Am 11.01.2018 um 16:45 schrieb Adriano Santos <adriano.santos@gmail.com>:
Hi Jochen,
Thanks for you help.
At this point I'm using the default configuration to test my environment.
What should I use in the:
ssl:
truststore.
path: esnode.pem
truststore.password: change-it
This is what I have on search guard configuration:
######## Start Search Guard Demo Configuration ########
# WARNING: revise all the lines below before you go into production
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.security.enabled: false
xpack.monitoring.enabled: true
xpack.ml.enabled: false
xpack.graph.enabled: false
xpack.watcher.enabled: false
xpack.monitoring.exporters:
id1:
type: http
host: ["https://127.0.0.1:9201"]
auth.username: monitor
auth.password: monitor
ssl:
truststore.path: esnode.pem
truststore.password: changeit
######## End Search Guard Demo Configuration ########
I'm getting the following exception:
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:?]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:?]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:?]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_92]
at org.elasticsearch.xpack.ssl.CertUtils.trustManager(CertUtils.java:187) ~[?:?]
On Thursday, January 11, 2018 at 3:46:42 AM UTC-6, Jochen Kressin wrote:
Please follow the X-Pack Monitoring instructions here:
X-Pack Monitoring | Security for Elasticsearch | Search Guard
The demo configuration ships with the sg_xp_monitoring role suitable for Monitoring.
On Thursday, January 11, 2018 at 6:48:02 AM UTC+1, Adriano Santos wrote:
I have the following configuration in the logstash.yml but it is not able to authenticate to elastic search url with search guard for monitoring
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: https://localhost:9201
xpack.monitoring.elasticsearch.username: logstash
xpack.monitoring.elasticsearch.password: logstash
What would be the correct configuration on logstash.yml to be able to monitor logstash and the pipelines in the monitoring tab?
Thanks,
Adriano
When asking questions, please provide the following information:
* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/eccc42ee-0dde-437f-a0c7-ca3e30c5c05c%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.