Demo installer : Kibana automatically shutdown.

Hello SG community,

Is it my first message here, I’m new and I try to test SG product to secure my Elastic Stack.

So I’ve got a problem : I did the "Demo installer steps by steps following the documentation (Official doc and Unofficial doc), but when I arrive at the end of the installation, when I restart my Kibana service to see if the login page is ok, my kibana service automatically shutdown.

So I did like that :

1. : Install the Search Guard Plugin to Elasticsearch :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/

[root@lrtstfpe1 elasticsearch]# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3

-> Downloading com.floragunn:search-guard-6:6.3.0-22.3 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  • java.io.FilePermission /proc/sys/net/core/somaxconn read
  • java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
  • java.lang.RuntimePermission accessClassInPackage.sun.misc
  • java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
  • java.lang.RuntimePermission accessClassInPackage.sun.security.x509
  • java.lang.RuntimePermission accessDeclaredMembers
  • java.lang.RuntimePermission accessUserInformation
  • java.lang.RuntimePermission getClassLoader
  • java.lang.RuntimePermission setContextClassLoader
  • java.lang.RuntimePermission shutdownHooks
  • java.lang.reflect.ReflectPermission suppressAccessChecks
  • java.net.NetPermission getNetworkInformation
  • java.net.NetPermission getProxySelector
  • java.net.SocketPermission * connect,accept,resolve
  • java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
  • java.security.SecurityPermission insertProvider.BC
  • java.security.SecurityPermission putProviderProperty.BC
  • java.security.SecurityPermission setProperty.ocsp.enable
  • java.util.PropertyPermission com.sun.security.enableCRLDP write
  • java.util.PropertyPermission es.set.netty.runtime.available.processors write
  • java.util.PropertyPermission java.security.debug write
  • java.util.PropertyPermission java.security.krb5.conf write
  • java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
  • java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
  • java.util.PropertyPermission sun.nio.ch.bugLevel write
  • java.util.PropertyPermission sun.security.krb5.debug write
  • java.util.PropertyPermission sun.security.spnego.debug write
  • javax.security.auth.AuthPermission doAs
  • javax.security.auth.AuthPermission modifyPrivateCredentials
  • javax.security.auth.kerberos.ServicePermission * accept
    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
    for descriptions of what these permissions allow and the associated risks.
    -> Installed search-guard-6

``

2 : Execute the Search Guard demo installation script :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/

[root@lrtstfpe1 tools]# chmod +x install_demo_configuration.sh
[root@lrtstfpe1 tools]# ./install_demo_configuration.sh
Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for ‘sudo’ privileges
Elasticsearch install type: rpm/deb on NAME=“Red Hat Enterprise Linux Server”
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.3.0
Detected Search Guard Version: 6.3.0-22.3
grep: ES_CONF_FILE: Aucun fichier ou dossier de ce type

Success

Execute this script now on all your nodes and then start all nodes

Search Guard will be automatically initialized.

If you like to change the runtime configuration

change the files in …/sgconfig and execute:

sudo “/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh” -cd “/usr/share/elasticsearch/plugins/search-guard-6/sgconfig” -icl -key “/etc/elasticsearch/kirk-key.pem” -cert “/etc/elasticsearch/kirk.pem” -cacert “/etc/elasticsearch/root-ca.pem” -nhnv

or run ./sgadmin_demo.sh

To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

To access your Search Guard secured cluster open https://: and log in with admin/admin.

(Ignore the SSL certificate warning because we installed self-signed demo certificates)

``

[root@lrtstfpe1 tools]# service elasticsearch restart
Restarting elasticsearch (via systemctl): [ **OK ** ]

3 : Testing the SG installation :

Go to : ****https://lrtstfpe1:9200/

Go to : https://lrtstfpe1:9200/_searchguard/authinfo

``

After enter admin admin and auto sign the certificate :

``

Everything ok… then :

[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
[root@lrtstfpe1 tools]# ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Elasticsearch Version: 6.3.0
Search Guard Version: 6.3.0-22.3
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success

5 : Install Search Guard on Kibana :

Add :
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.ssl.verificationMode: none
elasticsearch.url: “https://localhost:9200
on my /etc/elasticsearch/elasticsearch.yml

Test to go to kibana :

Ok, then :

[root@lrtstfpe1 kibana]# bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Attempting to transfer from https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Transferring 2774454 bytes…
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles…
Plugin installation complete

[root@lrtstfpe1 kibana]# service kibana restart
kibana started
[root@lrtstfpe1 kibana]# service kibana status
kibana is running
.
.
(10 seconds later) :
[root@lrtstfpe1 kibana]# service kibana status
kibana is not running

And I’m unable to go to my Kibana page because the service automatically shutdown 10secondes later been up.

Do you know the origin of this issue ?

Thx for help,

Dylan.

In order to investigate we need to see the Kibana logs. Your installation steps seem fine, so there must be going on in Kibana.

BTW - the plugin version you installed is a beta, so it may contain issues. Please use the last stable release, which is 6.3.0-13.

···

On Friday, July 6, 2018 at 3:53:42 PM UTC+2, Dylan Osef wrote:

Hello SG community,

Is it my first message here, I’m new and I try to test SG product to secure my Elastic Stack.

So I’ve got a problem : I did the "Demo installer steps by steps following the documentation (Official doc and Unofficial doc), but when I arrive at the end of the installation, when I restart my Kibana service to see if the login page is ok, my kibana service automatically shutdown.

So I did like that :

1. : Install the Search Guard Plugin to Elasticsearch :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/

[root@lrtstfpe1 elasticsearch]# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3

-> Downloading com.floragunn:search-guard-6:6.3.0-22.3 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  • java.io.FilePermission /proc/sys/net/core/somaxconn read
  • java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
  • java.lang.RuntimePermission accessClassInPackage.sun.misc
  • java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
  • java.lang.RuntimePermission accessClassInPackage.sun.security.x509
  • java.lang.RuntimePermission accessDeclaredMembers
  • java.lang.RuntimePermission accessUserInformation
  • java.lang.RuntimePermission getClassLoader
  • java.lang.RuntimePermission setContextClassLoader
  • java.lang.RuntimePermission shutdownHooks
  • java.lang.reflect.ReflectPermission suppressAccessChecks
  • java.net.NetPermission getNetworkInformation
  • java.net.NetPermission getProxySelector
  • java.net.SocketPermission * connect,accept,resolve
  • java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
  • java.security.SecurityPermission insertProvider.BC
  • java.security.SecurityPermission putProviderProperty.BC
  • java.security.SecurityPermission setProperty.ocsp.enable
  • java.util.PropertyPermission com.sun.security.enableCRLDP write
  • java.util.PropertyPermission es.set.netty.runtime.available.processors write
  • java.util.PropertyPermission java.security.debug write
  • java.util.PropertyPermission java.security.krb5.conf write
  • java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
  • java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
  • java.util.PropertyPermission sun.nio.ch.bugLevel write
  • java.util.PropertyPermission sun.security.krb5.debug write
  • java.util.PropertyPermission sun.security.spnego.debug write
  • javax.security.auth.AuthPermission doAs
  • javax.security.auth.AuthPermission modifyPrivateCredentials
  • javax.security.auth.kerberos.ServicePermission * accept
    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
    for descriptions of what these permissions allow and the associated risks.
    -> Installed search-guard-6

``

2 : Execute the Search Guard demo installation script :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/

Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for ‘sudo’ privileges
Elasticsearch install type: rpm/deb on NAME=“Red Hat Enterprise Linux Server”
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.3.0
Detected Search Guard Version: 6.3.0-22.3
grep: ES_CONF_FILE: Aucun fichier ou dossier de ce type

Success

Execute this script now on all your nodes and then start all nodes

Search Guard will be automatically initialized.

