Hi, I’ve Graylog running, without any problems. It is running since 3 months ago, with a medium load. Some basic stats: 60 indices, 304,261,633 documents, 121.2GB (2 graylog servers and 3 elasticsearch servers, 3 shards and 1 replica).
But we have Elasticsearch unsecured… Anyone can connect and do what the want. I could set some iptables rules, but I think that is too much simple and insecure. I have been reading about x-pack and search guard, but documentation is not clear for me. I just want to set up a local user with a password (no LDAP or AD), and tell graylog to connect to elasticsearch using those credentials. What is the best approach to do this? Perhaps, I would also configure Elasticsearch to use SSL with self signed certificates. How would Graylog behave with self signed certificates?
One more question, how would authentication and ssl affect elasticsearch replication?