我刚刚在Elasticsearch 5.6.9中安装了Search Guard 5.6.9-19.1版,以进行PoC。 我在弹性日志中收到两种警告消息。 我正在使用管理员默认角色和权限来发出请求。弹性搜索,sg_roles和sg_roles_mapping的文件如下。
**elasticsearch.yml**
searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:
searchguard.authcz.admin_dn:
- CN=sgadmin
**sg_roles.yml**
sg_all_access:
cluster:
- UNLIMITED
indices:
'*':
'*':
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO
**sg_roles_mapping.yml**
sg_all_access:
users:
- sgadmin
- admin
我的请求是在kibana控制台中进行的:
GET /_msearch/template
{"index":"rt", "_type" : "rt-type"}
{"id": "getState","params": {"Key": "Issuer:9972"}}
{"index":"history", "_type" : "history-type"}
{"id": "getDaily","params": {"Key": "Issuer:9971","from": "2018-07-30T00:00:00"}}
日志消息elasticsearch.yml:
[WARN] [c.f.s.c.PrivilegesEvaluator]无法处理索引为“ org / elasticsearch.script.mustache.MultiSearchTemplateRequest”类型的复合请求:数据/读取/ msearch /模板在这里
================================================ =========================
GET rt/rt-type/_search/template
{"id": "searchKey","params": {"Key": "Issuer:9971"}}
日志消息elasticsearch.yml:
[WARN] [c.f.s.c.PrivilegesEvaluator]无法处理索引为“ org.elasticsearch.script.mustache.SearchTemplateRequest”类型的复合请求:数据/读取/搜索/模板在这里
getState,getDaily和searchKey是模板。
这是什么意思?是否缺少任何配置?如何避免这些消息?
谢谢!