I've been asked to integrate our logstash setup with LDAP authentication. So I think I'll need to add shield to our 3 ES nodes. Logstash lives on the first ES node. Can someone please confirm if I need to use shield to integrate logstash into LDAP?
Also I've been asked to find out if there's a way to report what users have logged in via LDAP in kibana. We'd need to be able to gain visibility in into what logs they are using.
So how can we report logstash usage from logged in LDAP users in Kibana?
This question is really a Kibana question. I don't see how it's related to Logstash at all.
Can someone please confirm if I need to use shield to integrate logstash into LDAP?
Perhaps, it depends on your requirements. You could certainly put Kibana behind a reverse proxy that deals with the authentication but that wouldn't give you the fine-grained ACLs that I believe you get with Shield.
Also I've been asked to find out if there's a way to report what users have logged in via LDAP in kibana. We'd need to be able to gain visibility in into what logs they are using.
If you're just using a reverse proxy you can log the name of the users who log in, and if you also have Elasticsearch behind a reverse proxy you can log which indexes are being queried. I don't know what Shield provides in this area.
Sure that's great. Right now I'm keeping kibana behind nginx using basic auth. So really what I'll need to figure out is how to tie that into LDAP. And log what users have logged in from there. Then feed that log into logstash/kibana. That all makes sense to you?
Sure, although this isn't the best place to ask about nginx LDAP authentication. But once that works just make sure the logs contain the name of the authenticated user and configure Logstash to read and parse those logs.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.