Logstash configuration to read logs and save it into elasticsearch with search guard.

Hi,

I have configured elasticsearch 1.5.2 with search guard plugin.

I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.

Can some one please let me know what configuration is required from logstash. or from elasticsearch .

Configuration done for search guard in elasticsearch.yml:

searchguard.enabled: true

searchguard.check_for_root: false

searchguard.key_path: C:/Test/searchguard_node.key

searchguard.config_index_name: searchguard

searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.manager: [“manager”]

searchguard.flsfilter.names: [“manager”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:admin*”, “indices:data/write*”, “indices:admin/template/get”]

Thanks,

Lakshmi.

Any Help pls, I am stuck with this issue.

Thanks,

Lakshmi.

···

On Monday, June 15, 2015 at 10:28:22 AM UTC+5:30, prasanna....@gmail.com wrote:

Hi,

I have configured elasticsearch 1.5.2 with search guard plugin.

I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.

Can some one please let me know what configuration is required from logstash. or from elasticsearch .

Configuration done for search guard in elasticsearch.yml:

searchguard.enabled: true

searchguard.check_for_root: false

searchguard.key_path: C:/Test/searchguard_node.key

searchguard.config_index_name: searchguard

searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.manager: [“manager”]

searchguard.flsfilter.names: [“manager”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:admin*”, “indices:data/write*”, “indices:admin/template/get”]

Thanks,

Lakshmi.

can you pls. provide the error logs and the acl configuration and your logstash config?

···

Am 17.06.2015 um 06:00 schrieb prasanna.yelisetti@gmail.com:

Any Help pls, I am stuck with this issue.

Thanks,
Lakshmi.

On Monday, June 15, 2015 at 10:28:22 AM UTC+5:30, prasanna....@gmail.com wrote:
Hi,

I have configured elasticsearch 1.5.2 with search guard plugin.

I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.

Can some one please let me know what configuration is required from logstash. or from elasticsearch .

Configuration done for search guard in elasticsearch.yml:

searchguard.enabled: true
searchguard.check_for_root: false
searchguard.key_path: C:/Test/searchguard_node.key
searchguard.config_index_name: searchguard
searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password
searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: ["admin"]
searchguard.authentication.authorization.settingsdb.roles.manager: ["manager"]

searchguard.flsfilter.names: ["manager"]
searchguard.flsfilter.marketig.source_excludes: ["username","email"]

searchguard.actionrequestfilter.names: ["readonly"]
searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:data/write*", "indices:admin/template/get"]

Thanks,
Lakshmi.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9b6b1366-cb89-4656-87ee-9702f0665db7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks SG, now I am able to store logs from logstash to elasticsearch, However after I logged in with the credentials with http://ipaddress:9200 url, am getting a Runtime Exception.

I have posted a new question for this issue.

Subject of the question: “Authentication popup is not coming in kibana and ElasticSearch”

Configuration in logstash:

output

{

elasticsearch_http { 

host => "10.212.20.93"

user => "admin"

password => "password"	 

}

stdout {codec => "rubydebug"}

}

Thanks for the reply, Thanks a lot

Lakshmi**.**

···

On Thursday, June 18, 2015 at 1:39:57 PM UTC+5:30, SG wrote:

can you pls. provide the error logs and the acl configuration and your logstash config?

Am 17.06.2015 um 06:00 schrieb prasanna....@gmail.com:

Any Help pls, I am stuck with this issue.

Thanks,

Lakshmi.

On Monday, June 15, 2015 at 10:28:22 AM UTC+5:30, prasanna....@gmail.com wrote:

Hi,

I have configured elasticsearch 1.5.2 with search guard plugin.

I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.

Can some one please let me know what configuration is required from logstash. or from elasticsearch .

Configuration done for search guard in elasticsearch.yml:

searchguard.enabled: true

searchguard.check_for_root: false

searchguard.key_path: C:/Test/searchguard_node.key

searchguard.config_index_name: searchguard

searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend

searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator

searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password

searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]

searchguard.authentication.authorization.settingsdb.roles.manager: [“manager”]

searchguard.flsfilter.names: [“manager”]

searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

searchguard.actionrequestfilter.names: [“readonly”]

searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/*”, “monitor”]

searchguard.actionrequestfilter.readonly.forbidden_actions: [“cluster:admin*”, “indices:data/write*”, “indices:admin/template/get”]

Thanks,

Lakshmi.


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9b6b1366-cb89-4656-87ee-9702f0665db7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

so this thread is solved?

···

Am 19.06.2015 um 08:44 schrieb prasanna.yelisetti@gmail.com:

Thanks SG, now I am able to store logs from logstash to elasticsearch, However after I logged in with the credentials with http://ipaddress:9200 url, am getting a Runtime Exception.

I have posted a new question for this issue.
Subject of the question: "Authentication popup is not coming in kibana and ElasticSearch"

Configuration in logstash:
output
{
  elasticsearch_http {
  host => "10.212.20.93"
  user => "admin"
  password => "password"
  }
    stdout {codec => "rubydebug"}
}

Thanks for the reply, Thanks a lot
Lakshmi.

On Thursday, June 18, 2015 at 1:39:57 PM UTC+5:30, SG wrote:
can you pls. provide the error logs and the acl configuration and your logstash config?

> Am 17.06.2015 um 06:00 schrieb prasanna....@gmail.com:
>
> Any Help pls, I am stuck with this issue.
>
> Thanks,
> Lakshmi.
>
> On Monday, June 15, 2015 at 10:28:22 AM UTC+5:30, prasanna....@gmail.com wrote:
> Hi,
>
> I have configured elasticsearch 1.5.2 with search guard plugin.
>
> I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.
>
> Can some one please let me know what configuration is required from logstash. or from elasticsearch .
>
> Configuration done for search guard in elasticsearch.yml:
>
> searchguard.enabled: true
> searchguard.check_for_root: false
> searchguard.key_path: C:/Test/searchguard_node.key
> searchguard.config_index_name: searchguard
> searchguard.http.enable_sessions: false
>
> searchguard.allow_all_from_loopback: true
>
> searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
> searchguard.authentication.authentication_backend.cache.enable: true
>
> searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
> searchguard.authentication.authorizer.cache.enable: true
>
> searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
>
> searchguard.authentication.settingsdb.user.admin: password
> searchguard.authentication.settingsdb.user.manager: password
>
> searchguard.authentication.authorization.settingsdb.roles.admin: ["admin"]
> searchguard.authentication.authorization.settingsdb.roles.manager: ["manager"]
>
> searchguard.flsfilter.names: ["manager"]
> searchguard.flsfilter.marketig.source_excludes: ["username","email"]
>
> searchguard.actionrequestfilter.names: ["readonly"]
> searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]
> searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:data/write*", "indices:admin/template/get"]
>
> Thanks,
> Lakshmi.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9b6b1366-cb89-4656-87ee-9702f0665db7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a3994f46-cdb4-4177-96cb-cbbf612cdfd3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

yes, done.

···

On Thursday, June 25, 2015 at 7:47:33 PM UTC+5:30, SG wrote:

so this thread is solved?

Am 19.06.2015 um 08:44 schrieb prasanna....@gmail.com:

Thanks SG, now I am able to store logs from logstash to elasticsearch, However after I logged in with the credentials with http://ipaddress:9200 url, am getting a Runtime Exception.

I have posted a new question for this issue.

Subject of the question: “Authentication popup is not coming in kibana and ElasticSearch”

Configuration in logstash:

output

{
elasticsearch_http {
host => “10.212.20.93”

    user => "admin"
    password => "password"                         
    }
stdout {codec => "rubydebug"}

}

Thanks for the reply, Thanks a lot

Lakshmi.

On Thursday, June 18, 2015 at 1:39:57 PM UTC+5:30, SG wrote:

can you pls. provide the error logs and the acl configuration and your logstash config?

Am 17.06.2015 um 06:00 schrieb prasanna....@gmail.com:

Any Help pls, I am stuck with this issue.

Thanks,
Lakshmi.

On Monday, June 15, 2015 at 10:28:22 AM UTC+5:30, prasanna....@gmail.com wrote:
Hi,

I have configured elasticsearch 1.5.2 with search guard plugin.

I want logstash to read logs, save it into elasticsearch. Logstash is giving some exception in doing so.

Can some one please let me know what configuration is required from logstash. or from elasticsearch .

Configuration done for search guard in elasticsearch.yml:

searchguard.enabled: true
searchguard.check_for_root: false
searchguard.key_path: C:/Test/searchguard_node.key
searchguard.config_index_name: searchguard
searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password
searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: [“admin”]
searchguard.authentication.authorization.settingsdb.roles.manager: [“manager”]

searchguard.flsfilter.names: [“manager”]
searchguard.flsfilter.marketig.source_excludes: [“username”,“email”]

searchguard.actionrequestfilter.names: [“readonly”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/", “monitor”]
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin
”, “indices:data/write*”, “indices:admin/template/get”]

Thanks,
Lakshmi.


You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/9b6b1366-cb89-4656-87ee-9702f0665db7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a3994f46-cdb4-4177-96cb-cbbf612cdfd3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.