[2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58182 [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:45.475-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:45.476-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58182 [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58190 [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:45.534-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:45.535-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:45.555-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58182 [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-data-2] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-data-2] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-data-2] to [.monitoring-data-2] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:45.556-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:45.557-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:45.557-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:45.557-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:45.562-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58176 [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:46.019-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:46.020-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58178 [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:46.023-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:46.024-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.032-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58176 [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:46.033-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:46.035-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.035-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.035-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.035-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.035-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.035-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget from 10.61.1.1:58178 [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetRequest$Item [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.036-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana' and indices:data/read/mget, skip other roles [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget[shard] from 10.61.1.1:58178 [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetShardRequest [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.037-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:46.038-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/mget[shard]' [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:46.039-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:46.040-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:46.041-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58176 [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:46.044-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58178 [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:46.047-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.048-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=config]]' [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:46.049-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:46.563-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:46.691-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/get from 10.61.1.1:58492 [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.GetRequest [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] requestedTenant: C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] is user tenant: true [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] request class org.elasticsearch.action.get.GetRequest [2017-07-21T14:16:46.692-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] .kibana index will be replaced with .kibana_-1045243716_cusdcedudcvtstvirginialblacksburgovirginiapolytechnicinstituteandstateuniversityoumiddlewareclientoudivisionofit2545130d31343636303938373433393438cnlogview in this org.elasticsearch.action.get.GetRequest request [2017-07-21T14:16:47.056-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:47.058-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:47.566-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:47.660-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:47.660-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:47.660-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:47.660-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:47.660-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:47.660-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:47.669-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:47.669-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:47.669-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:47.669-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:47.669-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:47.669-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:48.059-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58190 [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.060-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58182 [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58190 [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:48.063-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.064-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58190 [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-data-2] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-data-2] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-data-2] to [.monitoring-data-2] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.070-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58176 [2017-07-21T14:16:48.554-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.555-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:48.558-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58178 [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.559-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58176 [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:48.567-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget from 10.61.1.1:58178 [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetRequest$Item [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.569-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana' and indices:data/read/mget, skip other roles [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget[shard] from 10.61.1.1:58178 [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetShardRequest [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.570-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/mget[shard]' [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.571-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:48.572-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58176 [2017-07-21T14:16:48.574-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:48.575-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58178 [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:48.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=config]]' [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:48.580-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:49.325-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:49.329-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:49.568-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:50.570-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:50.575-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:50.575-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:50.575-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:50.575-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58182 [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:50.576-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:50.630-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58190 [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:50.631-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58182 [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:50.633-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:50.634-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:50.634-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:50.634-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:50.634-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58182 [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-data-2] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-data-2] [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-data-2] to [.monitoring-data-2] [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:50.639-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:50.640-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:50.640-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:50.640-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:50.640-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:50.640-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:50.640-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:51.087-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:51.087-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:51.087-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58176 [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:51.088-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:51.089-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:51.091-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58178 [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:51.092-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:51.098-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58176 [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:51.099-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:51.101-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:51.101-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:51.101-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:51.101-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:51.101-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:51.101-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget from 10.61.1.1:58178 [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetRequest$Item [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana' and indices:data/read/mget, skip other roles [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget[shard] from 10.61.1.1:58178 [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetShardRequest [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:51.102-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/mget[shard]' [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:51.103-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:51.104-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58176 [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:51.107-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58178 [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.110-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=config]]' [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:51.111-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:51.112-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:51.556-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:51.558-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:51.572-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:52.574-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58190 [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.145-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:53.146-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.146-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.146-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58190 [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.150-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58182 [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.151-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58190 [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-data-2] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-data-2] [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-data-2] to [.monitoring-data-2] [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.158-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.159-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58278 [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-data-2] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-data-2] [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-data-2] to [.monitoring-data-2] [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.539-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-data-2] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-data-2* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-data-2] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-data-2* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.540-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-data-2, type=*]]' [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-data-2] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-data-2] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-data-2* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-data-2: [] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.541-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.542-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.542-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58272 [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-*] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.549-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-*] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-*] to [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.17* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.18* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.15* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.16* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.19* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.20* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.550-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.17* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.18* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.15* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.16* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.19* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.20* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.551-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.17* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.18* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.15* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.16* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.19* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.20* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.552-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/field_stats from 10.61.1.1:58268 [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-*] from class org.elasticsearch.action.fieldstats.FieldStatsRequest [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=39, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-*] [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-*] to [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.563-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/field_stats against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.17* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.18* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.15* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.16* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.19* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.20* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.564-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/field_stats against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.17* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.18* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.15* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.16* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.19* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.20* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/field_stats' [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/field_stats