not free, i am exploring searchguard and i am stuck.
>
> first of all please let me know if i can go ahead with searchguard. My application is an enterprise application. All the communication has to be made secure once the application goes to production environment.
>
> which one do you recommend. x-pack or searchguard. is only cost the difference? or is there any other difference.
Pls. see also https://floragunn.com/search-guard-elasticsearch-faq/ and https://floragunn.com/searchguard-license-support/
>
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
vinod hy
Jun 26, 2017, 1:18:58 PM6/26/17
to search...@googlegroups.com
Hi,
Thanks for the info. I am using the below link to follow the steps,
I have,
1. installed the plugin using the below command,
elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.0-12
2.Ran the sh install_demo_configuration.sh
This modified the elasticsearch.yml file with searchguard ssl paths
3. Now ifi try to run sh sgadmin_demo.sh, I get the below error,
Error: Could not find or load main class com.floragunn.searchguard.tools.SearchGuardAdmin
Please let me know the issue here.
And also i have generated SSL certificates which i want to use here. Not the ones that got generated. Please help me with this also.
Regards,
Vinod H Y
On Mon, Jun 26, 2017 at 8:48 PM, SG <in...@search-guard.com> wrote:
> Am 26.06.2017 um 12:37 schrieb vinod hy <hy.vi...@gmail.com>:
>
> Hi All,
>
> I am using ELK in my development environment and i was able to set it up properly in windows environment. The complete ELK flow is working fine and i am able to see output in kibana. Now my requirement is to secure the ELK communication using SSL certificates. I have used x-pack for the same and i was able to achieve it. Since its not free, i am exploring searchguard and i am stuck.
>
Where are you stuck? What have you tried, what is not working? Can you send more details and logoutput?
> first of all please let me know if i can go ahead with searchguard. My application is an enterprise application. All the communication has to be made secure once the application goes to production environment.
Search Guard should be running well on Windows.
>
> which one do you recommend. x-pack or searchguard. is only cost the difference? or is there any other difference.
Depends on the features you need. For ore details about SG vs. X-Pack pls. contact us via mail or the contact form on the website (https://floragunn.com/contact/)
Pls. see also https://floragunn.com/search-guard-elasticsearch-faq/ and https://floragunn.com/searchguard-license-support/
>
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
Regards,
Vinod H Y
SG
Jun 26, 2017, 5:40:57 PM6/26/17
to search...@googlegroups.com
The .sh scripts and the demo configuration do not work on windows normally, we recommend to generate certificates here https://floragunn.com/tls-certificate-generator/
For sgadmin however there is a .bat file suitable for windows.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
For sgadmin however there is a .bat file suitable for windows.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
vinod hy
Jun 27, 2017, 4:46:11 AM6/27/17
to search...@googlegroups.com
Hi,
Ok. I am doing to fresh installation for searchguard plugin.
Step 1:
In my office environment,
elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.0-12 command doesnt work.I get some connection errors.
For that, i downloaded the plugin offline from the below link,
http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.floragunn%22%20AND%20a%3A%22search-guard-5%22
i downloaded the zip version. Please confirm if its the right one.
Step 2:
As per your advice, i got the certificates generated from the below link,
Now, Please tell me what to do next. You have any link which explains the steps for windows?
Regards,
Vinod H Y
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
SG
Jun 27, 2017, 11:12:54 AM6/27/17
to search...@googlegroups.com
> Ok. I am doing to fresh installation for searchguard plugin.
>
> Step 1:
>
> In my office environment,
> elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.0-12 command doesnt work.I get some connection errors.
>
> For that, i downloaded the plugin offline from the below link,
> http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.floragunn%22%20AND%20a%3A%22search-guard-5%22
>
> i downloaded the zip version. Please confirm if its the right one.
correct
>
> Step 1:
>
> In my office environment,
> elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.0-12 command doesnt work.I get some connection errors.
