X-Pack是一个Elastic Stack的扩展,将安全,警报,监视,报告和图形功能包含在一个易于安装的软件包中。ELK 6.8 以上版本已经全面集成x-pack不需要单独安装,其中最关键的一点是ES和Kibana的安全认证功能可以直接使用了,下面是开启配置步骤
Elasticsearch开启安全认证
编辑elasticsearch.yml配置文件增加如下配置即可
xpack.security.enabled: true xpack.license.self_generated.type: basic
设置密码
# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]
Logstash增加elasticsearch的账号密码
# vim /etc/logstash/conf.d/logstash.conf input { beats { port => 514 } } output { stdout { codec => rubydebug } elasticsearch { hosts => ["192.168.1.2:9200","192.168.1.3:9200","192.168.1.4:9200"] user => "elastic" password => "123456" } }
Kibana增加elasticsearch的账号密码
# vim /etc/kibana/kibana.yml elasticsearch.username: "elastic" elasticsearch.password: "123456"
依次启动Elastic、Logstash、Kiban服务即可。