If you like to change the runtime configuration

change the files in …/sgconfig and execute:

sudo “/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh” -cd “/usr/share/elasticsearch/plugins/search-guard-6/sgconfig” -icl -key “/etc/elasticsearch/kirk-key.pem” -cert “/etc/elasticsearch/kirk.pem” -cacert “/etc/elasticsearch/root-ca.pem” -nhnv

or run ./sgadmin_demo.sh

To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

To access your Search Guard secured cluster open https://: and log in with admin/admin.

(Ignore the SSL certificate warning because we installed self-signed demo certificates)

``

[root@lrtstfpe1 tools]# chmod +x install_demo_configuration.sh
[root@lrtstfpe1 tools]# ./install_demo_configuration.sh

[root@lrtstfpe1 tools]# service elasticsearch restart
Restarting elasticsearch (via systemctl): [ **OK ** ]

3 : Testing the SG installation :

Go to : ****[https://lrtstfpe1:9200/](https://lrtstfpe1:9200/)

Go to : [https://lrtstfpe1:9200/_searchguard/authinfo](https://lrtstfpe1:9200/_searchguard/authinfo)

``

After enter admin admin and auto sign the certificate :

``

Everything ok… then :

[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
[root@lrtstfpe1 tools]# ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Elasticsearch Version: 6.3.0
Search Guard Version: 6.3.0-22.3
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success

5 : Install Search Guard on Kibana :

Add :
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.ssl.verificationMode: none
elasticsearch.url: “https://localhost:9200
on my /etc/elasticsearch/elasticsearch.yml

Test to go to kibana :

Ok, then :

[root@lrtstfpe1 kibana]# bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Attempting to transfer from https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Transferring 2774454 bytes…
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles…
Plugin installation complete

[root@lrtstfpe1 kibana]# service kibana restart
kibana started
[root@lrtstfpe1 kibana]# service kibana status
kibana is running
.
.
(10 seconds later) :
[root@lrtstfpe1 kibana]# service kibana status
kibana is not running

And I’m unable to go to my Kibana page because the service automatically shutdown 10secondes later been up.

Do you know the origin of this issue ?

Thx for help,

Dylan.

Hey @Jochen Kressin,

Thanks for you answer, I just did the same installation process but with the 6.3.0-13 version of SG Kibana Plugin and … same result, Kibana stops working 10 seconds after restarting the service at the end of the installation …

I did an installation script of SearchGuard with debug message :

#!/bin/bash

#step 0
echo “################## STOP ELASTICSEARCH ##################”
echo “################## STOP ELASTICSEARCH ##################” >> /var/log/kibana/kibana.stdout
service elasticsearch stop
echo “################## STOP KIBANA ##################”
echo “################## STOP KIBANA ##################” >> /var/log/kibana/kibana.stdout
service kibana stop

#step 1
echo “################## Install the Search Guard Plugin to Elasticsearch ##################”
echo “Install the Search Guard Plugin to Elasticsearch” >> /var/log/kibana/kibana.stdout
cd /usr/share/elasticsearch/
bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3
echo “################## END OF Install the Search Guard Plugin to Elasticsearch ##################”
echo “END OF Install the Search Guard Plugin to Elasticsearch” >> /var/log/kibana/kibana.stdout

#step 2
echo “################## Execute the demo installation script ##################”
echo “Execute the demo installation script” >> /var/log/kibana/kibana.stdout
cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
chmod +x install_demo_configuration.sh
./install_demo_configuration.sh
echo "################## END OF Execute the demo installation script ################## "
echo “END OF Execute the demo installation script” >> /var/log/kibana/kibana.stdout

echo “################## Applying configuration changes ##################”
echo “Applying configuration changes” >> /var/log/kibana/kibana.stdout
cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
./sgadmin_demo.sh
echo “################## END OF Applying configuration changes ##################”
echo “END OF Applying configuration changes” >> /var/log/kibana/kibana.stdout

#step 3
echo “################## Install Search Guard on Kibana ##################”
echo “Install Search Guard on Kibana” >> /var/log/kibana/kibana.stdout
cd /usr/share/kibana/
bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-13/search-guard-kibana-plugin-6.3.0-13.zip
echo “##################END OF Install Search Guard on Kibana ##################”
echo “END OF Install Search Guard on Kibana” >> /var/log/kibana/kibana.stdout

#step 4
echo “################## Add the Search Guard Kibana configuration ##################”
echo “Add the Search Guard Kibana configuration” >> /var/log/kibana/kibana.stdout
echo "elasticsearch.url: “https://localhost:9200"” >> /etc/kibana/kibana.yml
echo “elasticsearch.username: “kibanaserver”” >> /etc/kibana/kibana.yml
echo “elasticsearch.password: “kibanaserver”” >> /etc/kibana/kibana.yml
echo “elasticsearch.ssl.verificationMode: none” >> /etc/kibana/kibana.yml
echo “elasticsearch.requestHeadersWhitelist: [ “Authorization”, “sgtenant” ]” >> /etc/kibana/kibana.yml
echo “################## END OF Add the Search Guard Kibana configuration ##################”
echo “END OF Add the Search Guard Kibana configuration” >> /var/log/kibana/kibana.stdout
sed -e ‘/^*#/d’ -e ‘/^$/d’ /etc/kibana/kibana.yml

#step 5
echo “################## START ELASTICSEARCH ##################”
service elasticsearch start
sleep 15
echo “################## START KIBANA ##################”
service kibana start

``

AND next to that, I seen an error message in my kibana.yml, this is the log :

