Monitoring Logstash 6 with Basic License XPack and Search Guard 6

I have the following configuration in the logstash.yml but it is not able to authenticate to elastic search url with search guard for monitoring

xpack.monitoring.enabled: true

xpack.monitoring.elasticsearch.url: https://localhost:9201

xpack.monitoring.elasticsearch.username: logstash

xpack.monitoring.elasticsearch.password: logstash

What would be the correct configuration on logstash.yml to be able to monitor logstash and the pipelines in the monitoring tab?

Thanks,

Adriano

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

Please follow the X-Pack Monitoring instructions here:

The demo configuration ships with the sg_xp_monitoring role suitable for Monitoring.

···

On Thursday, January 11, 2018 at 6:48:02 AM UTC+1, Adriano Santos wrote:

I have the following configuration in the logstash.yml but it is not able to authenticate to elastic search url with search guard for monitoring

xpack.monitoring.enabled: true

xpack.monitoring.elasticsearch.url: https://localhost:9201

xpack.monitoring.elasticsearch.username: logstash

xpack.monitoring.elasticsearch.password: logstash

What would be the correct configuration on logstash.yml to be able to monitor logstash and the pipelines in the monitoring tab?

Thanks,

Adriano

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

Hi Jochen,

Thanks for you help.

At this point I’m using the default configuration to test my environment.

What should I use in the:

ssl:
   truststore.path: esnode.pem 
  truststore.password: change-it

This is what I have on search guard configuration:

######## Start Search Guard Demo Configuration ########

WARNING: revise all the lines below before you go into production

searchguard.ssl.transport.pemcert_filepath: esnode.pem

searchguard.ssl.transport.pemkey_filepath: esnode-key.pem

searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true

searchguard.ssl.http.pemcert_filepath: esnode.pem

searchguard.ssl.http.pemkey_filepath: esnode-key.pem

searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem

searchguard.allow_unsafe_democertificates: true

searchguard.allow_default_init_sgindex: true

searchguard.authcz.admin_dn:

  • CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch

searchguard.enable_snapshot_restore_privilege: true

searchguard.check_snapshot_restore_write_privileges: true

searchguard.restapi.roles_enabled: [“sg_all_access”]

cluster.name: searchguard_demo

network.host: 0.0.0.0

discovery.zen.minimum_master_nodes: 1

node.max_local_storage_nodes: 3

xpack.security.enabled: false

xpack.monitoring.enabled: true

xpack.ml.enabled: false

xpack.graph.enabled: false

xpack.watcher.enabled: false

xpack.monitoring.exporters:

id1:

type: http

host: ["https://127.0.0.1:9201"]

auth.username: monitor

auth.password: monitor

ssl:

  truststore.path: esnode.pem

  truststore.password: changeit

######## End Search Guard Demo Configuration ########

I’m getting the following exception:

Caused by: java.io.IOException: Invalid keystore format

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:?]

at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:?]

at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:?]

at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:?]

at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_92]

at org.elasticsearch.xpack.ssl.CertUtils.trustManager(CertUtils.java:187) ~[?:?]
···

On Thursday, January 11, 2018 at 3:46:42 AM UTC-6, Jochen Kressin wrote:

Please follow the X-Pack Monitoring instructions here:

http://docs.search-guard.com/latest/search-guard-xpack-monitoring

The demo configuration ships with the sg_xp_monitoring role suitable for Monitoring.

On Thursday, January 11, 2018 at 6:48:02 AM UTC+1, Adriano Santos wrote:

I have the following configuration in the logstash.yml but it is not able to authenticate to elastic search url with search guard for monitoring

xpack.monitoring.enabled: true

xpack.monitoring.elasticsearch.url: https://localhost:9201

xpack.monitoring.elasticsearch.username: logstash

xpack.monitoring.elasticsearch.password: logstash

What would be the correct configuration on logstash.yml to be able to monitor logstash and the pipelines in the monitoring tab?

Thanks,

Adriano

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

you need to build a java truststore from your pem or use xpack.monitoring.exporters.id1.ssl.certificate_authorities instead of xpack.monitoring.exporters.id1.ssl.truststore.path,
see https://www.elastic.co/guide/en/x-pack/5.2/monitoring-settings.html

I recommend you try xpack.monitoring.exporters.id1.ssl.certificate_authorities: root-ca.pem

···

Am 11.01.2018 um 16:45 schrieb Adriano Santos <adriano.santos@gmail.com>:

Hi Jochen,

   Thanks for you help.
   At this point I'm using the default configuration to test my environment.
   What should I use in the:

ssl:

   truststore.
path: esnode.pem
      truststore.password: change-it

This is what I have on search guard configuration:

######## Start Search Guard Demo Configuration ########

# WARNING: revise all the lines below before you go into production

searchguard.ssl.transport.pemcert_filepath: esnode.pem

searchguard.ssl.transport.pemkey_filepath: esnode-key.pem

searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true

searchguard.ssl.http.pemcert_filepath: esnode.pem

searchguard.ssl.http.pemkey_filepath: esnode-key.pem

searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem

searchguard.allow_unsafe_democertificates: true

searchguard.allow_default_init_sgindex: true

searchguard.authcz.admin_dn:

  - CN=kirk,OU=client,O=client,L=test, C=de

searchguard.audit.type: internal_elasticsearch

searchguard.enable_snapshot_restore_privilege: true

searchguard.check_snapshot_restore_write_privileges: true

searchguard.restapi.roles_enabled: ["sg_all_access"]

cluster.name: searchguard_demo

network.host: 0.0.0.0

discovery.zen.minimum_master_nodes: 1

node.max_local_storage_nodes: 3

xpack.security.enabled: false

xpack.monitoring.enabled: true

xpack.ml.enabled: false

xpack.graph.enabled: false

xpack.watcher.enabled: false

xpack.monitoring.exporters:

  id1:

    type: http

    host: ["https://127.0.0.1:9201"]

    auth.username: monitor

    auth.password: monitor

    ssl:

      truststore.path: esnode.pem

      truststore.password: changeit

######## End Search Guard Demo Configuration ########

I'm getting the following exception:

Caused by: java.io.IOException: Invalid keystore format

  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:?]

  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:?]

  at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:?]

  at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:?]

  at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_92]

  at org.elasticsearch.xpack.ssl.CertUtils.trustManager(CertUtils.java:187) ~[?:?]

On Thursday, January 11, 2018 at 3:46:42 AM UTC-6, Jochen Kressin wrote:
Please follow the X-Pack Monitoring instructions here:

http://docs.search-guard.com/latest/search-guard-xpack-monitoring

The demo configuration ships with the sg_xp_monitoring role suitable for Monitoring.

On Thursday, January 11, 2018 at 6:48:02 AM UTC+1, Adriano Santos wrote:
I have the following configuration in the logstash.yml but it is not able to authenticate to elastic search url with search guard for monitoring

xpack.monitoring.enabled: true

xpack.monitoring.elasticsearch.url: https://localhost:9201

xpack.monitoring.elasticsearch.username: logstash

xpack.monitoring.elasticsearch.password: logstash

What would be the correct configuration on logstash.yml to be able to monitor logstash and the pipelines in the monitoring tab?

Thanks,
Adriano

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
* Installed and used enterprise modules, if any
* JVM version and operating system version
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/eccc42ee-0dde-437f-a0c7-ca3e30c5c05c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.