ELK: Requesting access to ELK dev instance - RTRS

[rperigo]

Hi Forrest,

The instance is up and will be available on elk1.sca.iu.edu.

This URL will lead directly to the Kibana dashboard once firewall holes are opened. The Elasticsearch backend is proxied behind elk1.sca.iu.edu/elastic/ and is the URL you'll want to use when setting up Beats.

As we cannot readily use LDAP/ADS with the free ELK implementation, I have created a superuser account for your admin-level access within Elasticsearch. I can provide these credentials in whatever way you'd like (e.g. slack message for username, separate email or Slashtmp for password. Once you have access, you can and should change that account's (randomly-generated) password.

Going forward, could you please give us:

• A list of IPs that will be sending logs into the system (or, a VLAN)
• The IP range for your VPN group for the Kibana UI.

[rperigo]

@fgreenwo responded in a private email with the IP ranges (not pasting in to keep such things private). I've opened the firewall holes, but we still need to sort out how you'd prefer us to give you the superuser password for your instance. Once that's done, we can start hooking up your hosts.

[fgreenwo]

As far as the credentials go, I like the idea of a Slack message for the username and a separate email for the password.

[agopu]

While ongoing issues get debugged from time to time, overall this has been in place since early June. Closing.