-
Notifications
You must be signed in to change notification settings - Fork 0
MinIO Audit Logs saved into ElasticSearch via WebHook
Cesar Celis Hernandez edited this page Dec 20, 2022
·
4 revisions
To save audit logs in ElasticSearch via WebHook
- https://www.elastic.co/guide/en/elasticsearch/reference/7.17/getting-started.html
- https://min.io/docs/minio/macos/operations/monitoring/minio-logging.html
- https://min.io/docs/minio/macos/operations/monitoring/minio-logging.html#publish-audit-logs-to-http-webhook
- Assuming ES has been already configured as Eco did in our DC for us, if not, then follow steps on how to get started in ES and get ES ready to start.
- Enable WebHook in MinIO via Environment Variables, I am not posting the user nor the password nor the host for security reasons:
$ export MINIO_AUDIT_WEBHOOK_ENABLE_TESTING="on"
$ export MINIO_AUDIT_WEBHOOK_ENDPOINT_TESTING="http://<USER>:<PASSWORD>@<HOST>:9200/lssdsd/asdasd"
$ export MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_TESTING=""
$ export MINIO_ROOT_USER=minio
$ export MINIO_ROOT_PASSWORD=minio123
$ minio server /Volumes/data{1...4} --address :9000 --console-address :9001
MinIO Object Storage Server
Copyright: 2015-2022 MinIO, Inc.
License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
Version: RELEASE.2022-12-12T19-27-27Z (go1.19.4 darwin/amd64)
Status: 4 Online, 0 Offline.
API: http://192.168.1.151:9000 http://127.0.0.1:9000
RootUser: minio
RootPass: minio123
Console: http://192.168.1.151:9001 http://127.0.0.1:9001
RootUser: minio
RootPass: minio123
Command-line: https://min.io/docs/minio/linux/reference/minio-mc.html#quickstart
$ mc alias set myminio http://192.168.1.151:9000 minio minio123
Documentation: https://min.io/docs/minio/linux/index.html
- Look at the index:
curl -u <USER>:<PASSWORD> -X GET "<HOST>:9200/lssdsd/_search?pretty" -H 'Content-Type: application/json' -d'
{
"query": {
"match_all": { }
}
}
'
You should see:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "lssdsd",
"_type" : "asdasd",
"_id" : "NC8uMIUBuuSsBbj2Wou5",
"_score" : 1.0,
"_source" : { }
}
]
}
}
- Create a Bucket:
$ mc alias set myminio http://192.168.1.151:9000 minio minio123
Added `myminio` successfully.
$ mc mb myminio/cesarfff
Bucket created successfully `myminio/cesarfff`.
- Look at the ES index once again and notice the audit logs are being saved and
"PutBucket"
is recorded:
{
"took" : 526,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "lssdsd",
"_type" : "asdasd",
"_id" : "NC8uMIUBuuSsBbj2Wou5",
"_score" : 1.0,
"_source" : { }
},
{
"_index" : "lssdsd",
"_type" : "asdasd",
"_id" : "FS8wMIUBuuSsBbj2u404",
"_score" : 1.0,
"_source" : {
"version" : "1",
"deploymentid" : "76a720c8-d4d8-4dfc-8737-ab5939510d67",
"time" : "2022-12-20T15:39:38.024239Z",
"event" : "",
"trigger" : "incoming",
"api" : {
"name" : "GetBucketLocation",
"bucket" : "probe-bucket-sign-ratf12l0gtew",
"rx" : 0,
"tx" : -1,
"timeToResponse" : "0ns"
},
"remotehost" : "192.168.1.151",
"requestID" : "17328A938C1C0B08",
"userAgent" : "MinIO (darwin; amd64) minio-go/v7.0.34",
"requestQuery" : {
"location" : ""
},
"requestHeader" : {
"Authorization" : "AWS4-HMAC-SHA256 Credential=minio/20221220/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=f69fc658b57c4be2869c94aeff74feef12bdd1ed9a2d985c4cff8b0e09bf90b1",
"User-Agent" : "MinIO (darwin; amd64) minio-go/v7.0.34",
"X-Amz-Content-Sha256" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"X-Amz-Date" : "20221220T153938Z"
},
"responseHeader" : {
"Accept-Ranges" : "bytes",
"Content-Length" : "333",
"Content-Security-Policy" : "block-all-mixed-content",
"Content-Type" : "application/xml",
"Server" : "MinIO",
"Strict-Transport-Security" : "max-age=31536000; includeSubDomains",
"Vary" : "Origin,Accept-Encoding",
"X-Amz-Request-Id" : "17328A938C1C0B08",
"X-Content-Type-Options" : "nosniff",
"X-Xss-Protection" : "1; mode=block"
}
}
},
{
"_index" : "lssdsd",
"_type" : "asdasd",
"_id" : "Gi8wMIUBuuSsBbj23o2r",
"_score" : 1.0,
"_source" : {
"version" : "1",
"deploymentid" : "76a720c8-d4d8-4dfc-8737-ab5939510d67",
"time" : "2022-12-20T15:39:47.14234Z",
"event" : "",
"trigger" : "incoming",
"api" : {
"name" : "PutBucket",
"bucket" : "cesarfff",
"rx" : 0,
"tx" : -1,
"timeToResponse" : "0ns"
},
"remotehost" : "192.168.1.151",
"requestID" : "17328A95AB7DDCE0",
"userAgent" : "MinIO (darwin; amd64) minio-go/v7.0.34 mc/RELEASE.2022-08-23T05-45-20Z",
"requestHeader" : {
"Authorization" : "AWS4-HMAC-SHA256 Credential=minio/20221220/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=566d1b59bf879f7cd4d8cd3ba6a4ba47669f0ba88d672dd7e1cef013195f7a41",
"Content-Length" : "0",
"User-Agent" : "MinIO (darwin; amd64) minio-go/v7.0.34 mc/RELEASE.2022-08-23T05-45-20Z",
"X-Amz-Content-Sha256" : "UNSIGNED-PAYLOAD",
"X-Amz-Date" : "20221220T153947Z"
},
"responseHeader" : {
"Accept-Ranges" : "bytes",
"Content-Length" : "0",
"Content-Security-Policy" : "block-all-mixed-content",
"Location" : "/cesarfff",
"Server" : "MinIO",
"Strict-Transport-Security" : "max-age=31536000; includeSubDomains",
"Vary" : "Origin,Accept-Encoding",
"X-Amz-Request-Id" : "17328A95AB7DDCE0",
"X-Content-Type-Options" : "nosniff",
"X-Xss-Protection" : "1; mode=block"
}
}
}
]
}
}