I’m trying to evaluate Graylog to aggregate log files, monitor systems, send alerts, usual stuff. I have been evaluating Elasticsearch, but for my organization, LDAP/AD integration is a must-have, and since Graylog offers this for free, it’s an attractive option. Elasticsearch offers LDAP/AD integration through X-Pack (very expensive) and Search Guard (3rd party plugin - also very expensive). My question is this: does Graylog’s LDAP/AD authentication/authorization cover Elasticsearch? Is it possible to somehow prevent users from directly querying Elasticsearch except through Graylog? It seems as though Graylog operates at one level of abstraction higher than Elasticsearch, so I’m unclear as to the relationship between Graylog and Elasticsearch with regard to authentication/authorization. Thanks for helping to clarify this.
Thanks,
Andy