We fixed a bug, that would not allow adding a custom role to the pre-configured user for Elasticsearch in Logstash.
To solve this bug, we have implemented the PKI authentication (certificate authentication) for the Elastic Logstash user. The roles assigned to the Logstash user are provided via role mapping.
We already updated the Logstash Elasticsearch outputs shipped with the package to accommodate these changes. All existing outputs will continue to work correctly in this release, however if you have custom Logstash Elasticsearch outputs (in /neteye/shared/logstash/conf/conf.d/ and/or in /neteye/shared/logstash/conf/template.d/), we strongly suggest migrating them
- Copy them from
/neteye/shared/logstash/conf/template.d/to/neteye/shared/logstash/conf/conf.d/if any. - Replace the
usernamewithkeystore => "/neteye/shared/logstash/conf/certs/private/logstash.pfx". - Replace
passwordwithkeystore_password => "".
With these changes, the Elastic Logstash user is authenticated via certificates and not via basic authentication. The Elastic Logstash user pre-configured in NetEye will be deprecated starting from the NetEye 4.13, so we strongly suggest to migrate your custom Logstash outputs to this new authentication mechanism.
We fixed also a bug that did not restart rsyslog on destination node when rsyslog-logmanager was relocated and some User Guide broken links.
For NetEye 4.12 we updated:
- elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, elasticsearch-xpack, elasticsearch-xpack-autosetup, kibana, kibana-autosetup, kibana-neteye-config, kibana-xpack, kibana-xpack-autosetup, logstash, logstash-neteye-config, logstash-neteye-config-autosetup, logstash-xpack, logstash-xpack-autosetup to version 7.6.2_neteye3.5.1-1
- rsyslog-neteye-config and rsyslog-neteye-config-autosetup to version 0.5.1-1
- icingaweb2-module-kibana and icingaweb2-module-kibana-autosetup to version 1.10.1-1
Bharat Bisht
Author
