Configure Orchestrator to use authentication to Elasticsearch

i_completed
orchestrator
r_2017_2

#1

It would be great in a future version to have the possiblility to configure Orchestrator to use authentication to Elasticsearch. Otherwise activity log_message does not work if e.g. shield is installed to allow data seperation in Elasticsearch and Kibana. Multi tenant only in Orchestrator is not enough.
A workaround would be to use an elasticsearch and kibana instance for each tenant but you can’t configure this in Orchestrator configuration as well. And i would prefer using shield.

@all: How do you seperate data at the moment in kibana when using multi tenant in Orchestrator?


#2

I think data is separated now by creating different indexes per tenant. @andraciorici, @Marius_Cosareanu
Using shield is in research. @Pankaj_Sharma @Eesh_Tyagi


#3

The multi-tenant feature from Orchestrator creates a new index for each tenant. By default, for each tenant created you will find an index in ES with exactly the same name. You should define an index pattern like this: “[tenantName]*”


#4

@Teodor_Hoaghea
Yes you have an own index but if you have access to Elasticsearch or kibana you have access to ALL indexes.
And as in Orchestrator UI we have to seperate access to the dashboards etc.
So shield would be an option, but only if you make it possible to configure authentification for log_message activity.
Or you allow to configure an own eleasticsearch for each tenant but i would prefer the first option.

Do you know other possibilities?


#5

@andraciorici @Marius_Cosareanu @Ovidiu_Bestea can you help?


#6

Now we do have the possibility to use elasticsearch and kibana with user authentification.
But we can not activate it as long as log_message does not support authentification.
Any timeline when it will be possible? Or known workarounds?
Please help @badita @Ovidiu_Bestea


#7

Hi I need help and guidance in getting Kibana and Elastic Search Post Installation configured. I have tried to do numerous attempts with no success. I would like someone to connect and help us configure it in our environment please. I cannot add index pattern with tennantname* as told to me. Only default* is being accepted in Kibana where there are no logs showing. I want to create the index pattern and connect it on Kibana as well as showing us our logs coming in the list in Kibana. Your help would be greatly appreciated.


#8

Hi,

Once you have logs with a different inde, you have to go to Management, Index Patterns and add your own “8” in Kibana.

Have you tried this?