{“type”:“log”,"@timestamp":“2018-07-09T07:48:33Z”,“tags”:[“status”,“plugin:kibana@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:license_management@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:timelion@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:monitoring@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:security@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“security”,“warning”],“pid”:9540,“message”:“Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“security”,“warning”],“pid”:9540,“message”:“Session cookies will be transmitted over insecure connections. This is not recommended.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:dashboard_mode@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:apm@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:console@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:console_extensions@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:metrics@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:35Z”,“tags”:[“reporting”,“warning”],“pid”:9540,“message”:“Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:35Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:35Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“license”,“info”,“xpack”],“pid”:9540,“message”:“Imported license information from Elasticsearch for the [data] cluster: mode: basic | status: active”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:security@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“info”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Starting all Kibana monitoring collectors”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“license”,“info”,“xpack”],“pid”:9540,“message”:“Imported license information from Elasticsearch for the [monitoring] cluster: mode: basic | status: active”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:50Z”,“tags”:[“listening”,“info”],“pid”:9540,“message”:“Server running at http://lrtstfpe1:5601”}
################## STOP ELASTICSEARCH ##################
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nPOST http://localhost:9200/.kibana/_search?ignore_unavailable=true&filter_path=aggregations.types.buckets => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nGET http://localhost:9200/.kibana/doc/config%3A6.3.0 => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nPOST http://localhost:9200/.reporting-*/_search?filter_path=hits.total%2Caggregations.jobTypes.buckets%2Caggregations.objectTypes.buckets%2Caggregations.layoutTypes.buckets%2Caggregations.statusTypes.buckets => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“error”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“level”:“error”,“error”:{“message”:“No Living connections”,“name”:“Error”,“stack”:“Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:225:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:213:7)\n at _combinedTickCallback (internal/process/next_tick.js:131:7)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Unable to fetch data from kibana collector”}
{“type”:“error”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“level”:“error”,“error”:{“message”:“No Living connections”,“name”:“Error”,“stack”:“Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:225:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:213:7)\n at _combinedTickCallback (internal/process/next_tick.js:131:7)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Unable to fetch data from reporting_stats collector”}
{“type”:“error”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“level”:“error”,“error”:{“message”:“No Living connections”,“name”:“Error”,“stack”:“Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:225:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:213:7)\n at _combinedTickCallback (internal/process/next_tick.js:131:7)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Unable to fetch data from kibana_settings collector”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nPOST http://localhost:9200/_xpack/monitoring/_bulk?system_id=kibana&system_api_version=6&interval=10000ms => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“monitoring-ui”],“pid”:9540,“message”:“Request error, retrying\nGET http://localhost:9200/_xpack => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“monitoring-ui”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“monitoring-ui”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“license”,“warning”,“xpack”],“pid”:9540,“message”:“License information from the X-Pack plugin could not be obtained from Elasticsearch for the [monitoring] cluster. Error: No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:security@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“info”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Stopping all Kibana monitoring collectors”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“data”],“pid”:9540,“message”:“Request error, retrying\nGET http://localhost:9200/_xpack => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“data”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“data”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“license”,“warning”,“xpack”],“pid”:9540,“message”:“License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. Error: No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:security@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
################## STOP KIBANA ##################
Install the Search Guard Plugin to Elasticsearch
END OF Install the Search Guard Plugin to Elasticsearch
Execute the demo installation script
END OF Execute the demo installation script
Applying configuration changes
END OF Applying configuration changes
Install Search Guard on Kibana
END OF Install Search Guard on Kibana
Add the Search Guard Kibana configuration
END OF Add the Search Guard Kibana configuration
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:kibana@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:license_management@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:timelion@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:monitoring@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:security@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“security”,“warning”],“pid”:10589,“message”:“Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“security”,“warning”],“pid”:10589,“message”:“Session cookies will be transmitted over insecure connections. This is not recommended.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:dashboard_mode@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:apm@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:console@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:console_extensions@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“error”,"@timestamp":“2018-07-09T07:53:45Z”,“tags”:[“fatal”],“pid”:10589,“level”:“fatal”,“error”:{“message”:“Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601”,“name”:“Error”,“stack”:"Error: Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601\n at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:740:11)\n at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:287:26)\n at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)\n at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)\n at module.exports.internals.Plugin.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)\n at Plugin.init [as externalInit] (/usr/share/kibana/plugins/searchguard/index.js:145:24)\n at asyncRegister (/usr/share/kibana/src/server/plugins/lib/plugin.js:72:20)\n at Object.register (/usr/share/kibana/src/server/plugins/lib/plugin.js:77:7)\n at Object.target [as register] (/usr/share/kibana/node_modules/hapi/node_modules/joi/lib/object.js:77:34)\n at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:317:14)\n at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)\n at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)\n at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)\n at Promise (/usr/share/kibana/node_modules/hapi/lib/promises.js:24:16)\n at new Promise ()\n at Object.exports.wrap (/usr/share/kibana/node_modules/hapi/lib/promises.js:13:12)\n at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:164:25)\n at Plugin.init (/usr/share/kibana/src/server/plugins/lib/plugin.js:82:28)\n at Plugin.init (/usr/share/kibana/node_modules/lodash/index.js:7363:25)\n at callPluginHook (/usr/share/kibana/src/server/plugins/lib/call_plugin_hook.js:37:25)\n at "},“message”:“Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601”}

``

The error more accurate in /var/log/kibana.sterr :

FATAL Error: Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601
at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:740:11)
at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:287:26)
at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)
at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)
at module.exports.internals.Plugin.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)
at Plugin.init [as externalInit] (/usr/share/kibana/plugins/searchguard/index.js:145:24)
at asyncRegister (/usr/share/kibana/src/server/plugins/lib/plugin.js:72:20)
at Object.register (/usr/share/kibana/src/server/plugins/lib/plugin.js:77:7)
at Object.target [as register] (/usr/share/kibana/node_modules/hapi/node_modules/joi/lib/object.js:77:34)
at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:317:14)
at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)
at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)
at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)
at Promise (/usr/share/kibana/node_modules/hapi/lib/promises.js:24:16)
at new Promise ()
at Object.exports.wrap (/usr/share/kibana/node_modules/hapi/lib/promises.js:13:12)
at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:164:25)
at Plugin.init (/usr/share/kibana/src/server/plugins/lib/plugin.js:82:28)
at Plugin.init (/usr/share/kibana/node_modules/lodash/index.js:7363:25)
at callPluginHook (/usr/share/kibana/src/server/plugins/lib/call_plugin_hook.js:37:25)
at

``

Do you know the cause of this issue ?

···

Le vendredi 6 juillet 2018 16:15:28 UTC+2, Jochen Kressin a écrit :

In order to investigate we need to see the Kibana logs. Your installation steps seem fine, so there must be going on in Kibana.

BTW - the plugin version you installed is a beta, so it may contain issues. Please use the last stable release, which is 6.3.0-13.

On Friday, July 6, 2018 at 3:53:42 PM UTC+2, Dylan Osef wrote:

Hello SG community,

Is it my first message here, I’m new and I try to test SG product to secure my Elastic Stack.

So I’ve got a problem : I did the "Demo installer steps by steps following the documentation (Official doc and Unofficial doc), but when I arrive at the end of the installation, when I restart my Kibana service to see if the login page is ok, my kibana service automatically shutdown.

