GrayLog access control

Hi Team

Graylog is attached to Elastic and Graylog provides user and role based access to access metric/log data stashed to graylog.

I have connected Kibana to Graylog’s Elastic and I am able to view data pushed to graylog on Kibana without any authentication.

Is this something known?

Please let me know.

Thanks
Srumith.

Well, if you have unauthenticated and unauthorized access to Elasticsearch, you can read and modify all data.

Typically you’d lock down Elasticsearch so that only Graylog (with its authentication and authorization layer) has access to it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.