Logstash configuration to read logs and save it into elasticsearch with search guard.

[prasanna....@gmail.com]

Hi,

I have configured elasticsearch 1.5.2 with search guard plugin. 

I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.

Can some one please let me know what configuration is required from logstash. or from elasticsearch .

Configuration done for search guard in elasticsearch.yml:

searchguard.enabled: true

searchguard.check_for_root: false

searchguard.key_path: C:/Test/searchguard_node.key

searchguard.config_index_name: searchguard

searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: ["admin"]

searchguard.authentication.authorization.settingsdb.roles.manager: ["manager"]

searchguard.flsfilter.names: ["manager"]

searchguard.flsfilter.marketig.source_excludes: ["username","email"]

searchguard.actionrequestfilter.names: ["readonly"]

searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]

searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:data/write*", "indices:admin/template/get"]

Thanks,

Lakshmi.

[prasanna....@gmail.com]

Any Help pls, I am stuck with this issue.

Thanks,

Lakshmi.

[SG]

can you pls. provide the error logs and the acl configuration and your logstash config?

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9b6b1366-cb89-4656-87ee-9702f0665db7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[prasanna....@gmail.com]

Thanks SG, now I am able to store logs from logstash to elasticsearch, However after I logged in with the credentials with http://ipaddress:9200 url, am getting a Runtime Exception.

I have posted a new question for this issue.

Subject of the question: "Authentication popup is not coming in kibana and ElasticSearch"

Configuration in logstash:

output  

{ 

elasticsearch_http { 

host => "10.212.20.93"

user => "admin"

password => "password"  

}

    stdout {codec => "rubydebug"}

}

Thanks for the reply, Thanks a lot

Lakshmi.

[SG]

so this thread is solved?

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a3994f46-cdb4-4177-96cb-cbbf612cdfd3%40googlegroups.com.

[prasanna....@gmail.com]

yes, done.