Hi all,
I am running Elasticsearch and Kibana stack 5.5.0 on an ubuntu server. My client servers are located in a local network so I need to run ES on 0.0.0.0:9200 to get logs from Filebeat.
I know it's too risky to expose ES to public, I'm trying to put it behind a reverse proxy (nginx) with access control list with Lua to limit filebeat clients access only to its index.
as described in this article
In other words, is there a way to implement this security role in x-pack using nginx + Lua ?
POST _xpack/security/role/filebeat_writer
{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "filebeat-*" ],
"privileges": ["read","write","create_index"]
}
]
}
I'm not sure if that's possible with Nginx, because Filebeat uses the _bulk, which allows for arbitrary commands in the body of the message. Even if it were possible, note that that means that anyone could add data to your indices.
Perhaps a slightly better option would be to have Logstash installed centrally, and have Filebeat talk to Logstash.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.