Deployed a centralized log collection system(Elasticsearch + logstash + kibana + NxLog).
And the question arose that different users need to receive information about different logs(even from the same machine — I will describe an example below).

There is a certain server on which Nginx + PHP-FPM + MySQL is installed, all logs of which(servers) are sent to Logstash and output to Kibana.One user needs to get access only to MySQL logs, another to the kernel logs, and the third to Nginx logs .

How can I deploy such an authorization?

2 Answers 2

There are two options -
1.If the ELK stack is hanging on kibana, then you can do basic authorization on the Nginx config.But usually this is not enough, people want every single user to see only their metrics/data therefore

2.X-Packis a plug-in for the web interface to the stack from the developers of the stack itself.You can create roles and users to change passwords and privileges.But it is partially paid, but if you are only interested in the functionality of authorization and role distribution(it can still send notifications and generate turnovers), then it should be enough.

It is put simply

bin/elasticsearch-plugin install x-pack - we put on the server Elastic
bin/kibana-plugin install x-pack - we put on Kibana

After installing, a window will appear for entering the login and password.

Default login/password - elastic/changeme

It should look like this after a successful installation.

stumbled upon this topic.I decided to add an answer in the light of current x-pack authorization is available only for money.we searchguard