>
> For that, i downloaded the plugin offline from the below link,
> http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.floragunn%22%20AND%20a%3A%22search-guard-5%22
>
> i downloaded the zip version. Please confirm if its the right one.
>
> Step 2:
>
> As per your advice, i got the certificates generated from the below link,
> https://floragunn.com/tls-certificate-generator/
>
> Now, Please tell me what to do next. You have any link which explains the steps for windows?
>
There is nothing special for windows except that your files path look a little bit different.
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com.
SG
Jun 27, 2017, 12:01:26 PM6/27/17
to search...@googlegroups.com
Install Plugin (online):
C:\temp\elasticsearch-5.4.2>bin\elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.2-12
Or install plugin offline (dowload search-guard-5-5.4.2-12.zip):
C:\temp\elasticsearch-5.4.2>bin\elasticsearch-plugin install -b file:///c:\temp\search-guard-5-5.4.2-12.zip
Get certificates from floragunn TLS certificate generator and put all *.jks files into the config/ folder of elasticsearch.
Edit elasticsearch.yml and add:
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.ssl.transport.keystore_filepath: CN=test-keystore.jks
searchguard.ssl.transport.keystore_password: 9eac388c9aaabec42528
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: 2cef95ce1fceb3927cbe
(The paswords are contained in the Readme of the certificate bundle, these here are just examples)
Start elasticsearch and wait a minute until its started.
Make sure JAVA_HOME is set:
C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>echo %JAVA_HOME%
C:\Program Files\Java\jre1.8.0_131
If not set it to something like this:
C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>set JAVA_HOME=C:\Program Files\Java\jre1.8.0_131
Execute sgadmin to initialze Seatch Guard:
C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>sgadmin.bat -cd ..\sgconfig -ts C:\temp\elasticsearch-5.4.2\config\truststore.jks -tspass 2cef95ce1fceb
3927cbe -ks “C:\temp\elasticsearch-5.4.2\config\CN=sgadmin-keystore.jks” -kspass 44491845dcdc0279d222 –nhnv
(The paswords are contained in the Readme of the certificate bundle, these here are just examples)
You're done
> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
C:\temp\elasticsearch-5.4.2>bin\elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.2-12
Or install plugin offline (dowload search-guard-5-5.4.2-12.zip):
C:\temp\elasticsearch-5.4.2>bin\elasticsearch-plugin install -b file:///c:\temp\search-guard-5-5.4.2-12.zip
Get certificates from floragunn TLS certificate generator and put all *.jks files into the config/ folder of elasticsearch.
Edit elasticsearch.yml and add:
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.ssl.transport.keystore_filepath: CN=test-keystore.jks
searchguard.ssl.transport.keystore_password: 9eac388c9aaabec42528
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: 2cef95ce1fceb3927cbe
(The paswords are contained in the Readme of the certificate bundle, these here are just examples)
Start elasticsearch and wait a minute until its started.
Make sure JAVA_HOME is set:
C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>echo %JAVA_HOME%
C:\Program Files\Java\jre1.8.0_131
If not set it to something like this:
C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>set JAVA_HOME=C:\Program Files\Java\jre1.8.0_131
Execute sgadmin to initialze Seatch Guard:
C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>sgadmin.bat -cd ..\sgconfig -ts C:\temp\elasticsearch-5.4.2\config\truststore.jks -tspass 2cef95ce1fceb
3927cbe -ks “C:\temp\elasticsearch-5.4.2\config\CN=sgadmin-keystore.jks” -kspass 44491845dcdc0279d222 –nhnv
(The paswords are contained in the Readme of the certificate bundle, these here are just examples)
You're done
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com.
vinod hy
Jun 27, 2017, 12:06:44 PM6/27/17
to search...@googlegroups.com
1. So i created the certifcates using the TLS certificate generator. So i need not use install_demo_configuration.sh.. right?
2. and what about the sgadmin.bat/sgadmin.sh.
As per the searchguard installation steps as per the below link,
It says to execute ./sgadmin_demo.sh also.
