반응형
1. 환경 정보
AWS EC2에 Docker Compose로 Kibana 배포
Kibana Version: 8.17.5
2. 암호화 설정 유무에 따른 로그 비교
암호화 설정 X
사용한 docker compose yml(kibana.yml)
services:
kibana:
image: ${KIBANA_IMAGE}
restart: unless-stopped
volumes:
- /data001/kibana/config/certs:/usr/share/kibana/config/certs
- /data001/kibana/data:/usr/share/kibana/data
- /logs001/kibana/logs:/usr/share/kibana/logs
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVER_PUBLICBASEURL=https://${DOMAIN}:5601
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=["https://${ES01_HOSTNAME}:9200"]
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
- TELEMETRY_ENABLED=false
mem_limit: ${KIBANA_MEM_LIMIT}
extra_hosts:
- "${ES01_HOSTNAME}=${ES01_IP}"
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
docker compose -f kibana.yml up 명령어 실행 후 로그
(참고) 암호화 설정했을 때랑 다른 부분에 # ====>>> 으로 표시했다.
[+] Running 1/0
✔ Container dev-kibana-1 Created 0.1s
Attaching to kibana-1
kibana-1 | Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.17/production.html#openssl-legacy-provider
kibana-1 | {"log.level":"info","@timestamp":"2025-05-21T01:45:47.470Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agentVersion":"4.10.0","env":{"pid":7,"proctitle":"/usr/share/kibana/bin/../node/glibc-217/bin/node","os":"linux 6.1.134-152.225.amzn2023.x86_64","arch":"x64","host":"1f7f2bbc514a","timezone":"UTC+00","runtime":"Node.js v20.18.2"},"config":{"active":{"source":"start","value":true},"breakdownMetrics":{"source":"start","value":false},"captureBody":{"source":"start","value":"off","commonName":"capture_body"},"captureHeaders":{"source":"start","value":false},"centralConfig":{"source":"start","value":false},"contextPropagationOnly":{"source":"start","value":true},"environment":{"source":"start","value":"production"},"globalLabels":{"source":"start","value":[["git_rev","1b0d1f7623ae3403e69092138ea8905314ddd819"]],"sourceValue":{"git_rev":"1b0d1f7623ae3403e69092138ea8905314ddd819"}},"logLevel":{"source":"default","value":"info","commonName":"log_level"},"metricsInterval":{"source":"start","value":120,"sourceValue":"120s"},"serverUrl":{"source":"start","value":"https://kibana-cloud-apm.apm.us-east-1.aws.found.io/","commonName":"server_url"},"transactionSampleRate":{"source":"start","value":0.1,"commonName":"transaction_sample_rate"},"captureSpanStackTraces":{"source":"start","sourceValue":false},"secretToken":{"source":"start","value":"[REDACTED]","commonName":"secret_token"},"serviceName":{"source":"start","value":"kibana","commonName":"service_name"},"serviceVersion":{"source":"start","value":"8.17.5","commonName":"service_version"}},"activationMethod":"require","message":"Elastic APM Node.js Agent v4.10.0"}
kibana-1 | Native global console methods have been overridden in production environment.
kibana-1 | [2025-05-21T01:45:48.607+00:00][INFO ][root] Kibana is starting
kibana-1 | [2025-05-21T01:45:48.693+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
kibana-1 | [2025-05-21T01:45:54.775+00:00][INFO ][plugins-service] The following plugins are disabled: "cloudChat,cloudExperiments,cloudFullStory,dataUsage,investigateApp,investigate,profilingDataAccess,profiling,searchHomepage,searchIndices,securitySolutionServerless,serverless,serverlessObservability,serverlessSearch".
