03. 04. 2019
Michele Santuari
Log Auditing, NetEye
How to Manage Permissions in Log Analytics with NetEye 4
NetEye 4 Log Manager, as already presented in this blog post, allows you to easily manage the collection, navigation, visualization and analysis of large numbers of logs.
For m
One of the possible solutions supported by NetEye 4 is to manage the user-specific permissions leveraging the Director
Let’s assume a very simple scenario: two users (network-admin, database-admin) who must have different authorizations:
- The former is responsible for the network devices that are in network-
hostgroup - The latter is responsible for the database servers that are in database-
hostgroup
Neither user should see monitoring data and logs from the other group, just those under his/her responsibility.
The configuration of these permissions requires defining two roles in the Authentication section under the Configuration menu item:
Those roles serve to limit the permissions based on the hostgroup which each role can see as follows:
- Director: limit the visibility of host configurations
- Monitoring: show only the status of the hosts
- Logs Analytics: map the roles between Log Analytics and those just configured in the screenshot above
Log Analytics must be configured in
- Back up the Search Guard configuration:
mkdir /root/backup-hostgroup && /usr/share/neteye/scripts/searchguard/sg_backup.sh -d /root/backup-hostgroup- Create new roles in Search Guard with limited permissions based on the
hostgroup in/root/backup-hostgroup/sg_roles.yml:
ws_network-hostgroup:
cluster:
- "CLUSTER_COMPOSITE_OPS_RO"
indices:
?kibana_*:
'*':
- "READ"
logstash-*:
'*':
- "READ"
_dls_: "{\"match\":{\"hostgroups\":\"network-hostgroup\"}}"
ws_database-hostgroup:
cluster:
- "CLUSTER_COMPOSITE_OPS_RO"
indices:
?kibana_*:
'*':
- "READ"
logstash-*:
'*':
- "READ"
_dls_: "{\"match\":{\"hostgroups\":\"database-hostgroup\"}}"- Add a mapping for the roles in
/root/backup-hostgroup/sg_roles_mapping.ymlas follows:
ws_network-hostgroup:
backendroles:
- "network-hostgroup"
ws_database-hostgroup:
backendroles:
- "database-hostgroup"In an upcoming release, Log Analytics configurations will be simplified via the automated creation of Search Guard roles based on the
Michele Santuari
Software Architect at Wuerth Phoenix
Hi, my name is Michele Santuari and I am a Telecommunication engineer fell in love with OpenFlow, the first attempt of centralized network management, provisioning and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages.
Author
Latest posts by Michele Santuari
05. 04. 2019
NetEye Updates
Bug fixes for NetEye 4.4
05. 12. 2018
Development, NetEye
Research & Development – Backlog (Part 2)
03. 12. 2018
NetEye Updates
Updated icinga2, icingaweb2, neteye, neteye-setup, elasticsearch-neteye-config, elasticsearch-plugin-searchguard, searchguard-plugin-common for NetEye 4.3