OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: actionhenkt on October 07, 2020, 09:54:36 pm

Title: sensei remote elasticsearch
Post by: actionhenkt on October 07, 2020, 09:54:36 pm

Hi,
I have a question about sensei, I have configured sensei with a remote elasticsearch location. Now browsing the live session explorer it is filled with sessions from the firewall going to the elasticsearch server.. Is there a way to choose to ignore this connection to the elastic server so it wont show up in live explorer ?

Also not related to sensei but maybe someone knows, I read about SSL/TLS and user authentication, im not really clear on the license... is this functionality included in the basic license of elasticsearch ?

Thanks!

Title: Re: sensei remote elasticsearch
Post by: mb on October 07, 2020, 10:06:36 pm

Hi @actionhenkt,

You should be able to hide local connections. See attached picture.

For Elasticsearch TLS and authentication, you can leverage nginx:

https://www.nginx.com/blog/nginx-elasticsearch-better-together/

Title: Re: sensei remote elasticsearch
Post by: actionhenkt on October 07, 2020, 10:09:17 pm

oh did not notice that button there, this is much better indeed, thanks! Also for the URL to the nginx site.

Title: Re: sensei remote elasticsearch
Post by: spetrillo on December 08, 2021, 06:35:17 pm

How did you get the remote Elasticsearch implementation to work with Zenarmor? I tried it and it was looking for an id/password but I could not find what this was.

Title: Re: sensei remote elasticsearch
Post by: sy on December 09, 2021, 06:22:38 pm

Hi,

This is Elasticsearch login Infos. If your Elasticsearch doesn't have yet, please see the document:

https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash