Elasticsearch access log
Elasticsearch does not provide any security out of the box, which is by design .
So you have a couple of solutions:
-
Don't let the ES cluster open in the open world, but put it behind a firewall (i.e. whitelist hosts that can access ports 9200/9300 on your nodes)
-
Take a look at the Shield Plugin for Elasticsearch to help protect your environment.
-
Place nginx server in front of your cluster to act as a reverse proxy.
-
Add simple basic authentication with the elasticsearch-jetty plugin or just elasticsearch-http-basic plugin , which also allows you to rename the IP addresses of clients who are allowed to access your cluster.
If you want to have access logs, you need either 2 or 3, but all of the solutions above will allow you to secure your ES environment.
source to share