logstash . no permissions for cluster:monitor/nodes/info

es 2.3.3
loginstash 2.2.2

search-guard-ssl-2.3.3.21

search-guard-2-2.3.3.12

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

logstash error log:

{:timestamp=>“2017-05-22T00:17:14.684000+0800”, :message=>"[403] {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”}],“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”},“status”:403}", :class=>“Elasticsearch::Transport::Transport::Errors::Forbidden”, :backtrace=>["/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:146:in __raise_transport_error'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:256:inperform_request’", “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in perform_request'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts’”, “org/jruby/ext/timeout/Timeout.java:147:in timeout'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in reload_connections!'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/ext/thread/Mutex.java:149:insynchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/RubyKernel.java:1479:inloop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!’”], :level=>:error}

``

``

es error log:

[2017-05-22 00:22:50,087][INFO ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No perm match for User [name=logstash, roles=] [IndexType [index=_all, type=*]] [Action [cluster:monitor/nodes/info]] [RolesChecked [sg_logstash, sg_own_index, sg_public]]

``

``

try add to sd_logstash

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

error ,

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52746) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52747) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,970][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52748) speaks http plaintext instead of ssl, will close the channel

``

How to add the permissions ?

The two issues are completely unrelated. Your permission settings look fine after you’ve added the missing cluster permission.

Regarding this one:

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel

As the message says, someone is trying to access your cluster via http, not https. Probably logstash.

You have two options, either configure logstash (or any other service that accesses your cluster via the REST Api) to use HTTPS instead of HTTP. This is recommended. For logstash, please refer to the documentation:

Or, if you cannot use HTTPS, you can also disable TLS on the REST layer, and access your cluster via HTTP. This is not recommended since it’s insecure. In elasticsearch.yml, set:

searchguard.ssl.http.enabled: false

···

On Sunday, May 21, 2017 at 6:28:18 PM UTC+2, zim so wrote:

es 2.3.3
loginstash 2.2.2

search-guard-ssl-2.3.3.21

search-guard-2-2.3.3.12

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

logstash error log:

{:timestamp=>“2017-05-22T00:17:14.684000+0800”, :message=>"[403] {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”}],“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”},“status”:403}", :class=>“Elasticsearch::Transport::Transport::Errors::Forbidden”, :backtrace=>["/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:146:in __raise_transport_error'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:256:inperform_request’", “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in perform_request'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts’”, “org/jruby/ext/timeout/Timeout.java:147:in timeout'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in reload_connections!'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/ext/thread/Mutex.java:149:insynchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/RubyKernel.java:1479:inloop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!’”], :level=>:error}

``

``

es error log:

[2017-05-22 00:22:50,087][INFO ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No perm match for User [name=logstash, roles=] [IndexType [index=_all, type=*]] [Action [cluster:monitor/nodes/info]] [RolesChecked [sg_logstash, sg_own_index, sg_public]]

``

``

try add to sd_logstash

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

error ,

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52746) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52747) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,970][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52748) speaks http plaintext instead of ssl, will close the channel

``

How to add the permissions ?

Dear Kressin,

Thank you for help.

if searchguard.ssl.http.enabled: false ,it is work ,no error .

before

the error form logstash ,

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/10.45.184.171:52745) speaks http plaintext instead of ssl, will close the channel

``

network :

user ------------> Nginx server (internet IP) -------------> ELK server (10.45.184.171)

nginx setting

upstream elk-es {
server 10.45.184.171:9200 max_fails=3 fail_timeout=120s;
}
upstream elk-kibana {
server 10.45.184.171:5602 max_fails=3 fail_timeout=120s;
}

server {
listen 19200;
server_name localhost;
location / {
proxy_pass https://elk-es/;

}

}
server {
listen 15602;
server_name localhost;
location / {
proxy_pass https://elk-kibana/;

}

}

``

Jochen Kressin於 2017年5月22日星期一 UTC+8下午5時20分34秒寫道:

···

The two issues are completely unrelated. Your permission settings look fine after you’ve added the missing cluster permission.

Regarding this one:

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel

As the message says, someone is trying to access your cluster via http, not https. Probably logstash.

You have two options, either configure logstash (or any other service that accesses your cluster via the REST Api) to use HTTPS instead of HTTP. This is recommended. For logstash, please refer to the documentation:

https://github.com/floragunncom/search-guard-docs/blob/master/logstash.md

Or, if you cannot use HTTPS, you can also disable TLS on the REST layer, and access your cluster via HTTP. This is not recommended since it’s insecure. In elasticsearch.yml, set:

searchguard.ssl.http.enabled: false

On Sunday, May 21, 2017 at 6:28:18 PM UTC+2, zim so wrote:

es 2.3.3
loginstash 2.2.2

search-guard-ssl-2.3.3.21

search-guard-2-2.3.3.12

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

logstash error log:

{:timestamp=>“2017-05-22T00:17:14.684000+0800”, :message=>"[403] {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”}],“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”},“status”:403}", :class=>“Elasticsearch::Transport::Transport::Errors::Forbidden”, :backtrace=>["/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:146:in __raise_transport_error'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:256:inperform_request’", “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in perform_request'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts’”, “org/jruby/ext/timeout/Timeout.java:147:in timeout'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in reload_connections!'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/ext/thread/Mutex.java:149:insynchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/RubyKernel.java:1479:inloop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!’”], :level=>:error}

``

``

es error log:

[2017-05-22 00:22:50,087][INFO ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No perm match for User [name=logstash, roles=] [IndexType [index=_all, type=*]] [Action [cluster:monitor/nodes/info]] [RolesChecked [sg_logstash, sg_own_index, sg_public]]

``

``

try add to sd_logstash

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

error ,

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52746) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52747) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,970][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52748) speaks http plaintext instead of ssl, will close the channel

``

How to add the permissions ?