So I did like that :

1. : Install the Search Guard Plugin to Elasticsearch :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/

[root@lrtstfpe1 elasticsearch]# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3

-> Downloading com.floragunn:search-guard-6:6.3.0-22.3 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  • java.io.FilePermission /proc/sys/net/core/somaxconn read
  • java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
  • java.lang.RuntimePermission accessClassInPackage.sun.misc
  • java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
  • java.lang.RuntimePermission accessClassInPackage.sun.security.x509
  • java.lang.RuntimePermission accessDeclaredMembers
  • java.lang.RuntimePermission accessUserInformation
  • java.lang.RuntimePermission getClassLoader
  • java.lang.RuntimePermission setContextClassLoader
  • java.lang.RuntimePermission shutdownHooks
  • java.lang.reflect.ReflectPermission suppressAccessChecks
  • java.net.NetPermission getNetworkInformation
  • java.net.NetPermission getProxySelector
  • java.net.SocketPermission * connect,accept,resolve
  • java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
  • java.security.SecurityPermission insertProvider.BC
  • java.security.SecurityPermission putProviderProperty.BC
  • java.security.SecurityPermission setProperty.ocsp.enable
  • java.util.PropertyPermission com.sun.security.enableCRLDP write
  • java.util.PropertyPermission es.set.netty.runtime.available.processors write
  • java.util.PropertyPermission java.security.debug write
  • java.util.PropertyPermission java.security.krb5.conf write
  • java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
  • java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
  • java.util.PropertyPermission sun.nio.ch.bugLevel write
  • java.util.PropertyPermission sun.security.krb5.debug write
  • java.util.PropertyPermission sun.security.spnego.debug write
  • javax.security.auth.AuthPermission doAs
  • javax.security.auth.AuthPermission modifyPrivateCredentials
  • javax.security.auth.kerberos.ServicePermission * accept
    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
    for descriptions of what these permissions allow and the associated risks.
    -> Installed search-guard-6

``

2 : Execute the Search Guard demo installation script :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/

Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for ‘sudo’ privileges
Elasticsearch install type: rpm/deb on NAME=“Red Hat Enterprise Linux Server”
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.3.0
Detected Search Guard Version: 6.3.0-22.3
grep: ES_CONF_FILE: Aucun fichier ou dossier de ce type

Success

Execute this script now on all your nodes and then start all nodes

Search Guard will be automatically initialized.

If you like to change the runtime configuration

change the files in …/sgconfig and execute:

sudo “/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh” -cd “/usr/share/elasticsearch/plugins/search-guard-6/sgconfig” -icl -key “/etc/elasticsearch/kirk-key.pem” -cert “/etc/elasticsearch/kirk.pem” -cacert “/etc/elasticsearch/root-ca.pem” -nhnv

or run ./sgadmin_demo.sh

To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

To access your Search Guard secured cluster open https://: and log in with admin/admin.

(Ignore the SSL certificate warning because we installed self-signed demo certificates)

``

[root@lrtstfpe1 tools]# chmod +x install_demo_configuration.sh
[root@lrtstfpe1 tools]# ./install_demo_configuration.sh

[root@lrtstfpe1 tools]# service elasticsearch restart
Restarting elasticsearch (via systemctl): [ **OK ** ]

3 : Testing the SG installation :

Go to : ****[https://lrtstfpe1:9200/](https://lrtstfpe1:9200/)

Go to : [https://lrtstfpe1:9200/_searchguard/authinfo](https://lrtstfpe1:9200/_searchguard/authinfo)

``

After enter admin admin and auto sign the certificate :

``

Everything ok… then :

[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
[root@lrtstfpe1 tools]# ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Elasticsearch Version: 6.3.0
Search Guard Version: 6.3.0-22.3
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success

5 : Install Search Guard on Kibana :

Add :
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.ssl.verificationMode: none
elasticsearch.url: “https://localhost:9200
on my /etc/elasticsearch/elasticsearch.yml

Test to go to kibana :

Ok, then :

[root@lrtstfpe1 kibana]# bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Attempting to transfer from <a href=“https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip” target="_blank" rel=“nofollow” onmousedown=“this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fsearch.maven.org%2Fremotecontent%3Ffilepath%3Dcom%2Ffloragunn%2Fsearch-guard-kibana-plugin%2F6.3.0-14-beta-1%2Fsearch-guard-kibana-plugin-6.3.0-14-beta-1.zip\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHvQ4JcWctjUFWXUB73qqiYtolL0Q’;return true;” onclick="this.href=’[https://www.google.com/url?q\x3dhttps%3A%2F%2Fsearch.maven.org%2Fremotecontent%3Ffilepath%3Dcom%2Ffloragunn%2Fsearch-guard-kibana-plugin%2F6.3.0-14-beta-1%2Fsearch-guard-kibana-plugin-6.3.0-14-beta-1.zip](https://www.google.com/url?q\x3dhttps%3A%2F%2Fsearch.maven.org%2Fremotecontent%3Ffilepath%3Dcom%2Ffloragunn%2Fsearch-guard-kibana-plugin%2F6.3.0-14-beta-1%2Fsearch-guard-kibana-plugin-6.3.0-14-beta-1.zip\)

I found my issue in the documentation :

I add

xpack.security.enabled: false

And now it works as expected.

But the log page is not in https, is it normal ? How to do to have an https login kibana page ?

Thx for answer

···

Le lundi 9 juillet 2018 10:02:16 UTC+2, Dylan Osef a écrit :

Hey @Jochen Kressin,

Thanks for you answer, I just did the same installation process but with the 6.3.0-13 version of SG Kibana Plugin and … same result, Kibana stops working 10 seconds after restarting the service at the end of the installation …

I did an installation script of SearchGuard with debug message :

#!/bin/bash

#step 0
echo “################## STOP ELASTICSEARCH ##################”
echo “################## STOP ELASTICSEARCH ##################” >> /var/log/kibana/kibana.stdout
service elasticsearch stop
echo “################## STOP KIBANA ##################”
echo “################## STOP KIBANA ##################” >> /var/log/kibana/kibana.stdout
service kibana stop

#step 1
echo “################## Install the Search Guard Plugin to Elasticsearch ##################”
echo “Install the Search Guard Plugin to Elasticsearch” >> /var/log/kibana/kibana.stdout
cd /usr/share/elasticsearch/
bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3
echo “################## END OF Install the Search Guard Plugin to Elasticsearch ##################”
echo “END OF Install the Search Guard Plugin to Elasticsearch” >> /var/log/kibana/kibana.stdout

#step 2
echo “################## Execute the demo installation script ##################”
echo “Execute the demo installation script” >> /var/log/kibana/kibana.stdout
cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
chmod +x install_demo_configuration.sh
./install_demo_configuration.sh
echo "################## END OF Execute the demo installation script ################## "
echo “END OF Execute the demo installation script” >> /var/log/kibana/kibana.stdout

echo “################## Applying configuration changes ##################”
echo “Applying configuration changes” >> /var/log/kibana/kibana.stdout
cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
./sgadmin_demo.sh
echo “################## END OF Applying configuration changes ##################”
echo “END OF Applying configuration changes” >> /var/log/kibana/kibana.stdout

