Skip to content
ELK scripts to work with Search Guard
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea
README.md
certexample
elk-aliases
elk-backup
elk-cat
elk-chkdsk
elk-chkshard
elk-cluster
elk-clusthealth
elk-cntdocs
elk-csv2filter
elk-del
elk-deltemp
elk-fastsync
elk-health
elk-list grrrr Apr 15, 2019
elk-master
elk-mem
elk-mkalias
elk-mkrepo
elk-mv
elk-mylog
elk-myperms
elk-newidx
elk-newment
elk-newrt
elk-nodeattrs
elk-nodes
elk-recovery
elk-replicas
elk-restore
elk-search
elk-set2k
elk-setrefresh
elk-setreplica
elk-setshards
elk-sg
elk-shards
elk-showbackup
elk-showfmt
elk-showmap
elk-showrepos
elk-showtemp
elk-sitstill
elk-tenant
elk-testing
elk-tuindices
elk-usage
elk-userids
fixjson

README.md

Elasticsearch Scripts & Search Guard

These scripts were created over the first year we worked with Elasticsearch. During the last quarter of that year we implemented Search Guard, an enterprise grade security system that has a gratis option that provides a single tenant security model suitable for small teams, as one might find in an academic setting.

The configuration is simple - you'll need one of the following in your ~/.profile

export "ELKHOST=http://localhost:9200"

or maybe

export ELKHOST="https://elk.netwarsystem.com:9200"

Elasticsearch uses plain ol' http by default, Search Guard requires TLS. The $ELKHOST variable contains whatever hostname or IP address you use, a colon, and then the port Elasticsearch is using for API access. This is never going to be 9300 - that's the node to node communication port for clusters.

If you're running a basic Elasticsearch install, that's it. Don't forget to log out/log back in to make the $ELKHOST environment variable active.

If you implement Search Guard, you'll also need something in $ELKAUTH.

export ELKAUTH " --insecure -u admin:password "

This variable requires the leading and trailing spaces. Don't put goofy special chars in your password unless you understand how shell escapes work. The --insecure option tells the system to ignore any problems with self signed certiicates. That configuration is what you'll have if you install the Search Guard demo.

Much of what is in this repo could be deprecated if we got focused about including some checks and Elastic config stuff in the Python code base. Even so, creating these was an invaluable learning experience and we're probably going to leave them around for others who are climbing the Elasticsearch learning curve.

If you truly need to get some work done with this system, it is STRONGLY advised that you obtain Elasticsearch: The Definitive Guide, by Clinton Gormley and Zachary Tong. Everything we know about creating and scaling Elasticsearch clusters came from this book - it's 690 pages of dense, well organized, well written wisdom regarding a complex, powerful distributed application.

You can’t perform that action at this time.