search

elastic / logstash

Logstash - transport and process your logs, events, or other data
https://www.elastic.co/products/logstash
Other
76 stars 3.5k forks source link

Clarify docs around setting up logstash monitoring in ECE/cloud #9359

Open nellicus opened 6 years ago

nellicus commented 6 years ago

Current documentation https://www.elastic.co/guide/en/logstash/6.2/ls-security.html#ls-monitoring-user

details the procedure to set up logstash monitoring against on prem elastic stack.

X-Pack security comes preconfigured with a logstash_system user for this purpose. This user has the minimum permissions necessary for the monitoring function, and should not be used for any other purpose - it is specifically not intended for use within a Logstash pipeline.

However the above is not true for ECE and a user named something different than logstash_system needs to be created manually when setting up ls monitoring and assigned with the builtin logstash_system role

this step probably also applies to hosted cloud , perhaps @nephel can validate

cc @nrichers @karenzone

nephel commented 6 years ago

Had the same experience in a ticket about setting up logstash monitoring in the Cloud 00193739 the logstash_system username was not being allowed for the new user. It was denied as reserved

nrichers commented 6 years ago

@karenzone This ticket came out of a discussing during a call with our wonderful support team today. Let me know if you want to chat?

@kellyemurphy FYI

karenzone commented 6 years ago

Good timing. I've had several issues around Logstash security come my way over the last 3-4 weeks. I'm working on them right now. ECE/Cloud is a new wrinkle that I was not aware of, and I'll add it into the mix. Thanks @nellicus for opening this issue with such good details, and thanks @nephel for the confirmation and additional info.

@nrichers and @kellyemurphy I'll touch base with questions and to bounce ideas when needed.

karenzone commented 6 years ago

Sorry about accidentally closing the issue. My new Mac is in the hospital, and I'm trying to get work done from a Windows laptop with a gigantic track pad.

nellicus commented 6 years ago

@cstrzadala @suyograo this was discussed in ece deepdive in april https://docs.google.com/document/d/1C7g14Rpru7JoZwEOThtFZz7hw_sPlxddoEoxrlymD9M/edit , quite surprised to see this hasn't been addressed. is this really a ingest feature problem?

I would have hoped this could be fixed within the product? Why do we need to reserve logstash_system in ECE file realm and make it unavailable making our logstash monitoring documentation not applicable here thus introducing an exception?

joegallo commented 6 years ago

@nellicus @cstrzadala @suyograo see my explanation on the other ticket.

nellicus commented 6 years ago

thanks @joegallo 👍 🙏