- name: "Block 2 - Other hosts can only read certain indices"
actions: ["indices:data/read/*"]
All it’s doing is allowing all traffic from localhost, and permitting read only traffic from other hosts. I’ve added the readonlyrest.audit_collector: true parameter, but I see no “readonlyrest_audit-YYYY-MM-DD” type indexes being created when I interact with the server. Is there any other configuration I need to do?
I’m running a single node of ES 5.4.3 and my plugin version is:
Hi @sscarduzio, I’ve tried grabbing and installing this build but I’m still not getting any ROR audit log output to an index. My ROR config block currently looks like:
Impressive, I tried this out manually and discovered a security exception from the simple act of serializing a hashmap to JSON. That’s because Jackson library uses reflection for that (…).
Obviously this doesn’t happen running ROR in my IDE, so I didn’t catch this bug.
That did it, I’ve got a readonlyrest_audit-2017-07-13 index now. Thank you! I was asked to set up logging for number of users/etc hitting a demo system I’d set up and this functionality got released the day after my initial setup was done, so it couldn’t have been better timing