#step 3
echo “################## Install Search Guard on Kibana ##################”
echo “Install Search Guard on Kibana” >> /var/log/kibana/kibana.stdout
cd /usr/share/kibana/
bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-13/search-guard-kibana-plugin-6.3.0-13.zip
echo “##################END OF Install Search Guard on Kibana ##################”
echo “END OF Install Search Guard on Kibana” >> /var/log/kibana/kibana.stdout

#step 4
echo “################## Add the Search Guard Kibana configuration ##################”
echo “Add the Search Guard Kibana configuration” >> /var/log/kibana/kibana.stdout
echo "elasticsearch.url: “https://localhost:9200"” >> /etc/kibana/kibana.yml
echo “elasticsearch.username: “kibanaserver”” >> /etc/kibana/kibana.yml
echo “elasticsearch.password: “kibanaserver”” >> /etc/kibana/kibana.yml
echo “elasticsearch.ssl.verificationMode: none” >> /etc/kibana/kibana.yml
echo “elasticsearch.requestHeadersWhitelist: [ “Authorization”, “sgtenant” ]” >> /etc/kibana/kibana.yml
echo “################## END OF Add the Search Guard Kibana configuration ##################”
echo “END OF Add the Search Guard Kibana configuration” >> /var/log/kibana/kibana.stdout
sed -e ‘/^*#/d’ -e ‘/^$/d’ /etc/kibana/kibana.yml

#step 5
echo “################## START ELASTICSEARCH ##################”
service elasticsearch start
sleep 15
echo “################## START KIBANA ##################”
service kibana start

``

AND next to that, I seen an error message in my kibana.yml, this is the log :

{“type”:“log”,"@timestamp":“2018-07-09T07:48:33Z”,“tags”:[“status”,“plugin:kibana@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:license_management@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:timelion@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:monitoring@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:security@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“security”,“warning”],“pid”:9540,“message”:“Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“security”,“warning”],“pid”:9540,“message”:“Session cookies will be transmitted over insecure connections. This is not recommended.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:dashboard_mode@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:apm@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:console@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:console_extensions@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:34Z”,“tags”:[“status”,“plugin:metrics@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:35Z”,“tags”:[“reporting”,“warning”],“pid”:9540,“message”:“Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:35Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“info”],“pid”:9540,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:35Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“license”,“info”,“xpack”],“pid”:9540,“message”:“Imported license information from Elasticsearch for the [data] cluster: mode: basic | status: active”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:security@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“info”],“pid”:9540,“state”:“green”,“message”:“Status changed from yellow to green - Ready”,“prevState”:“yellow”,“prevMsg”:“Waiting for Elasticsearch”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“info”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Starting all Kibana monitoring collectors”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:36Z”,“tags”:[“license”,“info”,“xpack”],“pid”:9540,“message”:“Imported license information from Elasticsearch for the [monitoring] cluster: mode: basic | status: active”}
{“type”:“log”,"@timestamp":“2018-07-09T07:48:50Z”,“tags”:[“listening”,“info”],“pid”:9540,“message”:“Server running at http://lrtstfpe1:5601”}
################## STOP ELASTICSEARCH ##################
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nPOST http://localhost:9200/.kibana/_search?ignore_unavailable=true&filter_path=aggregations.types.buckets => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nGET http://localhost:9200/.kibana/doc/config%3A6.3.0 => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nPOST http://localhost:9200/.reporting-*/_search?filter_path=hits.total%2Caggregations.jobTypes.buckets%2Caggregations.objectTypes.buckets%2Caggregations.layoutTypes.buckets%2Caggregations.statusTypes.buckets => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“error”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“level”:“error”,“error”:{“message”:“No Living connections”,“name”:“Error”,“stack”:“Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:225:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:213:7)\n at _combinedTickCallback (internal/process/next_tick.js:131:7)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Unable to fetch data from kibana collector”}
{“type”:“error”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“level”:“error”,“error”:{“message”:“No Living connections”,“name”:“Error”,“stack”:“Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:225:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:213:7)\n at _combinedTickCallback (internal/process/next_tick.js:131:7)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Unable to fetch data from reporting_stats collector”}
{“type”:“error”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“level”:“error”,“error”:{“message”:“No Living connections”,“name”:“Error”,“stack”:“Error: No Living connections\n at sendReqWithConnection (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:225:15)\n at next (/usr/share/kibana/node_modules/elasticsearch/src/lib/connection_pool.js:213:7)\n at _combinedTickCallback (internal/process/next_tick.js:131:7)\n at process._tickCallback (internal/process/next_tick.js:180:9)”},“message”:“No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Unable to fetch data from kibana_settings collector”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Request error, retrying\nPOST http://localhost:9200/_xpack/monitoring/_bulk?system_id=kibana&system_api_version=6&interval=10000ms => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“monitoring-ui”],“pid”:9540,“message”:“Request error, retrying\nGET http://localhost:9200/_xpack => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“monitoring-ui”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“monitoring-ui”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“license”,“warning”,“xpack”],“pid”:9540,“message”:“License information from the X-Pack plugin could not be obtained from Elasticsearch for the [monitoring] cluster. Error: No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“admin”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:security@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“info”,“monitoring-ui”,“kibana-monitoring”],“pid”:9540,“message”:“Stopping all Kibana monitoring collectors”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from green to red - Unable to connect to Elasticsearch at http://localhost:9200.”,“prevState”:“green”,“prevMsg”:“Ready”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“error”,“elasticsearch”,“data”],“pid”:9540,“message”:“Request error, retrying\nGET http://localhost:9200/_xpack => connect ECONNREFUSED 127.0.0.1:9200”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“data”],“pid”:9540,“message”:“Unable to revive connection: http://localhost:9200/”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“warning”,“elasticsearch”,“data”],“pid”:9540,“message”:“No living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“license”,“warning”,“xpack”],“pid”:9540,“message”:“License information from the X-Pack plugin could not be obtained from Elasticsearch for the [data] cluster. Error: No Living connections”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:security@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:49:06Z”,“tags”:[“status”,“plugin:reporting@6.3.0”,“error”],“pid”:9540,“state”:“red”,“message”:“Status changed from red to red - No Living connections”,“prevState”:“red”,“prevMsg”:“Unable to connect to Elasticsearch at http://localhost:9200.”}
################## STOP KIBANA ##################
Install the Search Guard Plugin to Elasticsearch
END OF Install the Search Guard Plugin to Elasticsearch
Execute the demo installation script
END OF Execute the demo installation script
Applying configuration changes
END OF Applying configuration changes
Install Search Guard on Kibana
END OF Install Search Guard on Kibana
Add the Search Guard Kibana configuration
END OF Add the Search Guard Kibana configuration
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:kibana@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:elasticsearch@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:xpack_main@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:searchprofiler@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:ml@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:tilemap@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:watcher@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:license_management@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:index_management@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:timelion@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:graph@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:monitoring@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:security@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“security”,“warning”],“pid”:10589,“message”:“Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“security”,“warning”],“pid”:10589,“message”:“Session cookies will be transmitted over insecure connections. This is not recommended.”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:grokdebugger@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:dashboard_mode@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:logstash@6.3.0”,“info”],“pid”:10589,“state”:“yellow”,“message”:“Status changed from uninitialized to yellow - Waiting for Elasticsearch”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:apm@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:console@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“log”,"@timestamp":“2018-07-09T07:53:44Z”,“tags”:[“status”,“plugin:console_extensions@6.3.0”,“info”],“pid”:10589,“state”:“green”,“message”:“Status changed from uninitialized to green - Ready”,“prevState”:“uninitialized”,“prevMsg”:“uninitialized”}
{“type”:“error”,"@timestamp":“2018-07-09T07:53:45Z”,“tags”:[“fatal”],“pid”:10589,“level”:“fatal”,“error”:{“message”:“Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601”,“name”:“Error”,“stack”:"Error: Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601\n at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:740:11)\n at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:287:26)\n at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)\n at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)\n at module.exports.internals.Plugin.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)\n at Plugin.init [as externalInit] (/usr/share/kibana/plugins/searchguard/index.js:145:24)\n at asyncRegister (/usr/share/kibana/src/server/plugins/lib/plugin.js:72:20)\n at Object.register (/usr/share/kibana/src/server/plugins/lib/plugin.js:77:7)\n at Object.target [as register] (/usr/share/kibana/node_modules/hapi/node_modules/joi/lib/object.js:77:34)\n at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:317:14)\n at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)\n at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)\n at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)\n at Promise (/usr/share/kibana/node_modules/hapi/lib/promises.js:24:16)\n at new Promise ()\n at Object.exports.wrap (/usr/share/kibana/node_modules/hapi/lib/promises.js:13:12)\n at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:164:25)\n at Plugin.init (/usr/share/kibana/src/server/plugins/lib/plugin.js:82:28)\n at Plugin.init (/usr/share/kibana/node_modules/lodash/index.js:7363:25)\n at callPluginHook (/usr/share/kibana/src/server/plugins/lib/call_plugin_hook.js:37:25)\n at "},“message”:“Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601”}

