Hy
I try to combined SearchGuard with X-Pack Monitoring Basic Edition
Everyting are well expect when I go to Kibana with the built-in admin user:
You are not authorized to access Monitoring. To use Monitoring, you
need the privileges granted by both the kibana_user and
monitoring_user roles.
The ES metric collection works, I can see it as
both
.monitoring-es-6-yyyy.MM.dd
and
.monitoring-kibana-6-yyyy.MM.dd
get documents
What role to set for the built-in admin in SG?
Thanks
Jozsef
The admin user has all permissions on all indices, so you should be able to use monitoring with this user without any problem. If you try to access monitoring and the error message appears, what error message do you see in the elasticsearch logs? Can you post the logfile?
If you use SG6, the monitoring user needs the following two roles:
sg_kibana_user
sg_xp_monitoring
But like I said, the admin user should work as well.
On Friday, December 29, 2017 at 1:41:11 PM UTC+1, Jozsef Basa wrote:
Hy
I try to combined SearchGuard with X-Pack Monitoring Basic Edition
Everyting are well expect when I go to Kibana with the built-in admin user:
You are not authorized to access Monitoring. To use Monitoring, youneed the privileges granted by both the
kibana_userand
monitoring_userroles.
The ES metric collection works, I can see it as
both
.monitoring-es-6-yyyy.MM.dd
and
.monitoring-kibana-6-yyyy.MM.dd
get documents
What role to set for the built-in admin in SG?
Thanks
Jozsef
Hi Jochen,
Happy New Year!!!
Please help me otherwise I go mad 
I attached the es log
and kibana log:
{“type”:“response”,“@timestamp”:“2018-01-03T06:37:11Z”,“tags”:,“pid”:28407,“method”:“post”,“statusCode”:403,“req”:{“url”:“/api/monitoring/v1/clusters”,“method”:“post”,“headers”:{“host”:“new-elastic-act4:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0”,“accept”:“application/json, text/plain, /”,“accept-language”:“hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3”,“accept-encoding”:“gzip, deflate”,“referer”:“http://new-elastic-act4:5601/app/monitoring",“content-type”:“application/json;charset=utf-8”,“kbn-version”:“5.6.2”,“content-length”:“81”,“connection”:“keep-alive”},“remoteAddress”:“10.112.236.64”,“userAgent”:“10.112.236.64”,“referer”:“http://new-elastic-act4:5601/app/monitoring”},“res”:{“statusCode”:403,“responseTime”:14,“contentLength”:9},“message”:"POST /api/monitoring/v1/clusters 403 14ms - 9.0B”}
{“type”:“request”,“@timestamp”:“2018-01-03T06:37:14Z”,“tags”:[“monitoring-ui”,“error”],“pid”:28407,“level”:“error”,“message”:“Authentication Exception”,“error”:{“message”:“Authentication Exception”,“name”:“Error”,“stack”:“Authentication Exception :: {"path":"/.monitoring-es-2-%2C.monitoring-es-6-/_search","query":{"filter_path":"hits.hits._source.cluster_uuid,hits.hits._source.cluster_name,hits.hits._source.version,hits.hits._source.license,hits.hits._source.cluster_stats,hits.hits._source.cluster_state"},"body":"{\"size\":10000,\"query\":{\"bool\":{\"filter\":[{\"bool\":{\"should\":[{\"term\":{\"_type\":\"cluster_stats\"}},{\"term\":{\"type\":\"cluster_stats\"}}]}},{\"range\":{\"timestamp\":{\"format\":\"epoch_millis\",\"gte\":1514957834822,\"lte\":1514961434822}}}]}},\"collapse\":{\"field\":\"cluster_uuid\"},\"sort\":{\"timestamp\":{\"order\":\"desc\"}}}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:295:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:254:7)\n at HttpConnector. (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)\n at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:974:12)\n at _combinedTickCallback (internal/process/next_tick.js:80:11)\n at process._tickDomainCallback (internal/process/next_tick.js:128:9)”}}
{“type”:“response”,“@timestamp”:“2018-01-03T06:37:14Z”,“tags”:,“pid”:28407,“method”:“post”,“statusCode”:403,“req”:{“url”:“/api/monitoring/v1/clusters”,“method”:“post”,“headers”:{“host”:“new-elastic-act4:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0”,“accept”:“application/json, text/plain, /”,“accept-language”:“hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3”,“accept-encoding”:“gzip, deflate”,“referer”:“http://new-elastic-act4:5601/app/monitoring",“content-type”:“application/json;charset=utf-8”,“kbn-version”:“5.6.2”,“content-length”:“81”,“connection”:“keep-alive”},“remoteAddress”:“10.112.236.64”,“userAgent”:“10.112.236.64”,“referer”:“http://new-elastic-act4:5601/app/monitoring”},“res”:{“statusCode”:403,“responseTime”:12,“contentLength”:9},“message”:"POST /api/monitoring/v1/clusters 403 12ms - 9.0B”}
Best Regards
new-act-elastic.7z (152 KB)