Official website address: JumpServer - Open Source Bastion Host - Official Website
Online phone: 400-052-0755
Technical support: JumpServer technical consultation
1. Why connect to Elasticsearch
The default configuration of the JumpServer bastion host stores commands in the "terminal_command" table of the database. In the scenario of managing large-scale assets, more command entries will be recorded accordingly. In this scenario, directly querying the database to obtain data will cause the page to be stuck At the same time, it is not conducive to filing and classification. In order to solve the above problems, the JumpServer bastion machine supports storing and recording commands to the Elasticsearch cluster, and storing commands in Elasticsearch also supports creating indexes on a daily basis for easy organization and archiving.
2. Steps for connecting the JumpServer bastion machine to Elasticsearch
2.1 Environmental Description
| use |
IP address |
Software version |
| JumpServer |
10.1.11.31 |
7.17.7 |
| Elasticsearch |
10.1.11.32 |
v2.8.1 |
Remarks: Elasticsearch in the test environment is a stand-alone environment.
2.2 Elasticsearch installation configuration
#安装 java
[root@es-node1 ~]# yum -y install java
#添加 Elasticsearch 源
[root@es-node1 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch[root@es-node1 ~]# cat >> /etc/yum.repos.d/elk.repo << EOF
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
EOF
#安装 Elasticsearch
[root@es-node1 ~]# yum -y install elasticsearch --enablerepo=elasticsearch
#配置 Elasticsearch
[root@es-node1 ~]# grep -Ev “#|$” /etc/elasticsearch/elasticsearch.yml
cluster.name: jms-cluster
node.name: es-node01
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.1.11.32
http.port: 9200
discovery.seed_hosts: [“10.1.11.32”]
cluster.initial_master_nodes: [“10.1.11.32”]
#启动 Elasticsearch 服务
[root@es-node1 ~]# systemctl enable elasticsearch
[root@es-node1 ~]# systemctl start elasticsearch
#访问 Elasticsearch 服务
[root@es-node1 ~]# curl http://10.1.11.32:9200{
“name” : “es-node01”,
“cluster_name” : “jms-cluster”,
“cluster_uuid” : “w_wbn7GHQWybqg40Swff7w”,
“version” : {
“number” : “7.17.7”,
“build_flavor” : “default”,
“build_type” : “rpm”,
“build_hash” : “78dcaaa8cee33438b91eca7f5c7f56a70fec9e80”,
“build_date” : “2022-10-17T15:29:54.167373105Z”,
“build_snapshot” : false,
“lucene_version” : “8.11.1”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
2.3 Connect the JumpServer bastion machine to Elasticsearch
Configure and manage Elasticsearch cluster connection information under the System Settings -> Terminal Settings module.
2.3.1 Connecting JumpServer bastion host to Elasticsearch
Create an Elasticsearch cluster connection item in Terminal Settings -> Command Storage submodule to connect to the Elasticsearch cluster environment.
Fill in information such as name, host and index in the Elasticsearch connection item.
After successfully creating the connection item, test the connectivity between the JumpServer bastion host and the Elasticsearch cluster.
If the page shows that the test is successful, the communication between the JumpServer bastion host and the Elasticsearch cluster is normal.
2.3.2 The JumpServer component uses Elasticsearch
After confirming that the communication between the JumpServer bastion machine and the Elasticsearch cluster is normal, configure the JumpServer bastion machine component in the terminal management submodule to store commands to the Elasticsearch cluster environment.
2.3.3 Verification of connecting JumpServer to Elasticsearch
After the JumpServer bastion machine is successfully connected to the Elasticseach cluster environment, you can connect to any asset to test whether it can normally record commands to the Elasticseach cluster.
View the results in the JumpServer bastion host audit console page -> session audit module -> command record submodule.
Through the above configuration, the JumpServer bastion machine successfully stores the command record to the Elasticsearch cluster.