``

The error more accurate in /var/log/kibana.sterr :

FATAL Error: Plugin hapi-auth-cookie already registered in: http://lrtstfpe1:5601
at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:740:11)
at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:287:26)
at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)
at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)
at module.exports.internals.Plugin.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)
at Plugin.init [as externalInit] (/usr/share/kibana/plugins/searchguard/index.js:145:24)
at asyncRegister (/usr/share/kibana/src/server/plugins/lib/plugin.js:72:20)
at Object.register (/usr/share/kibana/src/server/plugins/lib/plugin.js:77:7)
at Object.target [as register] (/usr/share/kibana/node_modules/hapi/node_modules/joi/lib/object.js:77:34)
at each (/usr/share/kibana/node_modules/hapi/lib/plugin.js:317:14)
at iterate (/usr/share/kibana/node_modules/items/lib/index.js:36:13)
at Object.exports.serial (/usr/share/kibana/node_modules/items/lib/index.js:39:9)
at module.exports.internals.Server.internals.Plugin.register (/usr/share/kibana/node_modules/hapi/lib/plugin.js:320:11)
at Promise (/usr/

``

So I mean, How to add SSL config in Kibana Login page.

I would like to use internal users but to secure connection with SSL.

···

Le vendredi 6 juillet 2018 15:53:42 UTC+2, Dylan Osef a écrit :

Hello SG community,

Is it my first message here, I’m new and I try to test SG product to secure my Elastic Stack.

So I’ve got a problem : I did the "Demo installer steps by steps following the documentation (Official doc and Unofficial doc), but when I arrive at the end of the installation, when I restart my Kibana service to see if the login page is ok, my kibana service automatically shutdown.

So I did like that :

1. : Install the Search Guard Plugin to Elasticsearch :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/

[root@lrtstfpe1 elasticsearch]# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3

-> Downloading com.floragunn:search-guard-6:6.3.0-22.3 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  • java.io.FilePermission /proc/sys/net/core/somaxconn read
  • java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
  • java.lang.RuntimePermission accessClassInPackage.sun.misc
  • java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
  • java.lang.RuntimePermission accessClassInPackage.sun.security.x509
  • java.lang.RuntimePermission accessDeclaredMembers
  • java.lang.RuntimePermission accessUserInformation
  • java.lang.RuntimePermission getClassLoader
  • java.lang.RuntimePermission setContextClassLoader
  • java.lang.RuntimePermission shutdownHooks
  • java.lang.reflect.ReflectPermission suppressAccessChecks
  • java.net.NetPermission getNetworkInformation
  • java.net.NetPermission getProxySelector
  • java.net.SocketPermission * connect,accept,resolve
  • java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
  • java.security.SecurityPermission insertProvider.BC
  • java.security.SecurityPermission putProviderProperty.BC
  • java.security.SecurityPermission setProperty.ocsp.enable
  • java.util.PropertyPermission com.sun.security.enableCRLDP write
  • java.util.PropertyPermission es.set.netty.runtime.available.processors write
  • java.util.PropertyPermission java.security.debug write
  • java.util.PropertyPermission java.security.krb5.conf write
  • java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
  • java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
  • java.util.PropertyPermission sun.nio.ch.bugLevel write
  • java.util.PropertyPermission sun.security.krb5.debug write
  • java.util.PropertyPermission sun.security.spnego.debug write
  • javax.security.auth.AuthPermission doAs
  • javax.security.auth.AuthPermission modifyPrivateCredentials
  • javax.security.auth.kerberos.ServicePermission * accept
    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
    for descriptions of what these permissions allow and the associated risks.
    -> Installed search-guard-6

``

2 : Execute the Search Guard demo installation script :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/

Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for ‘sudo’ privileges
Elasticsearch install type: rpm/deb on NAME=“Red Hat Enterprise Linux Server”
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.3.0
Detected Search Guard Version: 6.3.0-22.3
grep: ES_CONF_FILE: Aucun fichier ou dossier de ce type

Success

Execute this script now on all your nodes and then start all nodes

Search Guard will be automatically initialized.

If you like to change the runtime configuration

change the files in …/sgconfig and execute:

sudo “/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh” -cd “/usr/share/elasticsearch/plugins/search-guard-6/sgconfig” -icl -key “/etc/elasticsearch/kirk-key.pem” -cert “/etc/elasticsearch/kirk.pem” -cacert “/etc/elasticsearch/root-ca.pem” -nhnv

or run ./sgadmin_demo.sh

To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

To access your Search Guard secured cluster open https://: and log in with admin/admin.

