<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Should it work if I just add a security filters to allow syslog-ng system ? <div class=""><br class=""></div><div class="">Trying these and so far no luck.</div><div class=""><a href="https://www.elastic.co/guide/en/x-pack/5.0/ip-filtering.html" class="">https://www.elastic.co/guide/en/x-pack/5.0/ip-filtering.html</a></div><div class=""><br class=""></div><div class=""><pre class="lang-yaml prettyprint prettyprinted programlisting" style="box-sizing: border-box; overflow: auto; font-family: Consolas, Menlo, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console'; font-size: 16px; display: inline-block; padding: 8px 0px 8px 18px; margin-top: 0px; margin-bottom: 0px; line-height: 1.5em; word-break: break-word; word-wrap: break-word; color: rgb(51, 51, 51); background-color: rgb(240, 240, 240); border: none; border-top-left-radius: 4px; border-top-right-radius: 5px; border-bottom-right-radius: 5px; border-bottom-left-radius: 4px; width: auto; max-width: 10000px; font-variant-ligatures: normal; orphans: 2; widows: 2;"><span class="pln" style="box-sizing: border-box; color: rgb(0, 0, 0);">xpack.security.http.filter.</span><span class="kwd" style="box-sizing: border-box; color: rgb(0, 0, 136);">allow: </span><span class="pln" style="box-sizing: border-box; color: rgb(0, 0, 0);">localhost
</span></pre></div><div class=""><pre class="lang-yaml prettyprint prettyprinted programlisting" style="box-sizing: border-box; overflow: auto; font-family: Consolas, Menlo, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console'; font-size: 16px; display: inline-block; padding: 8px 0px 8px 18px; margin-top: 0px; margin-bottom: 0px; line-height: 1.5em; word-break: break-word; word-wrap: break-word; color: rgb(51, 51, 51); background-color: rgb(240, 240, 240); border: none; border-top-left-radius: 4px; border-top-right-radius: 5px; border-bottom-right-radius: 5px; border-bottom-left-radius: 4px; width: auto; max-width: 10000px; font-variant-ligatures: normal; orphans: 2; widows: 2;"><span class="pln" style="box-sizing: border-box; color: rgb(0, 0, 0);"><br class=""></span></pre></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Oct 5, 2016, at 12:11 PM, Fabien Wernli <<a href="mailto:wernli@in2p3.fr" class="">wernli@in2p3.fr</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hi,<br class=""><br class="">On Wed, Oct 05, 2016 at 11:39:28AM -0400, Scot Needy wrote:<br class=""><blockquote type="cite" class="">I know its not officially supported. This is a test system at home running CentOS7, syslog-ng 3.8 from repo and the latest 5.0 ES Stack. <br class=""><br class="">Everything works fine without x-Pack using the http client-mode but x-pack does not appear to be Shield. <br class=""><a href="https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges" class="">https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges</a> <<a href="https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges" class="">https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges</a>><br class=""><br class="">Just trying to prepare for when the ES5 stack is GA. <br class=""></blockquote><br class="">I see, I guess the only thing you need to change is the name of the loaded<br class="">plugin. Unfortunately this is being hardcoded in the java code [3].<br class="">I made a quick attempt at implementing it (it's a hack) [4] feel free to<br class="">test it.<br class=""><br class="">FWIW I am currently playing with searchguard [1] and succesfully managed to<br class="">make it work with syslog-ng-3.8.1 [2]. They already have a ES 5.x branch<br class="">(haven't tested yet).<br class=""><br class="">Cheers<br class=""><br class="">@lbudai: I guess it would make sense to modify `client-mode(transport)` to<br class="">allow for loading plugins, e.g. by adding a new option `load-plugins("Shield" "Foo" "Bar")`<br class=""><br class="">--<br class="">[1] <a href="https://github.com/floragunncom/search-guard" class="">https://github.com/floragunncom/search-guard</a><br class="">[2] <a href="https://github.com/balabit/syslog-ng/pull/1223" class="">https://github.com/balabit/syslog-ng/pull/1223</a><br class="">[3] <a href="https://github.com/balabit/syslog-ng/blob/master/modules/java-modules/elastic-v2/src/main/java/org/syslog_ng/elasticsearch_v2/client/esnative/ESTransportShieldClient.java#L43" class="">https://github.com/balabit/syslog-ng/blob/master/modules/java-modules/elastic-v2/src/main/java/org/syslog_ng/elasticsearch_v2/client/esnative/ESTransportShieldClient.java#L43</a><br class="">[4] <a href="https://github.com/ccin2p3/syslog-ng/tree/f/x-pack" class="">https://github.com/ccin2p3/syslog-ng/tree/f/x-pack</a><br class=""><br class=""></div></div></blockquote></div><br class=""></div></body></html>