Monitoring Logstash 6 with Basic License XPack and Search Guard 6

376 views
Skip to first unread message

Adriano Santos

unread,
Jan 11, 2018, 12:48:02 AM1/11/18
to Search Guard Community Forum
I have the following configuration in the logstash.yml but it is not able to authenticate to elastic search url with search guard for monitoring

xpack.monitoring.enabled: true

xpack.monitoring.elasticsearch.url: https://localhost:9201

xpack.monitoring.elasticsearch.username: logstash

xpack.monitoring.elasticsearch.password: logstash


What would be the correct configuration on logstash.yml to be able to monitor logstash and the pipelines in the monitoring tab?

Thanks,
Adriano

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

Jochen Kressin

unread,
Jan 11, 2018, 4:46:42 AM1/11/18
to Search Guard Community Forum
Please follow the X-Pack Monitoring instructions here:


The demo configuration ships with the sg_xp_monitoring role suitable for Monitoring.

Adriano Santos

unread,
Jan 11, 2018, 10:45:50 AM1/11/18
to Search Guard Community Forum
Hi Jochen,

   Thanks for you help.
   At this point I'm using the default configuration to test my environment.
   What should I use in the:

ssl:
   truststore.path: esnode.pem 
      truststore.password: change-it 

This is what I have on search guard configuration:

######## Start Search Guard Demo Configuration ########

# WARNING: revise all the lines below before you go into production

searchguard.ssl.transport.pemcert_filepath: esnode.pem

searchguard.ssl.transport.pemkey_filepath: esnode-key.pem

searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true

searchguard.ssl.http.pemcert_filepath: esnode.pem

searchguard.ssl.http.pemkey_filepath: esnode-key.pem

searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem

searchguard.allow_unsafe_democertificates: true

searchguard.allow_default_init_sgindex: true

searchguard.authcz.admin_dn:

  - CN=kirk,OU=client,O=client,L=test, C=de


searchguard.audit.type: internal_elasticsearch

searchguard.enable_snapshot_restore_privilege: true

searchguard.check_snapshot_restore_write_privileges: true

searchguard.restapi.roles_enabled: ["sg_all_access"]

cluster.name: searchguard_demo

network.host: 0.0.0.0

discovery.zen.minimum_master_nodes: 1

node.max_local_storage_nodes: 3

xpack.security.enabled: false

xpack.monitoring.enabled: true

xpack.ml.enabled: false

xpack.graph.enabled: false

xpack.watcher.enabled: false


xpack.monitoring.exporters:

  id1:

    type: http

    host: ["https://127.0.0.1:9201"]

    auth.username: monitor

    auth.password: monitor

    ssl:

      truststore.path: esnode.pem

      truststore.password: changeit


######## End Search Guard Demo Configuration ########


I'm getting the following exception:

Caused by: java.io.IOException: Invalid keystore format

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:?]

at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:?]

at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:?]

at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:?]

at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_92]

at org.elasticsearch.xpack.ssl.CertUtils.trustManager(CertUtils.java:187) ~[?:?]

SG

unread,
Feb 1, 2018, 4:27:37 PM2/1/18
to search...@googlegroups.com
you need to build a java truststore from your pem or use xpack.monitoring.exporters.id1.ssl.certificate_authorities instead of xpack.monitoring.exporters.id1.ssl.truststore.path,
see https://www.elastic.co/guide/en/x-pack/5.2/monitoring-settings.html

I recommend you try xpack.monitoring.exporters.id1.ssl.certificate_authorities: root-ca.pem
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/eccc42ee-0dde-437f-a0c7-ca3e30c5c05c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages