How can I send logs to elasticsearch without username and password. But with enabled security plugin

Send logs to elasticsearch with https disabled.

I have older application which was sending logs to elasticsearch on port 9200, now when it comes to opendistro elasticsearch https is enabled and username, password or ssl certs becomes mandatory because of security plugin.
my application does not have option to configure certs or use username and password, it allows to configure elasticseach ip and port alone.
Now I am not able to get logs from that application.

One solution:
Remove security plugin from elasticsearch as well as kibana
But we want to use other features of security plugin.

So is there any way to disable https or any configuration i can get logs from my older application by configuring just IP and PORT?

Moved to security category.

You can prefix the the URL with the username as such:
Https://[user]:[pass]@elasticurl:port

Works for me on my app with any connection.
Alternatively, you can use basic authorization (user:pass as base64) as a header on a post request if you prefer

@disha27

Do you use Kibana and your app at the same time?

Yes, we use kibana and app same time. we perform actions in a app and check whether we received logs or not.

in opendistro security documentation, I found out below configuration which allows anonymous users and configure http.

anonymous_auth_enabled: <true|false>
xff: # optional section
  enabled: <true|false>
  internalProxies: <string> # Regex pattern
  remoteIpHeader: <string> # Name of the header in which to look. Typically: x-forwarded-for
  proxiesHeader: <string>
  trustedProxies: <string> # Regex pattern

can this configuration be used for my purpose? but I did not find any proper example for this configuration.
can anybody give example for above configuration?

Reference: Backend Configuration - Open Distro Documentation

@disha27

You’re correct, the OpenDistro documentation doesn’t contain the anonymous authentication config.
Also, you’re correct that anonymous authentication could be the solution for you.

To enable anonymous authentication in ES and Kibana of ODFE stack, you have to set:

  • in config.yml

anonymous_auth_enabled: true

  • in kibana.yml

Comment out

opendistro_security.auth.type:

and set

opendistro_security.auth.anonymous_auth_enabled: true

ODFE has the built-in opendistro_security_anonymous user which has insufficient privileges to allow Kibana to connect with ES. Therefore you need to configure role and role mapping. Please find the example below.

  • add following in role.yml
opendistro_security_anonymous:
  cluster_permissions:
  - "unlimited"
  index_permissions:
  - index_patterns:
    - "*"
    allowed_actions:
    - "unlimited"
  tenant_permissions:
  - tenant_patterns:
    - "global_tenant"
    allowed_actions:
    - "kibana_all_write"
  • add following in roles_mapping.yml
opendistro_security_anonymous:
  backend_roles:
  - "opendistro_security_anonymous_backendrole"

Please be aware that the above example gives admin access to the anonymous user. You can fine-tune this setting to suit your needs.

Also, there is a bug in ODFE where the default Kibana URL (https://kibana:5601) will lead you to the login screen. As a workaround please use https://kibana:5601/auth/anonymous.

This issue has been fixed in OpenSearch.

1 Like

yes, this has solved our issue.
in addition to above, we disable HTTP settings from elasticsearch.yml

opendistro_security.ssl.http.enabled: false