OpenSearch security example for Graylog

Graylog Central (peer support)
1

Is there an example for a user / role setup for Graylog to access OpenSearch ?
My setup is currently using an "elastic’ user for access. Unfortunately, I can’t find any current doc page that talks about the security setup for Elastic or OpenSearch with Graylog at this point. If I recall that elastic user has superuser type rights. Is there a more appropriate role ?

They opensearch documentation itself has the seems to have the assumption the reader wants to be an OpenSearch user, not just configure it for use with some other application ! :slight_smile:

2

Hey @ccandreva

The connection between Graylog and Elastic/Opensearch
is only these two I kow of.

elasticsearch_hosts = http://node1:9200,http://user:password@node2:19200
elasticsearch_hosts = http://localhost:9200

There maybe a work around, I think someone member here has tried already.

3

@gsmith
What I’m looking for is more like:
If I create a graylog specific user in config/opensearch-security/internal_users.yaml , what minimum role(s) does it need ? Will one of the existing roles suffice or do we need to make one ? Or should I just give it an admin role ?

4

As an example the Gitlab documentation provide examples of the role privileges needed:

5

Hey @ccandreva

Only time I have used that file internal_users.yaml is with Elastic-stack or Opensearch/Opensearch-Dashboard not with Graylog, Graylog uses a different means for users found here

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.