Am trying to setup the Alert and Actions for ELK. But, getting the error message
You must enable Transport Layer Security.
Have already set up the following parameter in the kibana.yml. As followed:
xpack.encryptedSavedObjects.encryptionKey: "abcdefghijklmnopqrstuvwxyz1234567890"
Pls advise.
Thanks
enter image description here
xpack.encryptedSavedObjects.encryptionKey: "abcdefghijklmnopqrstuvwxyz1234567890"
With only this, you don't enable the transport layer security.
There are two more steps you need to do.
Enable security in Kibana and Elasticsearch. (Relatively easy!)
Encrypt traffic between them. (You might need to get your org-specific certificates if you are not using Self signed1)
When you use the basic and trial licenses ,
Set xpack.security.enabled: true and discovery.type: single-node in elasticsearch.yml file
https://www.elastic.co/guide/en/elasticsearch/reference/6.8/get-started-enable-security.html
and then xpack.encryptedSavedObjects.encryptionKey : A string of 32 or more characters in kibana.yml
https://www.elastic.co/guide/en/kibana/7.16/alert-action-settings-kb.html#general-alert-action-settings
After updating the config file please restart the elastic and kibana .
Related
I'm trying to set up an ELK stack on a remote Oracle Cloud server, but I can't access kibana from a browser. Installation using deb package. The version of elasticsearch and kibana I'm installing is 8.2 (in this version, security settings are already enabled by default, including settings and generation of security certificates) - the latest version for now. I perform the installation according to the instructions from the official site, but nothing is said there about the remote access settings.
I tried to change the settings in the kibana.yaml file, uncommented the "server.port: 5601" field and edited server.host: "my ip" (I also tried server.host: "0.0.0.0"), but this does not help .
I also tried to access from the network directly to elasticsearch. I edited its configuration in a similar way, but it did not help. In my case, access to elasticsearch from the network is not essential, but I would also like to get it.
I know that Oracle servers by default have restrictions on the forwarded traffic, so I unblocked the elastic and kibana ports (9200 and 5601) in the Oracle control panel.
I also allowed ports 9200 and 5601 through ipitables. The UFW firewall is by default in the "inactive" status. When checked through nmap, both ports return a "filtered" status.
Please help fix the issue. I'm just doing a standard installation according to the instructions and I don't understand what the problem is.
I solved the problem by setting up a reverse proxy nginx so that it redirects requests coming to the server to localhost:5601. These two articles helped me, I hope it helps someone else:
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elastic-stack-on-ubuntu-20-04-ru (step 2)
My ES cluster is running in production mode(on Kubernetes). It is accessible only within the organization so, for now, there is no need for securing the connection between ES nodes with certificates. While setting up the cluster I just added xpack.security.enabled: true that helped me in setting up a basic Kibana authentication, everything was working as expected until I restarted my data nodes pods and now it showing the following error:
ERROR: [1] bootstrap checks failed
[1]: Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
The error message is pretty explicit: You must have TLS certificates to use security. Which also makes sense from a security point of view, especially on Kubernetes where you don't have much protection out of the box otherwise.
If you don't want to set up certificates and other stuff on Kubernetes, have a look at the Kubernetes Operator, which does that for you: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html
I installed Shield in my Elastic Search cluster and configured Kibana to work with it as described: https://www.elastic.co/guide/en/shield/current/kibana.html
No I restart Kibana and get this error:
{"type":"log","#timestamp":"2016-02-15T19:58:22+00:00","tags":["fatal"],"pid":28422,"level":"fatal","message":"HTTPS
is required. Please set server.ssl.key and server.ssl.cert in kiban$
FATAL { [Error: HTTPS is required. Please set server.ssl.key and
server.ssl.cert in kibana.yml.] cause: [Error: HTTPS is required.
Please set server.ssl.key and server.ssl.cert in kibana.yml.],
isOperational: true }
Tutorial above doesn't state that HTTP is mandatory for Kibana to work with Shield but the error does. Any idea whether I can still use Shield with Kibana without setting up SSL?
Unfortunately this is the case in the currently release of Kibana (4.4). In installedPlugins/shield/index.js:38:13 one can conclude that there is no way to get around using HTTPS when this plugin is enabled. If you simply skip the step by removing the Shield plugin for Kibana with bin/kibana plugin --remove shield, Kibana will be usable again with browser authentication, but this is NOT for production purposes IMO.
add this in in kibana.yml, but only do it if you have SSL configured in some other way, eg a load balancer with SSL termination
shield.skipSslCheck: true
The default value of "http.enabled" option in elasticsearch's configuration file is true which means that we can search and admin the cluster from http command, for example:DELETE /index_* request can delete all indexes. But this is not safe when deployment the service to the production environment. How can I fix this problem?
You can either implement shield - this is free if you are paying for one of the Elasticsearch support packages.
Or implement a reverse proxy which checks each request and the user running the request, for example nginx.
I have Elastic Search as part of the ELMA appliance. This appliance presents ES via HTTPS protected by basic auth. I have Logstash running on a separate machine. This Logstash needs to send log data to ES. What is the right output configuration to use?
Thanks for any pointers.
-Raj
there is an option in new version:
http://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-password
ssledit
Value type is boolean
Default value is false
SSL Configurations (HTTP only)
Enable SSL
Looks like Logstash's elasticsearch_http module does not support SSL, or does not handle self-signed certs. My solution was to disable SSL on the ElasticSearch httpd conf entry in the ELMA appliance.