Can I use Search Guard when X pack is enabled?

Is there a way to have Search Guard alongside the ElasticSearch when x.pack and TLS is enabled?

I am setting up the ELK stack in Kubernetes using ECK.

ECK, by default deploys ELK stack with x.pack and TLS. We need to implement log-based alerting and ElasticSearch doesn’t allow setting up connectors unless purchased. At that point, I cam across Search Guard’s Signal feature which pretty much does the same thing. In short, we need only the Signal feature of Search Guard at the moment.

From forums, I read that we can’t disable SSL in it once search guard plugin is installed on ElasticSearch. Is there a way to use existing certificates used by ElasticSearch for search guard as well and have both encryption around ?

Elasticsearch version:
7.13.0

Hello @sharoncr1

To use the Search Guard plugin with Signals you must disable xpack security plug-in.

You can disable SSL for HTTP traffic or keep it enabled and use your existing SSL certificates.
To disable SSL in Elasticsearch, set below in elasticsearch.yml

searchguard.ssl.http.enabled: false

To use your existing Elasticsearch SSL certificates, you can point them in the elasticsearch.yml file.

searchguard.ssl.transport.pemcert_filepath: <node>.pem
searchguard.ssl.transport.pemkey_filepath: <node-key>.pem
searchguard.ssl.transport.pemtrustedcas_filepath: <root-ca>.pem

searchguard.ssl.http.pemcert_filepath: <node>.pem
searchguard.ssl.http.pemkey_filepath: <node-key>.pem
searchguard.ssl.http.pemtrustedcas_filepath: <root-ca>.pem

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.