All, A project I'm working on is wanting to leverage syslog-ng as our log shipper, but we're ideally wanting it to communicate with Elasticsearch 5 over HTTPS or searchguard. My understanding is current support is only for HTTP for Elastic 5. Are there plans to add elastic 5 support for other client modes than HTTP anytime soon? I'm fine just doing HTTP for now and switching to secured communications later. If not, I'm okay spending a bit of time trying to get that working myself; I haven't delved too deep into the source, but the changes involving updates to the elastic module do not seem to be too too intensive and only include Java changes. Is this a correct interpretation? It doesn't look like it would be too difficult to do, but since it hasn't been done I was wondering if there was something else involved I'm missing. -- Thanks, Jonathan Price Associate Scientist, Cyber Security Raytheon BBN Technologies
Hi, On Thu, Dec 07, 2017 at 11:00:03PM +0000, JONATHAN PRICE wrote:
A project I'm working on is wanting to leverage syslog-ng as our log shipper, but we're ideally wanting it to communicate with Elasticsearch 5 over HTTPS or searchguard. My understanding is current support is only for HTTP for Elastic 5.
HTTPS support is merged since 3.10.1 We're using it on a ES 5.3.2 with Searchguard. Here's our config (stripped down), FWIW: elasticsearch2( client-lib-dir("/usr/share/elasticsearch/plugins/search-guard-5/*.jar:/usr/share/elasticsearch/lib/") client-mode(https) server("esnode01 esnode02 esnode03") java_keystore_filepath("/etc/syslog-ng/coloss-analyzer-keystore.jks") java_keystore_password("changeit") java_truststore_filepath("/etc/elasticsearch/coloss/truststore.jks") java_truststore_password("changeme") http_auth_type("clientcert") time-zone("UTC") index("syslog-${YEAR}-${MONTH}-${DAY}") type("syslog") ... );
participants (2)
-
Fabien Wernli
-
JONATHAN PRICE