against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.17, .monitoring-es-2-2017.07.18, .monitoring-es-2-2017.07.15, .monitoring-es-2-2017.07.16, .monitoring-es-2-2017.07.19, .monitoring-es-2-2017.07.20, .monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/field_stats against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.17* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.18* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.15* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.16* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.19* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.20* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.565-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.17: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.18: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.15: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.16: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.19: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.20: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.566-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.19, type=*], IndexType [index=.monitoring-es-2-2017.07.15, type=*], IndexType [index=.monitoring-es-2-2017.07.16, type=*], IndexType [index=.monitoring-es-2-2017.07.17, type=*], IndexType [index=.monitoring-es-2-2017.07.18, type=*], IndexType [index=.monitoring-es-2-2017.07.20, type=*], IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.575-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58276 [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.577-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]]' [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.578-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.579-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_state]] [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58300 [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.592-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58270 [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=39, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58278 [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.594-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.596-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.597-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.597-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.597-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.597-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.597-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.597-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58298 [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=39, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.598-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.599-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.600-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.601-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.602-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=39, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.593-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.595-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58268 [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58274 [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=39, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.603-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]]' [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.605-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.606-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=cluster_stats]] [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58272 [2017-07-21T14:16:53.608-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.609-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]]' [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.611-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.612-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=index_recovery]] [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.613-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.604-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.610-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.614-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=shards]]' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.616-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant '__user__' [2017-07-21T14:16:53.615-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58302 [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-es-2-2017.07.21] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=39, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-es-2-2017.07.21] to [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.617-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: '__user__' [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=shards]] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:*] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?monitoring*', evaluate other roles [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?reporting*', evaluate other roles [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.monitoring-es-2-2017.07.21, type=*]]' [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.618-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?monitoring*: [.monitoring-es-2-2017.07.21] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?monitoring*, will check now types [*] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?monitoring*/*: [indices:data/read*] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .monitoring-es-2-2017.07.21* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?monitoring*', evaluate other roles [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.log*', evaluate other roles [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .monitoring-es-2-2017.07.21: [] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] dls query {"match_all" : {}} for [log_netrecon-2017.07.16, log_syslog_tmm-2017.07.20, log_netflow-2017.07.20, log_packetfilter-2017.07.18, log_httpd-2017.07.21, log_syslog-2017.07.16, log_syslog_tmm-2017.07.19, log_winevent-2017.07.15, log_winevent-2017.07.16, log_syslog_aaa-2017.07.16, log_netflow-2017.07.16, log_httpd-2017.07.20, logstash-2017.07.21, log_syslog_aaa-2017.06.08, log_syslog_sshd-2017.07.19, log_syslog-2017.07.20, log_netrecon-2017.07.20, log_netrecon-2017.07.21, log_netrecon-2017.07.15, log_syslog_pam_asg-2017.07.18, log_httpd-2017.07.18, log_syslog_dhcpd-2017.07.17, log_syslog_asa-2017.06.08, logstash-2017.07.19, log_winevent-2017.07.21, log_ids-2017.06.08, log_syslog_aaa-2017.07.15, log_syslog_asa-2017.07.16, log_syslog_aaa-2017.07.19, log_syslog_asa-2017.07.18, log_syslog_tmm-2017.07.15, log_syslog-2017.06.08, log_syslog_oracle-2017.07.21, log_syslog_pam_asg-2017.07.19, log_fireeye-2017.07, log_syslog_sshd-2017.07.20, log_netrecon-2017.07.19, log_ids-2017.07.16, log_mail-2017.06.08, log_ids-2017.07.15, log_syslog_sshd-2017.07.18, log_syslog_ldap-2017.07.15, log_syslog_tmm-2017.07.16, log_syslog_dhcpd-2017.07.18, log_syslog_oracle-2017.06.08, log_syslog_ldap-2017.07.16, log_mail-2017.07.21, log_syslog_dhcpd-2017.07.16, log_syslog_ldap-2017.07.21, log_httpd-2017.07.16, log_syslog_aaa-2017.07.20, log_mail-2017.07.17, log_syslog_oracle-2017.07.15, log_netflow-2017.07.17, log_syslog_dhcpd-2017.07.20, log_syslog_ldap-2017.07.20, log_netflow-2017.07.15, log_packetfilter-2017.07.16, log_fireeye-2017.06, log_syslog_ldap-2017.07.18, log_ids-2017.07.20, log_syslog_dhcpd-2017.07.21, log_syslog_tmm-2017.07.18, log_packetfilter-2017.07.17, log_ids-2017.07.18, log_httpd-2017.07.15, log_syslog_tmm-2017.07.17, log_syslog_oracle-2017.07.18, log_netrecon-2017.07.18, log_packetfilter-2017.07.21, log_syslog_oracle-2017.07.17, log_syslog-2017.07.15, log_syslog-2017.07.22, log_syslog_aaa-2017.07.17, log_syslog_oracle-2017.07.16, log_mail-2017.07.15, log_netflow-2017.07.21, logstash-2017.07.18, log_syslog_sshd-2017.07.15, log_syslog_oracle-2017.07.20, log_netrecon-2017.07.17, log_syslog_sshd-2017.07.16, log_syslog_asa-2017.07.19, log_ids-2017.07.17, log_mail-2017.07.20, log_syslog_dhcpd-2017.06.08, log_syslog_asa-2017.07.15, log_syslog_asa-2017.07.20, logstash-2017.07.20, log_syslog_dhcpd-2017.07.15, log_syslog_pam_asg-2017.07.15, log_mail-2017.07.16, log_syslog_ldap-2017.06.08, log_syslog_asa-2017.07.21, log_syslog_pam_asg-2017.07.20, log_syslog_tmm-2017.06.08, log_syslog_aaa-2017.07.21, log_syslog_pam_asg-2017.07.21, log_syslog_asa-2017.07.17, log_packetfilter-2017.07.15, log_ids-2017.07.21, log_syslog_tmm-2017.07.21, log_mail-2017.07.18, log_syslog_sshd-2017.07.17, log_mail-2017.07.19, log_winevent-2017.07.20, log_winevent-2017.07.18, log_packetfilter-2017.07.19, log_netflow-2017.07.19, log_syslog_dhcpd-2017.07.19, log_packetfilter-2017.07.20, log_httpd-2017.07.19, logstash-2017.07.16, log_syslog-2017.07.17, log_syslog_sshd-2017.06.08, log_syslog_ldap-2017.07.17, logstash-2017.07.15, log_syslog_oracle-2017.07.19, log_syslog-2017.07.21, log_winevent-2017.07.17, log_syslog_pam_asg-2017.07.17, log_syslog_ldap-2017.07.19, log_httpd-2017.07.17, logstash-2017.07.17, log_netflow-2017.07.18, logstash-2017.06.08, log_syslog_aaa-2017.07.18, log_httpd-2017.06.08, log_netflow-2017.06.08, log_packetfilter-2017.06.08, log_syslog-2017.07.19, log_ids-2017.07.19, log_syslog_pam_asg-2017.07.16, log_syslog-2017.07.18, log_winevent-2017.07.19, log_syslog_sshd-2017.07.21] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?kibana* [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[IndexType [index=.monitoring-es-2-2017.07.21, type=*]] [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.619-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.621-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.621-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58176 [2017-07-21T14:16:53.621-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:53.621-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:53.621-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.622-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58178 [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.625-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:53.663-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58176 [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:53.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget from 10.61.1.1:58178 [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetRequest$Item [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana' and indices:data/read/mget, skip other roles [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget[shard] from 10.61.1.1:58178 [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetShardRequest [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.676-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.677-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/mget[shard]' [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:53.678-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:53.679-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58176 [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:53.699-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:53.700-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:53.703-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:53.703-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:53.703-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:53.703-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:53.703-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:53.703-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58178 [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:53.704-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=config]]' [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:53.705-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:53.706-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:53.706-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:53.766-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:53.779-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:53.996-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:54.577-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:55.578-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-warm-dev-02.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:55.663-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:55.663-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:55.663-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58182 [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:55.664-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58182 [2017-07-21T14:16:55.666-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58190 [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:55.667-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58182 [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.monitoring-data-2] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.monitoring-data-2] [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.monitoring-data-2] to [.monitoring-data-2] [2017-07-21T14:16:55.674-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.monitoring-data-2, type=*]] [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:55.675-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:56.113-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:56.120-0400][DEBUG][com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator] Treat certificate with principal 'DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-hot-dev-01.cc.vt.edu.mgt' as other node because of it matches one of [/DC=edu,DC=vt,DC=it,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /DC=edu,DC=vt,DC=it,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logstore-(hot|warm|master)-dev-[0-9][0-9].cc.vt.edu.mgt/, /O=Virginia Polytechnic Institute and State University,OU=LAA,CN=logview-dev-[0-9][0-9].cc.vt.edu.mgt/] [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/main from 10.61.1.1:58176 [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.main.MainRequest is not an IndicesRequest [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:56.210-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/main, check next role [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:56.211-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/main, skip other roles [2017-07-21T14:16:56.212-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:56.212-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:56.212-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:56.212-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:56.212-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:56.212-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58178 [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:56.213-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:56.220-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:56.220-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:56.220-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:56.220-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:56.220-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:56.220-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/nodes/info from 10.61.1.1:58176 [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] class org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest is not an IndicesRequest [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=_all, type=*]] [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/nodes/info, check next role [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:56.221-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget from 10.61.1.1:58178 [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetRequest$Item [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.223-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana' and indices:data/read/mget, skip other roles [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/mget[shard] from 10.61.1.1:58178 [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.get.MultiGetShardRequest [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=48, ignore_unavailable=false, allow_no_indices=false, expand_wildcards_open=false, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=false, forbid_closed_indices=true] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.224-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:*] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:56.225-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/mget[shard]' [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=*]]' [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/mget[shard] against ?kibana*/*: [indices:data/read/get*, indices:data/write/delete*, indices:admin/exists*, indices:admin/refresh*, indices:data/read/mget*, indices:data/read/search*, indices:data/write/update*, indices:admin/validate/query*, indices:admin/mappings/fields/get*, indices:data/read*, indices:admin/mapping/put*, indices:data/write/index*, indices:data/write*, indices:admin/get*] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_public.?kibana*', evaluate other roles [2017-07-21T14:16:56.226-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_public=>[] [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested cluster:monitor/health from 10.61.1.1:58176 [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=7, ignore_unavailable=true, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=false] [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=*]] [2017-07-21T14:16:56.229-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[indices:admin/aliases/exists*, indices:data/read/msearch, indices:data/read/coordinate-msearch*, indices:admin/aliases/get*, indices:data/read/mget, indices:data/read/mtv] [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] not match found a match for 'sg_kibana' and cluster:monitor/health, check next role [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved cluster actions:[cluster:admin/xpack/monitoring/bulk, indices:data/read/msearch, indices:admin/template/put, cluster:admin/ingest/pipeline/get, indices:admin/get, indices:data/read/mget, indices:admin/aliases/exists*, indices:admin/aliases*, indices:data/read/coordinate-msearch*, indices:admin/template/get, indices:data/write/bulk, indices:admin/aliases/get*, indices:data/read/mtv, cluster:monitor/*] [2017-07-21T14:16:56.230-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server' and cluster:monitor/health, skip other roles [2017-07-21T14:16:56.232-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http proxy [2017-07-21T14:16:56.232-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] 'ElasticsearchSecurityException[xff not done]' extracting credentials from proxy authenticator [2017-07-21T14:16:56.232-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http clientcert [2017-07-21T14:16:56.232-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' is in cache? true (cache size: 3) [2017-07-21T14:16:56.232-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] User 'User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]]' is authenticated [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] sg_tenant 'null' [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, roles=[]] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested indices:data/read/search from 10.61.1.1:58178 [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve [.kibana] from class org.elasticsearch.action.search.SearchRequest [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indicesOptions IndicesOptions[id=38, ignore_unavailable=false, allow_no_indices=true, expand_wildcards_open=true, expand_wildcards_closed=false, allow_alisases_to_multiple_indices=true, forbid_closed_indices=true] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] raw indices [.kibana] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolved [.kibana] to [.kibana] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requested resolved indextypes: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] mapped roles for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [sg_kibana, sg_kibana_server, sg_own_index, sg_pre_laa_readall, sg_public] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl] raw requestedTenant: 'null' [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against */*: [indices:admin/mappings/fields/get*, indices:data/read*] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.*', evaluate other roles [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match .kibana* in [] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana.?kibana*', evaluate other roles [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana=>[] [2017-07-21T14:16:56.233-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_kibana_server [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?reporting* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?reporting* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?reporting* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_kibana_server.?kibana*', evaluate other roles [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_kibana_server=>[] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_own_index [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Resolve and match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no permittedAliasesIndex 'C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview' found for 'indices:data/read/search' [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] permittedAliasesIndices '{C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview=org.elasticsearch.common.settings.Settings@5eed}' -> '{*.0=ALL}' [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] requestedResolvedIndexTypes '[IndexType [index=.kibana, type=config]]' [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] resolved permitted aliases indices for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview: [C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview, will check now types [*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview/*: [indices:*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] no match C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview* in [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index C=US,DC=edu,DC=vt,ST=Virginia,L=Blacksburg,O=Virginia Polytechnic Institute and State University,OU=Middleware-Client,OU=Division of IT,2.5.4.5=#130d31343636303938373433393438,CN=logview remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_own_index=>[IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_pre_laa_readall [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for * [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for *: [.kibana] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for *, will check now types [*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?monitoring* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for ?monitoring* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?monitoring* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for log* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] No wildcard match found for log* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index log* remaining requested indextype: [IndexType [index=.kibana, type=config]] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] match requested action indices:data/read/search against ?kibana*/*: [indices:admin/*, indices:admin/mapping/put, indices:data/write/update*, indices:data/write/index*, indices:monitor/*, indices:data/read*] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] removed .kibana* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] For index ?kibana* remaining requested indextype: [] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Aliases for .kibana: [] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] found a match for 'sg_pre_laa_readall.?kibana*', evaluate other roles [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Added to leftovers sg_pre_laa_readall=>[] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] ---------- evaluate sg_role: sg_public [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Try wildcard match for ?kibana* [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] Wildcard match for ?kibana*: [.kibana] [2017-07-21T14:16:56.234-0400][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] matches for ?kibana*, will check now types [*] [2017-07-21T14:16:56.235-0400][DEBUG][com.florag