(Ignore the SSL certificate warning because we installed self-signed demo certificates)

``

[root@lrtstfpe1 tools]# chmod +x install_demo_configuration.sh
[root@lrtstfpe1 tools]# ./install_demo_configuration.sh

[root@lrtstfpe1 tools]# service elasticsearch restart
Restarting elasticsearch (via systemctl): [ **OK ** ]

3 : Testing the SG installation :

Go to : ****[https://lrtstfpe1:9200/](https://lrtstfpe1:9200/)

Go to : [https://lrtstfpe1:9200/_searchguard/authinfo](https://lrtstfpe1:9200/_searchguard/authinfo)

``

After enter admin admin and auto sign the certificate :

``

Everything ok… then :

[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
[root@lrtstfpe1 tools]# ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Elasticsearch Version: 6.3.0
Search Guard Version: 6.3.0-22.3
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success

5 : Install Search Guard on Kibana :

Add :
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.ssl.verificationMode: none
elasticsearch.url: “https://localhost:9200
on my /etc/elasticsearch/elasticsearch.yml

Test to go to kibana :

Ok, then :

[root@lrtstfpe1 kibana]# bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Attempting to transfer from https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Transferring 2774454 bytes…
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles…
Plugin installation complete

[root@lrtstfpe1 kibana]# service kibana restart
kibana started
[root@lrtstfpe1 kibana]# service kibana status
kibana is running
.
.
(10 seconds later) :
[root@lrtstfpe1 kibana]# service kibana status
kibana is not running

And I’m unable to go to my Kibana page because the service automatically shutdown 10secondes later been up.

Do you know the origin of this issue ?

Thx for help,

Dylan.

Just follow the setup instructions from the Kibana docs:

https://www.elastic.co/guide/en/kibana/current/configuring-tls.html

You merely need to switch SSL on and provide your certificate and key.

···

On Monday, July 9, 2018 at 11:08:24 AM UTC+2, Dylan Osef wrote:

So I mean, How to add SSL config in Kibana Login page.

I would like to use internal users but to secure connection with SSL.

Le vendredi 6 juillet 2018 15:53:42 UTC+2, Dylan Osef a écrit :

Hello SG community,

Is it my first message here, I’m new and I try to test SG product to secure my Elastic Stack.

So I’ve got a problem : I did the "Demo installer steps by steps following the documentation (Official doc and Unofficial doc), but when I arrive at the end of the installation, when I restart my Kibana service to see if the login page is ok, my kibana service automatically shutdown.

So I did like that :

1. : Install the Search Guard Plugin to Elasticsearch :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/

[root@lrtstfpe1 elasticsearch]# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3

-> Downloading com.floragunn:search-guard-6:6.3.0-22.3 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  • java.io.FilePermission /proc/sys/net/core/somaxconn read
  • java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
  • java.lang.RuntimePermission accessClassInPackage.sun.misc
  • java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
  • java.lang.RuntimePermission accessClassInPackage.sun.security.x509
  • java.lang.RuntimePermission accessDeclaredMembers
  • java.lang.RuntimePermission accessUserInformation
  • java.lang.RuntimePermission getClassLoader
  • java.lang.RuntimePermission setContextClassLoader
  • java.lang.RuntimePermission shutdownHooks
  • java.lang.reflect.ReflectPermission suppressAccessChecks
  • java.net.NetPermission getNetworkInformation
  • java.net.NetPermission getProxySelector
  • java.net.SocketPermission * connect,accept,resolve
  • java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
  • java.security.SecurityPermission insertProvider.BC
  • java.security.SecurityPermission putProviderProperty.BC
  • java.security.SecurityPermission setProperty.ocsp.enable
  • java.util.PropertyPermission com.sun.security.enableCRLDP write
  • java.util.PropertyPermission es.set.netty.runtime.available.processors write
  • java.util.PropertyPermission java.security.debug write
  • java.util.PropertyPermission java.security.krb5.conf write
  • java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
  • java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
  • java.util.PropertyPermission sun.nio.ch.bugLevel write
  • java.util.PropertyPermission sun.security.krb5.debug write
  • java.util.PropertyPermission sun.security.spnego.debug write
  • javax.security.auth.AuthPermission doAs
  • javax.security.auth.AuthPermission modifyPrivateCredentials
  • javax.security.auth.kerberos.ServicePermission * accept
    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
    for descriptions of what these permissions allow and the associated risks.
    -> Installed search-guard-6

``

2 : Execute the Search Guard demo installation script :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/

Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for ‘sudo’ privileges
Elasticsearch install type: rpm/deb on NAME=“Red Hat Enterprise Linux Server”
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.3.0
Detected Search Guard Version: 6.3.0-22.3
grep: ES_CONF_FILE: Aucun fichier ou dossier de ce type

Success

Execute this script now on all your nodes and then start all nodes

Search Guard will be automatically initialized.

If you like to change the runtime configuration

change the files in …/sgconfig and execute:

sudo “/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh” -cd “/usr/share/elasticsearch/plugins/search-guard-6/sgconfig” -icl -key “/etc/elasticsearch/kirk-key.pem” -cert “/etc/elasticsearch/kirk.pem” -cacert “/etc/elasticsearch/root-ca.pem” -nhnv

or run ./sgadmin_demo.sh

To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

To access your Search Guard secured cluster open https://: and log in with admin/admin.

(Ignore the SSL certificate warning because we installed self-signed demo certificates)

``

[root@lrtstfpe1 tools]# chmod +x install_demo_configuration.sh
[root@lrtstfpe1 tools]# ./install_demo_configuration.sh

[root@lrtstfpe1 tools]# service elasticsearch restart
Restarting elasticsearch (via systemctl): [ **OK ** ]

3 : Testing the SG installation :

Go to : ****[https://lrtstfpe1:9200/](https://lrtstfpe1:9200/)

Go to : [https://lrtstfpe1:9200/_searchguard/authinfo](https://lrtstfpe1:9200/_searchguard/authinfo)

``

After enter admin admin and auto sign the certificate :

``

Everything ok… then :

[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
[root@lrtstfpe1 tools]# ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Elasticsearch Version: 6.3.0
Search Guard Version: 6.3.0-22.3
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success

5 : Install Search Guard on Kibana :

Add :
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.ssl.verificationMode: none
elasticsearch.url: “https://localhost:9200
on my /etc/elasticsearch/elasticsearch.yml

Test to go to kibana :

Ok, then :

[root@lrtstfpe1 kibana]# bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Attempting to transfer from https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Transferring 2774454 bytes…
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles…
Plugin installation complete

[root@lrtstfpe1 kibana]# service kibana restart
kibana started
[root@lrtstfpe1 kibana]# service kibana status
kibana is running
.
.
(10 seconds later) :
[root@lrtstfpe1 kibana]# service kibana status
kibana is not running

And I’m unable to go to my Kibana page because the service automatically shutdown 10secondes later been up.

Do you know the origin of this issue ?

Thx for help,

Dylan.

Thank you !

It works !

···

Le lundi 9 juillet 2018 13:57:01 UTC+2, Jochen Kressin a écrit :

Just follow the setup instructions from the Kibana docs:

https://www.elastic.co/guide/en/kibana/current/configuring-tls.html

You merely need to switch SSL on and provide your certificate and key.

On Monday, July 9, 2018 at 11:08:24 AM UTC+2, Dylan Osef wrote:

So I mean, How to add SSL config in Kibana Login page.

