前提條件,es集群內部各節點已開啟https訪問,集群也已開啟x-pack安全功能,並設置了系統默認的用戶密碼等,具體操作詳見:https://www.cnblogs.com/sanduzxcvbnm/p/12046640.html
- 在ES節點上創建logstash_write_role角色
方法一:使用 Kibana Roles UI(Kibana 角色 UI)創建:
方法二:使用 Kibana Dev Tools(Kibana 開發工具)標簽卡中的 API 創建:
POST /_security/role/logstash_write_role
{
"cluster": [
"monitor",
"manage_index_templates"
],
"indices": [
{
"names": [
"logstash*"
],
"privileges": [
"write",
"create_index"
],
"field_security": {
"grant": [
"*"
]
}
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
# 返回結果
{"role":{"created":true}}
分配至此角色的用戶將無法刪除任何文檔。此角色存在限制:只有用戶在索引中以 logstash 或索引文檔開始時,此角色才允許用戶創建索引。
ILM 用戶注意事項: 要使 logstash_writer_role 與索引生命周期管理 (ILM)(在 7.3+ 中默認啟用)協同工作,必須包含以下權限:
"privileges": ["write","create","delete","create_index","manage","manage_ilm"]
- 創建 logstash_writer 用戶(請為用戶 logstash_writer 更改密碼)
方法一:使用 Kibana Users UI(Kibana 用戶 UI)創建:
方法二:使用 Kibana Dev Tools(Kibana 開發工具)標簽卡中的 API 創建:
POST /_security/user/logstash_writer
{
"username": "logstash_writer",
"roles": [
"logstash_write_role"
],
"full_name": null,
"email": null,
"password": "",
"enabled": true
}
# 返回結果
{"user":{"created":true}}
# 修改用戶密碼,官方地址:https://www.elastic.co/guide/en/elasticsearch/reference/7.5/security-api-change-password.html
POST /_security/user/logstash_writer/_password
{
"password": "logstash_writer"
}
- 在es集群節點上為logstash使用ssl創建證書
可以參考這個文檔,地址:https://www.cnblogs.com/sanduzxcvbnm/p/12055038.html
假設所需要的證書都在這個路徑下:
ll /etc/logstash/certs
- 配置 logstash.yml
# grep -v '^#' logstash.yml
node.name: 192.168.75.20
path.data: /var/lib/logstash
path.config: /etc/logstash/conf.d/*.conf
path.logs: /var/log/logstash
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system # 根據實際情況而定,系統自帶用戶,不是上一步創建的用戶
xpack.monitoring.elasticsearch.password: changeme # 根據實際情況而定
xpack.monitoring.elasticsearch.hosts: ["https://192.168.75.21:9200", "https://192.168.75.22:9200","https://192.168.75.23:9200"] # 根據實際情況而定
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/etc/logstash/certs/ca.pem" # 根據實際情況而定
- 創建並配置 conf.d/example.conf
官方文檔:https://www.elastic.co/guide/en/logstash/7.5/plugins-outputs-elasticsearch.html
https://www.elastic.co/guide/en/logstash/7.5/ls-security.html