I am planning to implement ELK stack on my organization for application teams to visualize their respective logs via Kibana UI. Now my question is,
I have installed ELK on server, and using filebeat i am shipping logs to thiis ELK server from 2 different applications for example.
As I am shipping logs from 2 different applications, I want to restrict the users in one application viewing logs of other application and vice versa. I find shield can be used to restrict user login and secure. But not exactly sure how can i configure to restrict Application 1 log file view access to App1 users only , Application 2 log file view access to App2 users only.
You could use our commercial security plugin. One plugin installs in Elasticsearch and the other plugin installs in Kibana.
For pre-5.0 products it's called Shield. In 5.0 its the Security plugin which is part of X-Pack https://www.elastic.co/products/x-pack. It's easier to set up on 5.0.
Thanks LeeDr. Yes I did refer documents on xpack. But not getting an idea for my above query. Restricting user to view specific logs. Some guidance appreciated. Thanks.
Hi Manoj, I'm not an expert on our permissions setup, but I believe you can configure Roles with access to different fields, documents, and indices, and then assign these Roles to different Users. Can you take a look at https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html and let me know if this helps you?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.