EFK winlogbeat api key 설정
2025. 1. 30. 15:42ㆍEFK
401에러: 인증정보가 없어서 발생
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://elastic.barisein.co.kr:80: 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}},"status":401}]403에러: 권한이 없어서 발생
Exiting: error loading template: failed to check data stream: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/data_stream/get] is unauthorized for API key id [jkfItZQBsgQes-7XdbVH] of user [elastic] on indices [winlogbeat-8.17.1], this action is granted by the index privileges [view_index_metadata,manage,all]"}],"type":"security_exception","reason":"action [indices:admin/data_stream/get] is unauthorized for API key id [jkfItZQBsgQes-7XdbVH] of user [elastic] on indices [winlogbeat-8.17.1], this action is granted by the index privileges [view_index_metadata,manage,all]"},"status":403}api key 생성
POST _security/api_key
{
"name": "키 이름",
"role_descriptors": {
"monitoring_role": {
"cluster": [
"monitor",
"manage"
],
"index": [
{
"names": [
"*"
],
"privileges": [
"view_index_metadata",
"manage",
"read",
"write"
]
}
]
}
}
}winlogbeat.yml에 키설정
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["elastic.barisein.co.kr:80"]
# Authentication credentials - either API key or username/password.
api_key: "{ID}:{api_key}"kibana 권한 에러
Exiting: error importing Kibana dashboards: fail to import the dashboards in Kibana: Error importing directory C:\Program Files\winlogbeat-8.17.1\kibana: failed to import Kibana index pattern: 1 error: error loading index pattern: returned 403 to import file: Unable to bulk_create index-pattern. Response: {"statusCode":403,"error":"Forbidden","message":"Unable to bulk_create index-pattern"}api key 생성: kibana 권한 포함
POST _security/api_key
{
"name": "{키 이름}",
"role_descriptors": {
"monitoring_role": {
"cluster": [
"monitor",
"manage"
],
"index": [
{
"names": [
"*"
],
"privileges": [
"view_index_metadata",
"manage",
"read",
"write"
]
}
]
},
"kibana_dashboard_role": {
"cluster": ["monitor", "manage"],
"index": [
{
"names": ["winlogbeat-*"],
"privileges": ["all"]
}
]
},
"kibana_role": {
"applications": [
{
"application": "kibana-.kibana",
"privileges": ["all"],
"resources": ["*"]
}
]
}
}
}
'EFK' 카테고리의 다른 글
| EFK metricbeat PC cpu관련 항목 (0) | 2025.01.30 |
|---|---|
| EFK metricbeat 설치 및 셋팅 (0) | 2025.01.30 |
| EFK API Key 생성, 조회, 삭제하기 (0) | 2025.01.30 |
| EFK elasticsearch index 조회 (0) | 2025.01.30 |
| EFK elasticsearch 계정 생성 및 비밀번호 변경 (0) | 2025.01.30 |