I've created the ELK stack in docker.
I started ES. I've changed the password of the existing logstash_system user:
curl -u elastic -XPUT 'localhost:9200/_xpack/security/user/logstash_system/_password?pretty' -H 'Content-Type: application/json' -d'
{
"password": "secretlog"
}
I've created my own logstash image with as .yml
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: secretlog
pipeline/logstash.conf looks like:
input {
gelf { }
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
user => "logstash_system"
password => "secretlog"
}
stdout { }
}
Now i've started a container with the gelf driver. I see the logs in my logstash but it's also throwing this error in between:
2017-08-02T12:49:51.239Z 172.17.0.1 - - [02/Aug/2017:12:49:51 +0000] "GET / HTTP/1.1" 200 45
[2017-08-02T12:49:51,394][ERROR][logstash.outputs.elasticsearch] Got a bad response code from server, but this code is not considered retryable. Request will be dropped {:code=>403, :response_body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:data/write/bulk] is unauthorized for user [logstash_system]\"}],\"type\":\"security_exception\",\"reason\":\"action [indices:data/write/bulk] is unauthorized for user [logstash_system]\"},\"status\":403}"}
2017-08-02T12:49:51.362Z 172.17.0.1 - - [02/Aug/2017:12:49:51 +0000] "GET / HTTP/1.1" 200 45
This does not work: I go inside my logstash container and try to curl indices:
$:~/logging-project$ docker exec -it c187363f5729 bash
bash-4.2$ curl -u logstash_system 'elasticsearch:9200/_cat/indices?v'
Enter host password for user 'logstash_system':
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:monitor/stats] is unauthorized for user [logstash_system]"}],"type":"security_exception","reason":"action [indices:monitor/stats] is unauthorized for user [logstash_system]"},"status":403}bash-4.2$