03. 04. 2019 Michele Santuari Log Management, NetEye

How to Manage Permissions in Log Analytics with NetEye 4

NetEye 4 Log Manager, as already presented in this blog post, allows you to easily manage the collection, navigation, visualization and analysis of large numbers of logs.

For many reasons, I as a user may want to limit log access to a subset of users. For example a network administrator should only see the logs of switches, routers…

One of the possible solutions supported by NetEye 4 is to manage the user-specific permissions leveraging the Director hostgroup, which each host can be configured to belong to.

Let’s assume a very simple scenario: two users (network-admin, database-admin) who must have different authorizations:

  • The former is responsible for the network devices that are in network-hostgroup
  • The latter is responsible for the database servers that are in database-hostgroup

Neither user should see monitoring data and logs from the other group, just those under his/her responsibility.

The configuration of these permissions requires defining two roles in the Authentication section under the Configuration menu item:

Those roles serve to limit the permissions based on the hostgroup which each role can see as follows:

  1. Director: limit the visibility of host configurations
  2. Monitoring: show only the status of the hosts
  3. Logs Analytics: map the roles between Log Analytics and those just configured in the screenshot above

Log Analytics must be configured in Search Guard to limit access to logs belonging to the hostgroup by following these steps:

  • Back up the Search Guard configuration: 
mkdir /root/backup-hostgroup && /usr/share/neteye/scripts/searchguard/sg_backup.sh -d /root/backup-hostgroup
  • Create new roles in Search Guard with limited permissions based on the hostgroup in /root/backup-hostgroup/sg_roles.yml: 
ws_network-hostgroup:
  cluster:
  - "CLUSTER_COMPOSITE_OPS_RO"
  indices:
    ?kibana_*:
      '*':
      - "READ"
    logstash-*:
      '*':
      - "READ"
      _dls_: "{\"match\":{\"hostgroups\":\"network-hostgroup\"}}"
 
ws_database-hostgroup:
  cluster:
  - "CLUSTER_COMPOSITE_OPS_RO"
  indices:
    ?kibana_*:
      '*':
      - "READ"
    logstash-*:
      '*':
      - "READ"
      _dls_: "{\"match\":{\"hostgroups\":\"database-hostgroup\"}}"
  • Add a mapping for the roles in /root/backup-hostgroup/sg_roles_mapping.yml as follows: 
ws_network-hostgroup:
  backendroles:
  - "network-hostgroup"
ws_database-hostgroup:
  backendroles:
  - "database-hostgroup"

In an upcoming release, Log Analytics configurations will be simplified via the automated creation of Search Guard roles based on the hostgroups available in Director.

Michele Santuari

Michele Santuari

Software Architect at Wuerth Phoenix
Hi, my name is Michele Santuari and I am a Telecommunication engineer felt in love with OpenFlow, the first attempt of centralized network management, provisioning, and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages. Now, I am into Agile methodologies and crazy development process management.

Author

Michele Santuari

Hi, my name is Michele Santuari and I am a Telecommunication engineer felt in love with OpenFlow, the first attempt of centralized network management, provisioning, and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages. Now, I am into Agile methodologies and crazy development process management.

Latest posts by Michele Santuari

28. 12. 2020 Development
Research & Development – Spike (Part 4)
23. 12. 2020 Development
RPM/ISO Repository: Disk Space Optimization
05. 10. 2020 Development, NetEye
Research Activities: A Fully Distributed NetEye
29. 07. 2020 Bug Fixes, NetEye
Bug Fixes for NetEye 4.12
28. 07. 2020 Log Management, Log-SIEM
Customizing the Default Permissions in NetEye SIEM
See All

Related Content

Tags: , , , ,

05. 04. 2023 Asset Management, Icinga Web 2, NetEye, Service Management

The Evolution of Multi-tenancy in NetEye

A very important, fast-evolving area during the latest NetEye releases has been multi-tenancy. In a system with many tenants, the most complex aspect is probably the proper and orderly management of user permissions. To help administrators in this task, we Read More
21. 12. 2022 Log Management, Log-SIEM, NetEye

How We Verify the Integrity of El Proxy Blockchains Altered by a Retention

El Proxy helps in compliance with GDPR regulations, which, besides the rest, imposes guarantees on the integrity of data and ensures that the data is kept for no longer than a predefined period of time. El Proxy ensures the integrity Read More
13. 12. 2022 Development, Log Management, Log-SIEM, NetEye

How We Sped up El Proxy Verification

Before deploying El Proxy in production we, the R&D Team, carried out numerous benchmarks and reproduced real life scenarios to ensure that the real-time log signing performed by El Proxy would not represent a bottleneck in environments where logs that Read More
31. 12. 2021 Development, Log Management, Log-SIEM, NetEye

Real Time Log Signing on Fleet-managed Elastic Agents – A Preliminary Investigation

The R&D Team is currently working on the integration of the new Elastic Fleet management tool in NetEye 4. Once Elastic Fleet is fully integrated in NetEye 4, all of the Log Management features currently supported will also need to Read More
24. 12. 2021 Log Management, NetEye

Log Management through NetEye Satellites

In the enormous world of Log Collection, quite often customers need to collect logs from various systems in remote locations, like from an office in another country. For Icinga we know that the latest NetEye 4.20 release fully supports distributed Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive