Elasticsearch访问日志 [英] Elasticsearch Access Log
问题描述
我正在尝试查找谁向ElasticSearch集群发出查询.Elastic似乎没有访问日志.
I'm trying to track down who is issuing queries to an ElasticSearch Cluster. Elastic doesn't appear to have an access log.
是否可以找到哪个IP正在攻击群集?
Is there a place where I can find out which IP is hitting the cluster?
推荐答案
Elasticsearch不能提供任何开箱即用的安全性,是有意设计的.
Elasticsearch doesn't provide any security out of the box, and that is on purpose and by design.
因此,您有几种解决方案:
So you have a couple solutions out there:
-
不要让您的ES集群暴露在开放的世界中,而是将它放在在防火墙后面(即将可以访问您节点上的端口9200/9300的主机列入白名单)
Don't let your ES cluster exposed to the open world, but put it behind a firewall (i.e. whitelist the hosts that can access ports 9200/9300 on your nodes)
查看用于Elasticsearch的 Shield插件,以保护您的环境.
Look into the Shield plugin for Elasticsearch in order to secure your environment.
在集群前面放置一个 nginx服务器以充当反向代理.
Put an nginx server in front of your cluster to act as a reverse proxy.
使用 elasticsearch-jetty插件或简单地添加简单的基本身份验证 elasticsearch-http-basic插件,这也使您可以将要使用的客户端IP列入白名单.允许访问您的集群.
Add simple basic authentication with either the elasticsearch-jetty plugin or simply the elasticsearch-http-basic plugin, which also allowws you to whitelist the client IPs that are allowed to access your cluster.
如果要访问日志,则需要2或3,但是上述所有解决方案都可以保护您的ES环境.
If you want to have access logs, you need either 2 or 3, but all solutions above will allow you to secure your ES environment.
这篇关于Elasticsearch访问日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