I am getting confused here. What are these sgadmin script files.How to run them and when to run them. Can you please provide an example here.
> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/DEADFD4F-FB6B-4BF7-8C25-D74E0BFCC926%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
vinod hy
Jun 27, 2017, 12:09:14 PM6/27/17
to search...@googlegroups.com
thanks a lot for the information, Will try to follow it and get back to you. Really appreciate your time and help here.
> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/D10A0A71-8791-408A-AC6A-FBA3D13245CA%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
vinod hy
Jun 27, 2017, 12:15:52 PM6/27/17
to search...@googlegroups.com
Actually i have all the setup in my office machine. I will check it tomorrow and update you. Meanwhile, i have one more doubt. I need to add openssl certificates. Is the procedure same or does it vary.
vinod hy
Jun 29, 2017, 5:44:06 AM6/29/17
to search...@googlegroups.com
Hi,
I followed the steps as mentioned above. There are 2 issues i am observing,
Issue 1:
If i run localhost:9200 on browser, it displays error message as below,
Search Guard not initialized (SG11). See https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md
In elasticsearch.log, i can see the below trace,
[2017-06-29T14:55:36,436][INFO ][c.f.s.c.IndexBaseConfigurationRepository] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster
Issue 2:
So the issue 1 is because i have not run sgadmin command. But when i run the sgadmin command as suggested by you in your mail, i get Cannot retrieve cluster state due to: None of the configured nodes are available: [{#transport#-1}{t_vvrQHFTruDXPcUgf3i-Q}{localhost}{127.0.0.1:9300}]. This is not an error, will keep on trying ...
* Try running sgadmin.sh with -icl and -nhnv (If thats works you need to check your clustername as well as hostnames in your SSL certificates)
* If this is not working, try running sgadmin.sh with --diagnose and see diagnose trace log file)
15:00:52.735 [elasticsearch[_client_][transport_client_boss][T#3]] ERROR com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - SSL Problem General SSLEngine problem
javax.net.ssl.SSLHandshakeException: General SSLEngine problem.Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.
Then i ran sgadmin command in diagnose mode. I am attaching the diagnose logs with the mail.
Elasticsearch.yml file changes:searchguard.authcz.admin_dn:
- CN=AAEINBLR02717D
searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks
searchguard.ssl.transport.keystore_password: 36375fb609b4231e4363
searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.transport.truststore_password: 76822cd1a1fe2a1c4b45
Certificates readme file:Passwords:
CA password: bda758dae3227ae72becb830d096d2f2af518bd5
Truststore password: 76822cd1a1fe2a1c4b45
Admin keystore password: d6cc7eda4de8bfc52430
Demouser keystore password: 77e68e3cce628545ccee
Host: AAEINBLR02717D
AAEINBLR02717D keystore password: 36375fb609b4231e4363
searchguard.authcz.admin_dn:
- CN=sgadmin
sgadmin command:sgadmin.bat -cd ..\sgconfig -ts D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks -tspass 76821a1fe2a1c4b45 -ks D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks -kspass 36375fb609b4231e4363 -nhnv --diagnose
Note:I have manually copied the required truststore and keystore files as mentioned in the above paths in the elasticsearch config folder from the main certificate folder which i recieved from searchguard TLS generator link.
Please help me in understanding the issue here.
Regards,
Vinod H Y
On Tue, Jun 27, 2017 at 9:31 PM, SG <in...@search-guard.com> wrote:
> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> > Regards,
> >
> > Vinod H Y
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Regards,
>
> Vinod H Y
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/D10A0A71-8791-408A-AC6A-FBA3D13245CA%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.
vinod hy
Jul 3, 2017, 1:28:44 AM7/3/17
to Search Guard
Please can any one help me here. I am stuck
Ganesh N
Mar 29, 2019, 1:45:03 PM3/29/19
to Search Guard Community Forum
Reply all
Reply to author
Forward
0 new messages