Send logs to elasticsearch with https disabled.
I have older application which was sending logs to elasticsearch on port 9200, now when it comes to opendistro elasticsearch https is enabled and username, password or ssl certs becomes mandatory because of security plugin.
my application does not have option to configure certs or use username and password, it allows to configure elasticseach ip and port alone.
Now I am not able to get logs from that application.
Remove security plugin from elasticsearch as well as kibana
But we want to use other features of security plugin.
So is there any way to disable https or any configuration i can get logs from my older application by configuring just IP and PORT?
Moved to security category.
You can prefix the the URL with the username as such:
Works for me on my app with any connection.
Alternatively, you can use basic authorization (user:pass as base64) as a header on a post request if you prefer
Do you use Kibana and your app at the same time?
Yes, we use kibana and app same time. we perform actions in a app and check whether we received logs or not.
in opendistro security documentation, I found out below configuration which allows anonymous users and configure http.
xff: # optional section
internalProxies: <string> # Regex pattern
remoteIpHeader: <string> # Name of the header in which to look. Typically: x-forwarded-for
trustedProxies: <string> # Regex pattern
can this configuration be used for my purpose? but I did not find any proper example for this configuration.
can anybody give example for above configuration?
Reference: Backend Configuration - Open Distro Documentation
You’re correct, the OpenDistro documentation doesn’t contain the anonymous authentication config.
Also, you’re correct that anonymous authentication could be the solution for you.
To enable anonymous authentication in ES and Kibana of ODFE stack, you have to set:
ODFE has the built-in
opendistro_security_anonymous user which has insufficient privileges to allow Kibana to connect with ES. Therefore you need to configure role and role mapping. Please find the example below.
- add following in role.yml
- add following in roles_mapping.yml
Please be aware that the above example gives admin access to the anonymous user. You can fine-tune this setting to suit your needs.
Also, there is a bug in ODFE where the default Kibana URL (https://kibana:5601) will lead you to the login screen. As a workaround please use https://kibana:5601/auth/anonymous.
This issue has been fixed in OpenSearch.
yes, this has solved our issue.
in addition to above, we disable HTTP settings from elasticsearch.yml