Separate Saved Searches by Stream


(Carlos Simoes) #1

Good afternoon…
I’m having a question, suppose I have my graylog, in which I’ve created a stream for each client I track.

Each client has its input, and I created a stream for each client too, creating a rule, so that in each stream the logs of that “origin / client” fall …

So far so good. I can create the rules in Authentication, for a user to have access to only a stream and so on.

Now what I could not “isolate” is the “preview” of Saved Searchs.

A user who only has permission in Stream “Client A”, ok, he can only see the corresponding Stream logs.

But in general, he can see Saved Searchs.

Even though he will not be able to view a Saved Search from a Stream that he does not have permission to, I do not want him to even show him other Saved Search.

Has as???
Example of this is in case you want to give a client access to my graylog to view your logs in your stream.

In fact, it only views the logs of your stream, even if it selects a Saved Search from another client, it can not view the logs. Beauty!

But she did not want him to see all Saved searchs, only her own.

Tradução Português (Brasil):

Boa tarde…
Estou com uma dúvida, suponhamos que tenho meu graylog, no qual criei uma stream para cada cliente que monitoro.

Cada cliente tem seu input, e criei uma stream para cada cliente também, criando uma rule, para em cada stream cair os logs daquela “origem/cliente”…

até aí tudo bem. Consigo criar as regras em Authentication, para um usuário ter acesso somente a uma stream e etc.

Agora o que não consegui “isolar” é a “visualização” das Saved Searchs.

Um usuário que tenha permissão somente na Stream “Cliente A”, ok, ele somente consegue visualizar os logs da Stream correspondente.

Porém em geral, ele consegue visualizar as Saved Searchs.

Mesmo que ele não vai conseguir visualizar uma Saved Search de uma Stream que ele não tem permissão, eu queria que nem mostrasse para ele outras Saved Search.

Tem como???
Exemplo disso é no caso de querer dar acesso a um cliente a meu graylog para visualizar seus logs na sua stream.

De fato, ele somente visualiza o logs da sua stream, mesmo que ele selecione uma Saved Search de outro cliente, ele não consegue visualizar os logs não. Beleza!

Porém, não queria que ele pudesse ver todas Saved searchs, somente a sua.


(Jan Doberstein) #2

yes - that is a known limitation.

We have, over at Github, already some feature requests for that:

You can add your input on that issue. Future versions of Graylog will be able to deal with that. Currently this is not solvable.


(Carlos Simoes) #3

OK Jan, thank you.

Well, then we have to wait for the next updates.

Do you have any intention of already implementing this feature in the next version and have a forecast for it?

Thank you.


(Jan Doberstein) #4

No sorry - no estimations. Just subscribe to the Github issue and you will be noticed if something happens.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.