10. xpack security 적용

1. elasticsearch 에 설정

> vim /etc/elasticsearch/elasticsearch.yml
  enabled: true
      enabled: true



2. elasticsearch에 접근할 계정 생성

  • elastic: superuser
  • kibana_system: kibana가 elasticsearch로 접근 할 계정
> /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana_system]: 
Reenter password for [kibana_system]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

 - kibana에서 확인


3. kibana 계정 설정 적용

> vim /etc/kibana/kibana.yml
elasticsearch.username: "kibana_system"
elasticsearch.password: "******"


4. logstash 계정 설정 적용

  • logstash_system 계정으로 403 오류가 난다면 elastic(superuser) 계정으로..
                elasticsearch {
                        hosts => "http://localhost:9200"
                        user => "logstash_system"
                        password => "******"
                        index => "networklog"