[syslog-ng] Elastic Search destination with x-pack

Scot Needy scotrn at gmail.com
Thu Oct 6 13:19:05 UTC 2016 

Should it work if I just add a security filters to allow syslog-ng system ? 

Trying these and so far no luck.
https://www.elastic.co/guide/en/x-pack/5.0/ip-filtering.html <https://www.elastic.co/guide/en/x-pack/5.0/ip-filtering.html>

xpack.security.http.filter.allow: localhost



> On Oct 5, 2016, at 12:11 PM, Fabien Wernli <wernli at in2p3.fr> wrote:
> 
> Hi,
> 
> On Wed, Oct 05, 2016 at 11:39:28AM -0400, Scot Needy wrote:
>> I know its not officially supported. This is a test system at home running CentOS7, syslog-ng 3.8 from repo and the latest 5.0 ES Stack. 
>> 
>> Everything works fine without x-Pack using the http client-mode but x-pack does not appear to be Shield. 
>> https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges <https://www.elastic.co/guide/en/x-pack/5.0/security-migration.html#_removed_privileges>
>> 
>> Just trying to prepare for when the ES5 stack is GA. 
> 
> I see, I guess the only thing you need to change is the name of the loaded
> plugin. Unfortunately this is being hardcoded in the java code [3].
> I made a quick attempt at implementing it (it's a hack) [4] feel free to
> test it.
> 
> FWIW I am currently playing with searchguard [1] and succesfully managed to
> make it work with syslog-ng-3.8.1 [2]. They already have a ES 5.x branch
> (haven't tested yet).
> 
> Cheers
> 
> @lbudai: I guess it would make sense to modify `client-mode(transport)` to
> allow for loading plugins, e.g. by adding a new option `load-plugins("Shield" "Foo" "Bar")`
> 
> --
> [1] https://github.com/floragunncom/search-guard
> [2] https://github.com/balabit/syslog-ng/pull/1223
> [3] https://github.com/balabit/syslog-ng/blob/master/modules/java-modules/elastic-v2/src/main/java/org/syslog_ng/elasticsearch_v2/client/esnative/ESTransportShieldClient.java#L43
> [4] https://github.com/ccin2p3/syslog-ng/tree/f/x-pack
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20161006/22779743/attachment.html>

More information about the syslog-ng mailing list