Best practices with setting up authorization

[fairking]

Can someone please give some advice regarding the authorization?

I have elasticsearch separate from all my instances (different server). I am thinking about setting up the user and the role to be able to write logs by all my instances. What is the best practice to do so?

I don't want to use elastic user. I tried to create a new user and set the logstash_system role, but the NLog says there are not enough of permissions. Which role or permissions do I need to set on that my_logger user?

var elasticSearchTarget = new AsyncTargetWrapper {
                        Name = "asyncElasticsearch",
                        QueueLimit = 5000,
                        BatchSize = 100,
                        TimeToSleepBetweenBatches = 5000,
                        WrappedTarget = new NLog.Targets.ElasticSearch.ElasticSearchTarget()
                        {
                            Name = "elasticsearch",
                            Uri = AppConfigService.ElasticSearchUrl,
                            Index = "logs-${var:instance_name}-${var:version_number}-${date:format=yyyy.MM.dd}",
                            RequireAuth = true,
                            Username = "my_logger",
                            Password = "MyP@$$W0rd",
                        },
                    };
cfg.AddRule(tdzMinLevel, LogLevel.Fatal, elasticSearchTarget);

Any thoughts guys?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.