Dear Kressin,

logstash setting:

output {

if [type] == “nginx2017” {

elasticsearch {

hosts => [“https://127.0.0.1:9200”]

password => logstash

ssl => “true”

ssl_certificate_verification => “false”

user => logstash

truststore => “/data/program/elasticsearch-2.3.3-node1/config/truststore.jks”

truststore_password => “changeit”

sniffing => true

manage_template => false

index => “logstash-%{type}-%{+YYYY.MM.dd}”

#document_id => “%{log_id}”

}

}

stdout { codec => rubydebug }

}

``

why show "http://10.45.184.171:9200: The target server failed to respond " ?

五月 22, 2017 10:52:58 下午 org.apache.http.impl.execchain.RetryExec execute

信息: I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {}->http://10.45.184.171:9200: The target server failed to respond

五月 22, 2017 10:52:58 下午 org.apache.http.impl.execchain.RetryExec execute

信息: Retrying request to {}->http://10.45.184.171:9200

五月 22, 2017 10:52:58 下午 org.apache.http.impl.execchain.RetryExec execute

信息: Retrying request to {}->http://10.45.184.171:9200

10.45.184.171:9200 failed to respond {:class=>“Manticore::ClientProtocolException”, :backtrace=>["/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:37:in initialize'", "org/jruby/RubyProc.java:281:incall’", “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:79:in call'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:256:incall_once’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/manticore-0.5.2-java/lib/manticore/response.rb:153:in code'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:71:inperform_request’”, “org/jruby/RubyProc.java:281:in call'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:201:inperform_request’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in perform_request'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts’”, “org/jruby/ext/timeout/Timeout.java:147:in timeout'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in reload_connections!'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/ext/thread/Mutex.java:149:insynchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/RubyKernel.java:1479:inloop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!’”], :level=>:error}

``

Jochen Kressin於 2017年5月22日星期一 UTC+8下午5時20分34秒寫道:

···

The two issues are completely unrelated. Your permission settings look fine after you’ve added the missing cluster permission.

Regarding this one:

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel

As the message says, someone is trying to access your cluster via http, not https. Probably logstash.

You have two options, either configure logstash (or any other service that accesses your cluster via the REST Api) to use HTTPS instead of HTTP. This is recommended. For logstash, please refer to the documentation:

https://github.com/floragunncom/search-guard-docs/blob/master/logstash.md

Or, if you cannot use HTTPS, you can also disable TLS on the REST layer, and access your cluster via HTTP. This is not recommended since it’s insecure. In elasticsearch.yml, set:

searchguard.ssl.http.enabled: false

On Sunday, May 21, 2017 at 6:28:18 PM UTC+2, zim so wrote:

es 2.3.3
loginstash 2.2.2

search-guard-ssl-2.3.3.21

search-guard-2-2.3.3.12

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

logstash error log:

{:timestamp=>“2017-05-22T00:17:14.684000+0800”, :message=>"[403] {“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”}],“type”:“security_exception”,“reason”:“no permissions for cluster:monitor/nodes/info”},“status”:403}", :class=>“Elasticsearch::Transport::Transport::Errors::Forbidden”, :backtrace=>["/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:146:in __raise_transport_error'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:256:inperform_request’", “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:54:in perform_request'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:32:inhosts’”, “org/jruby/ext/timeout/Timeout.java:147:in timeout'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/sniffer.rb:31:inhosts’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/base.rb:76:in reload_connections!'", "/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:72:insniff!’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/ext/thread/Mutex.java:149:insynchronize’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:60:in start_sniffing!'", "org/jruby/RubyKernel.java:1479:inloop’”, “/data/program/logstash-2.2.2/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:59:in `start_sniffing!’”], :level=>:error}

``

``

es error log:

[2017-05-22 00:22:50,087][INFO ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No perm match for User [name=logstash, roles=] [IndexType [index=_all, type=*]] [Action [cluster:monitor/nodes/info]] [RolesChecked [sg_logstash, sg_own_index, sg_public]]

``

``

try add to sd_logstash

sg_logstash:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:data/write/bulk*
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
‘logstash-’:
'
’:
- CRUD
- CREATE_INDEX
beat’:
‘*’:
- CRUD
- CREATE_INDEX

``

error ,

[2017-05-21 21:41:37,967][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52745) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52746) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,968][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52747) speaks http plaintext instead of ssl, will close the channel
[2017-05-21 21:41:37,970][WARN ][com.floragunn.searchguard.http.SearchGuardHttpServerTransport] [node-1] Someone (/110.45.184.131:52748) speaks http plaintext instead of ssl, will close the channel

``

How to add the permissions ?