Graylog, Elasticsearch and LDAP Auth

I’m trying to evaluate Graylog to aggregate log files, monitor systems, send alerts, usual stuff. I have been evaluating Elasticsearch, but for my organization, LDAP/AD integration is a must-have, and since Graylog offers this for free, it’s an attractive option. Elasticsearch offers LDAP/AD integration through X-Pack (very expensive) and Search Guard (3rd party plugin - also very expensive). My question is this: does Graylog’s LDAP/AD authentication/authorization cover Elasticsearch? Is it possible to somehow prevent users from directly querying Elasticsearch except through Graylog? It seems as though Graylog operates at one level of abstraction higher than Elasticsearch, so I’m unclear as to the relationship between Graylog and Elasticsearch with regard to authentication/authorization. Thanks for helping to clarify this.


No, it doesn’t.

Yes, you can restrict access to Elasticsearch to the Graylog nodes themselves and block access from any other network location.

free method: setup iptables on elasticsearch to only allow it to talk to graylog (port 9200/9300) and ssh for administration

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.