I would like to use internal users but to secure connection with SSL.

Le vendredi 6 juillet 2018 15:53:42 UTC+2, Dylan Osef a écrit :

Hello SG community,

Is it my first message here, I’m new and I try to test SG product to secure my Elastic Stack.

So I’ve got a problem : I did the "Demo installer steps by steps following the documentation (Official doc and Unofficial doc), but when I arrive at the end of the installation, when I restart my Kibana service to see if the login page is ok, my kibana service automatically shutdown.

So I did like that :

1. : Install the Search Guard Plugin to Elasticsearch :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/

[root@lrtstfpe1 elasticsearch]# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.3.0-22.3

-> Downloading com.floragunn:search-guard-6:6.3.0-22.3 from maven central
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

  • java.io.FilePermission /proc/sys/net/core/somaxconn read
  • java.lang.RuntimePermission accessClassInPackage.com.sun.jndi.ldap
  • java.lang.RuntimePermission accessClassInPackage.sun.misc
  • java.lang.RuntimePermission accessClassInPackage.sun.nio.ch
  • java.lang.RuntimePermission accessClassInPackage.sun.security.x509
  • java.lang.RuntimePermission accessDeclaredMembers
  • java.lang.RuntimePermission accessUserInformation
  • java.lang.RuntimePermission getClassLoader
  • java.lang.RuntimePermission setContextClassLoader
  • java.lang.RuntimePermission shutdownHooks
  • java.lang.reflect.ReflectPermission suppressAccessChecks
  • java.net.NetPermission getNetworkInformation
  • java.net.NetPermission getProxySelector
  • java.net.SocketPermission * connect,accept,resolve
  • java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm
  • java.security.SecurityPermission insertProvider.BC
  • java.security.SecurityPermission putProviderProperty.BC
  • java.security.SecurityPermission setProperty.ocsp.enable
  • java.util.PropertyPermission com.sun.security.enableCRLDP write
  • java.util.PropertyPermission es.set.netty.runtime.available.processors write
  • java.util.PropertyPermission java.security.debug write
  • java.util.PropertyPermission java.security.krb5.conf write
  • java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write
  • java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write
  • java.util.PropertyPermission sun.nio.ch.bugLevel write
  • java.util.PropertyPermission sun.security.krb5.debug write
  • java.util.PropertyPermission sun.security.spnego.debug write
  • javax.security.auth.AuthPermission doAs
  • javax.security.auth.AuthPermission modifyPrivateCredentials
  • javax.security.auth.kerberos.ServicePermission * accept
    See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
    for descriptions of what these permissions allow and the associated risks.
    -> Installed search-guard-6

``

2 : Execute the Search Guard demo installation script :

[root@lrtstfpe1 elasticsearch]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/

Search Guard 6 Demo Installer
** Warning: Do not use on production or public reachable systems **
Install demo certificates? [y/N] y
Initialize Search Guard? [y/N] y
Cluster mode requires maybe additional setup of:

Enable cluster mode? [y/N] y
Basedir: /usr/share/elasticsearch
This script maybe require your root password for ‘sudo’ privileges
Elasticsearch install type: rpm/deb on NAME=“Red Hat Enterprise Linux Server”
Elasticsearch config dir: /etc/elasticsearch
Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml
Elasticsearch bin dir: /usr/share/elasticsearch/bin
Elasticsearch plugins dir: /usr/share/elasticsearch/plugins
Elasticsearch lib dir: /usr/share/elasticsearch/lib
Detected Elasticsearch Version: x-content-6.3.0
Detected Search Guard Version: 6.3.0-22.3
grep: ES_CONF_FILE: Aucun fichier ou dossier de ce type

Success

Execute this script now on all your nodes and then start all nodes

Search Guard will be automatically initialized.

If you like to change the runtime configuration

change the files in …/sgconfig and execute:

sudo “/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh” -cd “/usr/share/elasticsearch/plugins/search-guard-6/sgconfig” -icl -key “/etc/elasticsearch/kirk-key.pem” -cert “/etc/elasticsearch/kirk.pem” -cacert “/etc/elasticsearch/root-ca.pem” -nhnv

or run ./sgadmin_demo.sh

To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

To access your Search Guard secured cluster open https://: and log in with admin/admin.

(Ignore the SSL certificate warning because we installed self-signed demo certificates)

``

[root@lrtstfpe1 tools]# chmod +x install_demo_configuration.sh
[root@lrtstfpe1 tools]# ./install_demo_configuration.sh

[root@lrtstfpe1 tools]# service elasticsearch restart
Restarting elasticsearch (via systemctl): [ **OK ** ]

3 : Testing the SG installation :

Go to : ****[https://lrtstfpe1:9200/](https://lrtstfpe1:9200/)

Go to : [https://lrtstfpe1:9200/_searchguard/authinfo](https://lrtstfpe1:9200/_searchguard/authinfo)

``

After enter admin admin and auto sign the certificate :

``

Everything ok… then :

[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
[root@lrtstfpe1 sgconfig]# cd /usr/share/elasticsearch/plugins/search-guard-6/tools/
[root@lrtstfpe1 tools]# ./sgadmin_demo.sh
WARNING: JAVA_HOME not set, will use /bin/java
Search Guard Admin v6
Will connect to localhost:9300 … done
Elasticsearch Version: 6.3.0
Search Guard Version: 6.3.0-22.3
Connected as CN=kirk,OU=client,O=client,L=test,C=de
Contacting elasticsearch cluster ‘elasticsearch’ and wait for YELLOW clusterstate …
Clustername: searchguard_demo
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/
Will update ‘sg/config’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml
SUCC: Configuration for ‘config’ created or updated
Will update ‘sg/roles’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml
SUCC: Configuration for ‘roles’ created or updated
Will update ‘sg/rolesmapping’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml
SUCC: Configuration for ‘rolesmapping’ created or updated
Will update ‘sg/internalusers’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml
SUCC: Configuration for ‘internalusers’ created or updated
Will update ‘sg/actiongroups’ with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success

5 : Install Search Guard on Kibana :

Add :
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.ssl.verificationMode: none
elasticsearch.url: “https://localhost:9200
on my /etc/elasticsearch/elasticsearch.yml

Test to go to kibana :

Ok, then :

[root@lrtstfpe1 kibana]# bin/kibana-plugin install https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Attempting to transfer from https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-kibana-plugin/6.3.0-14-beta-1/search-guard-kibana-plugin-6.3.0-14-beta-1.zip
Transferring 2774454 bytes…
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles…
Plugin installation complete

[root@lrtstfpe1 kibana]# service kibana restart
kibana started
[root@lrtstfpe1 kibana]# service kibana status
kibana is running
.
.
(10 seconds later) :
[root@lrtstfpe1 kibana]# service kibana status
kibana is not running

And I’m unable to go to my Kibana page because the service automatically shutdown 10secondes later been up.

Do you know the origin of this issue ?

Thx for help,

Dylan.