I would add that while Graylog's web UI offers some level of security (by using streams and granting permissions on that stream), Kibana offers none. If someone has access to Kibana, they have access to every piece of data in every open index in the entire Elasticsearch cluster. The reason is that Kibana connects directly to Elasticsearch, which, as you say, offers no authentication mechanism.
It may be possible to set up an Elasticsearch node that mirrors only the "safe" data, and allow Kibana to connect only connect to that node. Brantley On Wed, Aug 20, 2014 at 4:16 AM, Jochen Schalanda <[email protected]> wrote: > Hi, > > - is LDAP authentication supported when logging onto graylog2 GUI? >> > > Yes! The Graylog2 web interface is basically just a visualization and UI > layer on top of graylog2-server and if you've configured LDAP for the > server, the web interface will automatically authenticate against that > source. > > > >> - does graylog2 offer any mechanism to maintain a mapping i.e., a user in >> "group A" (be it UNIX or Windows) can query the indexes IA and IB and a >> user in "group B" can query indexes IB and ID? Elasticsearch doesn't >> implement any security (yet or so I was told), but we have some data >> that shouldn't be visible to everyone who has access to UI (be it graylog2 >> or Kibana). I am wondering if graylog2 helps implement any of this >> filtered queries out of the box and if not lets us extend this >> functionality. >> > > You can do this indirectly by creating streams and allowing certain users > to see and query these streams. It is currently not possible to fetch this > authorization information from LDAP/ActiveDirectory directly. > > > Cheers, > Jochen > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
