Authentication

From Elastic Search 8.0 usernames and passwords are required for all HTTP bulk uploads. pcap2json from Version 642 supports basic authentication using configured passwords

In the configuration file

/opt/fmadio/etc/pcap2json.lua

In the "Backend" configuration section add the following configuration

["backend"] =
{
        .
        .
        '--es-auth "Basic dXNlcm5hbWU6cGFzc3dvcmQ="',
        .
        .
}

"Basic" is the type of authentication used, this is configurable.

"dXNlcm5hbWU6cGFzc3dvcmQ=" is the BASE64 encoding of "username:password"

Example encoding

$ echo -n "username:password" | base64
dXNlcm5hbWU6cGFzc3dvcmQ=
$

This translates to the following HTTP header

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ

And provides a range of options for different authentication, e.g API keys can use "APIKey" instead of "Basic" for specific cloud services.

PreviousWatchdog TImer NextKafka Output

Last updated 2 years ago