Clever Geek Handbook

Elasticsearch access log

I am trying to track who is issuing requests to an ElasticSearch cluster. Elastic has no access log.

Is there a place where I can find out which IP falls into the cluster?

+3


source to share


1 answer


Elasticsearch does not provide any security out of the box, which is by design .

So you have a couple of solutions:



  • Don't let the ES cluster open in the open world, but put it behind a firewall (i.e. whitelist hosts that can access ports 9200/9300 on your nodes)

  • Take a look at the Shield Plugin for Elasticsearch to help protect your environment.

  • Place nginx server in front of your cluster to act as a reverse proxy.

  • Add simple basic authentication with the elasticsearch-jetty plugin or just elasticsearch-http-basic plugin , which also allows you to rename the IP addresses of clients who are allowed to access your cluster.

If you want to have access logs, you need either 2 or 3, but all of the solutions above will allow you to secure your ES environment.

+1


source






More articles:


All Articles