How to insert logs from a .Net Core project?

Hi pals,

I have set the IdentityServer4 for logging to Kibana and ElasticSearch similar to the one described here. Now, I want to insert the logs into the ElasticSearch by my .Net Core project with Serilog or NLog. I have found some tutorials to connect to the elastic by Serlog/NLog (e.g. https://github.com/markmcdowell/NLog.Targets.ElasticSearch), but since we have set our identity server for Single Sign-On, I could find any tutorials to connect to the elastic by my .Net Core project. Could you please help with with this issue?

  • Search Guard and Elasticsearch version: 6.5.4

  • Operating system version: Windows 10

Best Regards,

Behzad

What you want is basically OpenID auth (for Kibana) and then in addition Basic Auth (for ingesting the logs). The easiest way to do so is to configure two authentication domains in sg_config: One for OpenID and one for Basic Auth. The order is important here: The Basic Auth domain must be placed before the OpenID domain. This is controlled by the order flag in sg_config.

If you are running Kibana then you most probably already have a Basic Authentication domain, for the internal kibanaserver user. Just make sure this is placed before the OpenID domain. You should then be able to access Elasticsearch by HTTP Basic Auth, e.g.

curl -k -u admin:admin https://sgssl-0.example.com:9200/_cat/indices

``

If your log ingestion tool supports Basic Auth then you just configure the username and password the tool should use when connecting to ES. You might also need to change the protocol from HTTP to HTTPS. And maybe enable insecure HTTPS connections or provide the root CA of Elasticsearch in case you use self-signed certificates.

···

On Saturday, March 2, 2019 at 12:52:45 AM UTC-8, Behzad Rezaie wrote:

Hi pals,

I have set the IdentityServer4 for logging to Kibana and ElasticSearch similar to the one described here. Now, I want to insert the logs into the ElasticSearch by my .Net Core project with Serilog or NLog. I have found some tutorials to connect to the elastic by Serlog/NLog (e.g. https://github.com/markmcdowell/NLog.Targets.ElasticSearch), but since we have set our identity server for Single Sign-On, I could find any tutorials to connect to the elastic by my .Net Core project. Could you please help with with this issue?

  • Search Guard and Elasticsearch version: 6.5.4
  • Operating system version: Windows 10

Best Regards,

Behzad

Dear Jochen,

Thanks so much for your great help. It did work with Serilog. Here is my configuration for Serilog in my .Net Core project:

Log.Logger = new LoggerConfiguration()

            .Enrich.FromLogContext()

            .Enrich.WithExceptionDetails()

            .WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("[https://localhost:9200](https://localhost:9200)"))

            {

                AutoRegisterTemplate = true,

                ModifyConnectionSettings =

                    x => x.BasicAuthentication("admin", "admin").GlobalHeaders(new NameValueCollection

                    {

                        {"Authorization", "Bearer YWRtaW46YWRtaW4="} //The hash code is for "admin:admin"

                    }),

                IndexFormat = "elasticsearchserilog-{0:yyyy.MM.dd}",

            })

            .CreateLogger();

``

and also here is the code in the sg_config.yml:

.

.

.

basic_internal_auth_domain:

    enabled: true

    order: 0

    http_authenticator:

      type: basic

      challenge: false

    authentication_backend:

      type: internal

openid_auth_domain:

    enabled: true

    order: 1

    http_authenticator:

      type: openid

      challenge: false

      config:

        subject_key: preferred_username

        roles_key: role

        openid_connect_url: http://someserver/.well-known/openid-configuration

    authentication_backend:

      type: noop

.

.

.

``

···

On Tuesday, March 5, 2019 at 12:19:29 AM UTC+3:30, Jochen Kressin wrote:

What you want is basically OpenID auth (for Kibana) and then in addition Basic Auth (for ingesting the logs). The easiest way to do so is to configure two authentication domains in sg_config: One for OpenID and one for Basic Auth. The order is important here: The Basic Auth domain must be placed before the OpenID domain. This is controlled by the order flag in sg_config.

If you are running Kibana then you most probably already have a Basic Authentication domain, for the internal kibanaserver user. Just make sure this is placed before the OpenID domain. You should then be able to access Elasticsearch by HTTP Basic Auth, e.g.

curl -k -u admin:admin https://sgssl-0.example.com:9200/_cat/indices

``

If your log ingestion tool supports Basic Auth then you just configure the username and password the tool should use when connecting to ES. You might also need to change the protocol from HTTP to HTTPS. And maybe enable insecure HTTPS connections or provide the root CA of Elasticsearch in case you use self-signed certificates.

On Saturday, March 2, 2019 at 12:52:45 AM UTC-8, Behzad Rezaie wrote:

Hi pals,

I have set the IdentityServer4 for logging to Kibana and ElasticSearch similar to the one described here. Now, I want to insert the logs into the ElasticSearch by my .Net Core project with Serilog or NLog. I have found some tutorials to connect to the elastic by Serlog/NLog (e.g. https://github.com/markmcdowell/NLog.Targets.ElasticSearch), but since we have set our identity server for Single Sign-On, I could find any tutorials to connect to the elastic by my .Net Core project. Could you please help with with this issue?

  • Search Guard and Elasticsearch version: 6.5.4
  • Operating system version: Windows 10

Best Regards,

Behzad