Hello there,
I set up Search-Guard with our proxy servers according to the Search-Guard documents.
I can start elasticsearch, kibana, and logstash withtout issue, https://:9200 works fine.
But when I tried to log on to Kibana URL (https://:5601, I was not asked to put in my userID and password, and logged on to Kibana.
If I tried to log onto https://:5601/login, I got: {“statusCode”:404,“error”:“Not Found”,“message”:“Not Found”}.
Here is the portion of the kibana log for the above two situation:
{“type”:“response”,“@timestamp”:“2018-09-19T03:32:32Z”,“tags”:,“pid”:25130,“method”:“get”,“statusCode”:200,“req”:{“url”:“/ui/favicons/favicon-16x16.png”,“method”:“get”,“headers”:{“host”:“:5601”,“connection”:“keep-alive”,“user-agent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“accept”:“image/webp,image/apng,image/,/;q=0.8",“referer”:“https://:5601/app/kibana”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“”,“userAgent”:“”,“referer”:“https://:5601/app/kibana”},“res”:{“statusCode”:200,“responseTime”:3,“contentLength”:9},“message”:“GET /ui/favicons/favicon-16x16.png 200 3ms - 9.0B”}
{“type”:“response”,“@timestamp”:“2018-09-19T03:32:38Z”,“tags”:[],“pid”:25130,“method”:“get”,“statusCode”:404,“req”:{“url”:“/login?nextUrl=%2F”,“method”:“get”,“headers”:{“host”:“:5601”,“connection”:“keep-alive”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“accept”:"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8",“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“”,“userAgent”:“”},“res”:{“statusCode”:404,“responseTime”:4,“contentLength”:9},“message”:“GET /login?nextUrl=%2F 404 4ms - 9.0B”}
{“type”:“response”,“@timestamp”:“2018-09-19T03:34:50Z”,“tags”:[],“pid”:25130,“method”:“get”,“statusCode”:404,“req”:{“url”:“/login”,“method”:“get”,“headers”:{“host”:“:5601”,“connection”:“keep-alive”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“accept”:"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/*;q=0.8”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“”,“userAgent”:“”},“res”:{“statusCode”:404,“responseTime”:5,“contentLength”:9},“message”:“GET /login 404 5ms - 9.0B”}
I also attached the kibana.yml, elasticsearch.yml,. sg_config.yml for your review. If additional data is needed, please let us know.
Please help and we need to get this resolved so we can move forward.
Thanks alot in advance
Li
kibana.yml (658 Bytes)
elasticsearch.yml (1.13 KB)
sg_config.yml (1.03 KB)