国内资源不是太稳定
https://docs.search-guard.com/6.x-25/search-guard-versions
https://www.newbe.pro/Mirrors/Mirrors-Kibana/
对应自己版本下载对应的plugin
Elasticsearch
es:./elasticsearch-plugin install -b file:///home/search-guard-6-6.4.1-25.5.zip
cd /usr/share/elasticsearch/plugins/search-guard-6/tools
使用demo部署ssl ./install_demo_configuration.sh (y-y-n),默认密码admin,admin(可以用hash修改)
检查配置文件
# WARNING: revise all the lines below before you go into production
searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.security.enabled: false
######## End Search Guard Demo Configuration ########
访问:https://localhost:9200
Kibana
kibana: ./kibana-plugin install file:///home/search-guard-kibana-plugin-6-6.8.10-19.2.zip
server.port: 5601
server.host: "192.168.50.113"
elasticsearch.url: "https://192.168.50.113:9200"
kibana.index: ".kibana"
elasticsearch.username: "admin"
elasticsearch.password: "admin"
elasticsearch.ssl.verificationMode: none
elasticsearch.requestHeadersWhitelist: [ "Authorization", "sgtenant" ]
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false
xpack.security.enabled: false
logstash
[root@localhost home]# vim test/std.conf
input{
file{
path=>"/var/log/messages"
start_position=>"beginning"
}
}
output {
elasticsearch {
hosts => [ "192.168.50.113:9200" ]
index => "messageslog-%{[log_source]}-%{+YYYY.MM.dd}"
user => "admin"
password => "admin"
ssl => true
ssl_certificate_verification => false
}
stdout { codec => rubydebug}
}