xpack.security.http.filter.allow: localhost
On Oct 5, 2016, at 12:11 PM, Fabien Wernli <wernli@in2p3.fr> wrote:Hi,
On Wed, Oct 05, 2016 at 11:39:28AM -0400, Scot Needy wrote:I know its not officially supported. This is a test system at home running CentOS7, syslog-ng 3.8 from repo and the latest 5.0 ES Stack.
Everything works fine without x-Pack using the http client-mode but x-pack does not appear to be Shield.
https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges <https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges>
Just trying to prepare for when the ES5 stack is GA.
I see, I guess the only thing you need to change is the name of the loaded
plugin. Unfortunately this is being hardcoded in the java code [3].
I made a quick attempt at implementing it (it's a hack) [4] feel free to
test it.
FWIW I am currently playing with searchguard [1] and succesfully managed to
make it work with syslog-ng-3.8.1 [2]. They already have a ES 5.x branch
(haven't tested yet).
Cheers
@lbudai: I guess it would make sense to modify `client-mode(transport)` to
allow for loading plugins, e.g. by adding a new option `load-plugins("Shield" "Foo" "Bar")`
--
[1] https://github.com/floragunncom/search-guard
[2] https://github.com/balabit/syslog-ng/pull/1223
[3] https://github.com/balabit/syslog-ng/blob/master/modules/java-modules/elastic-v2/src/main/java/org/syslog_ng/elasticsearch_v2/client/esnative/ESTransportShieldClient.java#L43
[4] https://github.com/ccin2p3/syslog-ng/tree/f/x-pack