编辑es配置文件,添加以下内容开启es认证
vim /etc/elasticsearch/elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
重启es
systemctl restart elasticsearch
设置es密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
会一次设置多种账户的密码
暂停相关服务,避免kibana报错
systemctl stop elasticsearch.service
systemctl stop logstash.service
systemctl stop kibana.service
编辑kibana配置文件,配置es的账户和密码
vim /etc/kibana/kibana.yml
elasticsearch.username: "elastic"
elasticsearch.password: "前面设置的es密码"
启动前面停掉的服务
systemctl start elasticsearch.service
systemctl start logstash.service
systemctl start kibana.service
访问kibana进行测试
已经开启了认证
es设置了密码后会遇到,日志写入es中断的情况,
因为日志写入es时候需要密码,所以要给logstash配置账户和密码
例:
output { #输出源
stdout {}
if "test_host123" in [tags] {
elasticsearch {
hosts => "http://es地址:9200"
user => "elastic" #配置账户
password => "passwd" #配置密码
manage_template => false #默认值是true,false是关闭logstash自动管理模版的功能,自定义模版的话就设置为false
index => "test_host123-%{+yyyy.MM}"
}
}
}
保存后重启logstash,日志即可正常打入es。