How to organize login+password authorization in elasticsearch+kibana (CentOS 6.5)?

Z

Zgmnd2014-03-25 20:48:20

User identification

Zgmnd, 2014-03-25 20:48:20

Greetings.
Deployed a centralized logging system (Elasticsearch+logstash+kibana+NxLog).
And the question arose that different users need to receive information about different logs (even from the same machine - I will describe an example below).
There is a certain server on which Nginx + PHP-FPM + MySQL is installed, all the logs of which (servers) are sent to Logstash and displayed in Kibana. One user only needs access to the MySQL logs, another to the kernel logs, and a third to the Nginx logs.
How can such an authorization be deployed?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

Pavel Khorikov, 2016-11-16
@Horik_off

There are two options -
1. If the ELK stack hangs on kibana, then you can do basic authorization on the Nginx config. But usually this is not enough, people want each individual user to see only their own metrics / data, so
2. X-Pack is a plugin for the web interface to the stack from the developers of the stack itself. You can create roles and users to change passwords and privileges. But it is partially paid, but if you are only interested in the functionality of authorization and distribution of roles (it can still send notifications and generate reports), then it should be enough.
It's easy
bin/elasticsearch-plugin install x-packto set up - put it on the Elastic server
bin/kibana-plugin install x-pack- put it on Kibana
After installation, a window will appear for entering a login and password.
Default login/password - elastic/changeme
It should look like this after successful installation.

S

Sergey_mur, 2018-04-03
@Sergey_mur

stumbled across this thread by accident. decided to add an answer taking into account the current realities. now authorization in x-pack is available only for money. use searchguard