Hi team,
This is my first time with Search Guard, I am interested to use it for alerting system . can anyone guide how to proceed ? how to integrate it with my running elasticsearch cluster accessible using kibana? Your guidance and help are highly appreciated.
Regards
@micou12 In regard to the installation process. You should first take a look at the Search Guard Releases matrix and decide which version you’d like to use.
Please be aware that SG offers a new version of the plugin called FLX.
Once you decide which flavour of SG plugin you’d like to implement, please follow Installing Search Guard section in the corresponding documentation.
Hello
My cluster is running Elastcsearch 8.4.3 same as Kibana and I have seen also the corresponding search guard version , I have installed it but while restarting Elasticsearch it fails.
→ Installed search-guard-flx
→ Please restart Elasticsearch to activate any plugins installed
root@search-guard:~# systemctl restart elasticsearch.service
Job for elasticsearch.service failed because the control process exited with error code.
See “systemctl status elasticsearch.service” and “journalctl -xe” for details.
root@search-guard:~# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-12-14 13:01:38 UTC; 25s ago
Docs: https://www.elastic.co
Process: 64292 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 64292 (code=exited, status=1/FAILURE)
Dec 14 13:01:25 search-guard systemd[1]: Starting Elasticsearch…
Dec 14 13:01:37 search-guard systemd-entrypoint[64292]: ERROR: Elasticsearch did not exit normally - check the logs at /var/log/elasticsearch/elasticsearch.log
Dec 14 13:01:38 search-guard systemd-entrypoint[64292]: ERROR: Elasticsearch exited unexpectedly
Dec 14 13:01:38 search-guard systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILURE
Dec 14 13:01:38 search-guard systemd[1]: elasticsearch.service: Failed with result ‘exit-code’.
Dec 14 13:01:38 search-guard systemd[1]: Failed to start Elasticsearch.
root@search-guard:~# systemctl stop elasticsearch
root@search-guard:~# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2022-12-14 13:01:38 UTC; 53s ago
Docs: https://www.elastic.co
Process: 64292 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 64292 (code=exited, status=1/FAILURE)