ELK: 5.4.1
ROR: 1.16.8
ROR_KBN 0.1.5
We started testing the ROR 1.16.8
First I wanted to give admin access to one of the groups
- name: "Sys"
type: allow
kibana_access: admin
groups: ["Sys"]
indices: [".kibana", ".kibana-devnull", "*"]
but got this error in kibana log
{"type":"response","@timestamp":"2017-07-18T13:00:23Z","tags":[],"pid":25171,"method":"get","statusCode":403,"req":{"url":"/api/readonlyrest_kbn/settings","method":"get","headers":{"host":"54.194.124.114:5601","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:54.0) Gecko/20100101 Firefox/54.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate","kbn-version":"5.4.1","referer":"http://54.194.124.114:5601/app/readonlyrest_kbn","connection":"keep-alive"},"remoteAddress":"185.7.185.182","userAgent":"185.7.185.182","referer":"http://54.194.124.114:5601/app/readonlyrest_kbn"},"res":{"statusCode":403,"responseTime":21,"contentLength":9},"message":"GET /api/readonlyrest_kbn/settings 403 21ms - 9.0B"}
So then I created the Admin block and got one step further
- name: "Admin"
type: allow
auth_key: admin:admin123
kibana_access: admin
Now I am getting 200 OK in kibana log but getting this error in Kibana
what index I am missing? i have .kibana
also I am trying to set up the audit and I did added the line in elasticsearch.yml
audit_collector: true
but “readonlyrest_audit-YYYY-MM-DD” is not created
I did not play with ROR for a while and something is obviously escaping me, so little help?