-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expand remote audit logging info #29692
Comments
Original comment by @jaymode: +1 the documentation is very sparse about this feature in comparison to the rest.
For remote indexing, you need to configure the client with the appropriate truststore and keystore. See below
Yes we startup a transport client to the remote cluster
No
These other settings are any additional settings that need to be passed to the transport client such as shield.user or SSL config... |
Original comment by @ppf2: We still don't have instructions on setting up remote auditing with SSL today in Xpack on 5.x. So far, I am not able to get this working on 5.2. I am using certgen to create certs for both clusters so they should be signed by the same ca. On live cluster:
Remote cluster has the same reference to the ca:
It throws an error as if the cert is bad.
So I then tested the SSL connection using a standalone java transport client using the same cert, key, and ca files, and it works fine:
What am I missing here ? :) @jaymode |
Original comment by @ppf2: Thanks @jaymode. Ah, works now, thx! @debadair Specifically, please update the documentation with the following:
The additional options are:
|
Original comment by @debadair: Will do! |
Original comment by @inqueue: Support is still seeing multiple reports of users struggling to setup remote audit logging just on these two points alone:
Covering these items in the docs would be extremely helpful @debadair. |
@lcawl Bump - it would be good to at least update the docs to clarify that |
We should also point out that user account on the elasticsearch user on the monitoring cluster must have permissions to create .security-audit. Many users have more conservative role based permissions, so it's helpful to provide this info for them. |
Original comment by @markwalkom:
Here we're a little light on some details that might make it easier for users to understand what is happening.
eg;
The text was updated successfully, but these errors were encountered: