1

I have ELK setup in my environment. Logstash and filebeat is running on a single machine. Kibana and elasticsearch is running on another machine.

The flow is working fine. Filebeat is able to harvest the logs and send it to logstash. And logstash is able to parse through the logs and send it to elasticsearch which is displayed and visualised in kibana.

Now i have to secure the communications. I was able to secure the communication between filebeat and logstash with self signed SSL certificates as shown below,

logstash.conf

input {
    beats {
        port => "5043"
        ssl => true
        ssl_certificate_authorities => "D:/Softwares/ELK/ELK_SSL_Certificates/testca/cacert.pem"
        ssl_certificate => "D:/Softwares/ELK/ELK_SSL_Certificates/server/cert.pem"
        ssl_key => "D:/Softwares/ELK/ELK_SSL_Certificates/server/pkcs8.key"
        #ssl_key_passphrase => "MySecretPassword"
        ssl_verify_mode => "force_peer"
    }
}

filebeat.yml

output.logstash:
    hosts: ["localhost:5043"]
    ssl.enabled: true
    ssl.certificate_authorities: ["D:/Softwares/ELK/ELK_SSL_Certificates/testca/cacert.pem"]
    ssl.certificate: "D:/Softwares/ELK/ELK_SSL_Certificates/client/cert.pem"
    ssl.key: "D:/Softwares/ELK/ELK_SSL_Certificates/client/pkcs8.key"

Now i have to secure logstash to elasticsearch to kibana. I tried using x-pack and later learnt that its not free. So i want to know which other free open source plugins are available

I am planning to go for searchguard.

My Requirements:

  1. have SSL communication between logstash->elasticsearch and elasticsearch->kibana.
  2. Have https support to connect to kibana,elasticsearch and logstash.
  3. Have username/password based login to elasticsearch and kibana.

Can i achieve all these things using searchguard. Please note that i dont have elasticsearch cluster.

srgbnd
  • 5,404
  • 9
  • 44
  • 80
vinod hy
  • 827
  • 2
  • 14
  • 26
  • I am working on windows.. Does searchguard support windows?? – vinod hy Jun 13 '17 at 12:44
  • I have started following the steps mentioned in the below link, – vinod hy Jun 13 '17 at 16:25
  • https://github.com/floragunncom/search-guard Since i am trying to use it on windows, i installed cygwin in order to run install_demo_configuration.sh file .. After installed cygwin, i was able to run **sh install_demo_configuration.sh**.. i am facing issue in the next step **sh sgadmin_demo.sh**. if i run, it gives the following error **Error: Could not find or load main class com.floragunn.searchguard.tools.SearchGuardAdmin** – vinod hy Jun 13 '17 at 16:32
  • can any one please help me in solving the error. i am not able to find solution online – vinod hy Jun 13 '17 at 16:33
  • Hi All, I was able to use x-pack and achieve the secured communication. Since x-pack is not free, i would liketo explore searchguard. I am working on windows. I also have openssl certificates with me. Please help me in solving the above error. – vinod hy Jun 26 '17 at 09:12
  • Hi, @vinod hy, Sorry I have really been sick this while and when I came back to work my boss gave some very urgent tasks to do. First I have no experience working on windows with searchgaurd. I have been doing that on ubuntu 14.04 and 16.04 since then. Not sure if it is system dependent. – berrytchaks Jun 26 '17 at 09:56
  • @berrytchaks.. Its ok.np.can you please tell me if u have any idea on the error which i have mentioned above. **could not find or load main class** – vinod hy Jun 26 '17 at 10:13
  • SG is written in Java and generally this exception occurs when either there are more than two classes with the main function or there was a problem assembling the classes in the jar. Please try opening the jar assemble and check if the com.floragunn.searchguard.tools.SearchGuardAdmin is present. – berrytchaks Jun 26 '17 at 10:24
  • @berrytchaks .. Yes.. I can see ** **com.floragunn.searchguard.tools.SearchGuardAdmin** in **search-guard-5-5.4.0-12.jar**. – vinod hy Jun 27 '17 at 09:57
  • Can you try using the cmd shell that comes with git as described by the user **srholt18** on this [link](https://groups.google.com/forum/#!topic/search-guard/eKPSX2Vy6WI) – berrytchaks Jun 27 '17 at 10:03
  • @berrytchaks .. i am trying to run sgadmin.sh using sh. But as per the link you have shared,he is using sgadmin.bat. – vinod hy Jun 27 '17 at 10:23
  • Is using `sgadmin.bat` as a work around solution an option? – berrytchaks Jun 27 '17 at 10:27
  • I think searchguard gives both .sh as well as .bat files. Basically its a common package which provides the script files for both windows and linux. Using sgadmin.bat for windows is not a workaround. But its preferred approach. using sgadmin.bat accepts some input parameters where was sgadmin.sh doesnt accept any. Thats the reason i am using sgadmin,sh since its simpler to use. – vinod hy Jun 27 '17 at 10:32
  • And i modified the sgadmin.bat as suggested in the link. Now i get another error as below, sh sgadmin.bat Error: A JNI error has occurred, please check your installation and try again Exception in thread "main" java.lang.NoClassDefFoundError: org/elasticsearch/client/transport/NoNodeAvailableException – vinod hy Jun 27 '17 at 10:37
  • @berrytchaks .. I have created a new link. https://stackoverflow.com/questions/44883719/searchguard-for-ssl-communication-in-elk .. please give your inputs here – vinod hy Jul 03 '17 at 11:11
  • @berrytchaks .. May i please know ur mail id.. i have setup searchguard on my machine. I have some quieries w.r.t certificates usage. We will discuss. – vinod hy Jul 05 '17 at 07:40
  • Sure! berrytchaks@gmail.com – berrytchaks Jul 05 '17 at 09:44

0 Answers0