반응형
1. elasticsearch 에 xpack.security 설정
> vim /etc/elasticsearch/elasticsearch.yml
xpack.security:
enabled: true
transport:
ssl:
enabled: true
2. elasticsearch에 접근할 계정 생성
- elastic: superuser
- kibana_system: kibana가 elasticsearch로 접근 할 계정
> /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
- kibana에서 확인
3. kibana 계정 설정 적용
> vim /etc/kibana/kibana.yml
elasticsearch.username: "kibana_system"
elasticsearch.password: "******"
4. logstash 계정 설정 적용
- logstash_system 계정으로 403 오류가 난다면 elastic(superuser) 계정으로..
elasticsearch {
hosts => "http://localhost:9200"
user => "logstash_system"
password => "******"
index => "networklog"
}
반응형
'Monitoring Tools > ELK Stack' 카테고리의 다른 글
11.1 metricbeat system modules 사용하기 (0) | 2022.05.06 |
---|---|
11. metricbeat 설치(windows agent) (0) | 2022.05.06 |
9. Elasticsearch 상태 정보 보기(cluster, shard, index, node) (0) | 2022.04.26 |
8. Windows Sysmon + Winlogbeat + logstash (0) | 2022.04.26 |
7. Elastalert (0) | 2022.04.26 |