kibana-1 | [2025-05-21T01:45:54.850+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
kibana-1 | [2025-05-21T01:45:54.979+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
kibana-1 | [2025-05-21T01:45:55.025+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
kibana-1 | [2025-05-21T01:45:55.327+00:00][INFO ][plugins-system.standard] Setting up [170] plugins: [devTools,translations,share,searchConnectors,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,contentManagement,cloud,taskManager,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,productDocBase,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldsMetadata,fieldFormats,expressions,screenshotting,dataViews,esUiShared,entitiesDataAccess,customIntegrations,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,entityManager,eventLog,actions,observabilityAIAssistant,notifications,inference,llmTasks,cloudDataMigration,aiAssistantManagementSelection,advancedSettings,grokdebugger,console,searchNotebooks,bfetch,data,savedObjectsTagging,globalSearchBar,savedObjectsManagement,unifiedSearch,navigation,graph,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,alerting,logsDataAccess,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,lens,maps,dataVisualizer,dashboard,triggersActionsUi,transform,stackConnectors,integrationAssistant,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,observabilityAiAssistantManagement,metricsDataAccess,logsShared,upgradeAssistant,inventory,aiops,discover,reporting,canvas,ml,searchPlayground,searchInferenceEndpoints,searchAssistant,elasticAssistant,logsExplorer,fleet,osquery,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,esql,enterpriseSearch,datasetQuality,dataQuality,cloudSecurityPosture,cloudDefend,securitySolution,securitySolutionEss,observability,uptime,slo,synthetics,observabilityLogsExplorer,observabilityOnboarding,observabilityAIAssistantApp,discoverEnhanced,links,dashboardEnhanced,apmDataAccess,infra,monitoring,logstash,apm,ux]
kibana-1 | [2025-05-21T01:45:55.591+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: c9dd891b-32f7-4246-bda7-8ed1d4e6e0c1
kibana-1 | [2025-05-21T01:45:55.837+00:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
kibana-1 | [2025-05-21T01:45:56.225+00:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Ubuntu 20.04 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.
# ====>>> kibana-1 | [2025-05-21T01:45:56.388+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
kibana-1 | [2025-05-21T01:45:56.388+00:00][INFO ][plugins.security.config] Hashed 'xpack.security.encryptionKey' for this instance: spraNsx++EZOWtrShesU8UKVWdkYlAlG7eeMw3LUhSE=
kibana-1 | [2025-05-21T01:45:56.388+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
# ====>>> kibana-1 | [2025-05-21T01:45:56.423+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
kibana-1 | [2025-05-21T01:45:56.423+00:00][INFO ][plugins.security.config] Hashed 'xpack.security.encryptionKey' for this instance: /Zi16ijMZGZbL7t+D1rstKZ0YlB4GDdISRv9glw5sW4=
kibana-1 | [2025-05-21T01:45:56.423+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
kibana-1 | [2025-05-21T01:45:56.441+00:00][INFO ][plugins.telemetry] Telemetry collection is disabled. For more information on telemetry settings, refer to https://www.elastic.co/guide/en/kibana/8.17/telemetry-settings-kbn.html.
# ====>>> kibana-1 | [2025-05-21T01:45:56.561+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
# ====>>> kibana-1 | [2025-05-21T01:45:56.655+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
kibana-1 | [2025-05-21T01:45:56.725+00:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
# ====>>> kibana-1 | [2025-05-21T01:45:57.081+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
kibana-1 | [2025-05-21T01:45:57.082+00:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
# ====>>> kibana-1 | [2025-05-21T01:45:59.026+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
kibana-1 | [2025-05-21T01:45:59.027+00:00][INFO ][plugins.reporting.config] Hashed 'xpack.reporting.encryptionKey' for this instance: vCeUv2VfLMu3t7kmGPvUX1wZqD7WN7BW7jbrj6ZqeL4=
kibana-1 | [2025-05-21T01:46:00.150+00:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
kibana-1 | [2025-05-21T01:46:01.199+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Registering endpoint:user-artifact-packager task with timeout of [20m], interval of [60s] and policy update batch size of [25]
kibana-1 | [2025-05-21T01:46:01.200+00:00][INFO ][plugins.securitySolution.endpoint:complete-external-response-actions] Registering task [endpoint:complete-external-response-actions] with timeout of [5m] and run interval of [60s]
kibana-1 | [2025-05-21T01:46:02.750+00:00][INFO ][elasticsearch-service] Successfully connected to Elasticsearch after waiting for 315 milliseconds
kibana-1 | [2025-05-21T01:46:02.909+00:00][INFO ][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
kibana-1 | [2025-05-21T01:46:02.910+00:00][INFO ][savedobjects-service] Starting saved objects migrations
kibana-1 | [2025-05-21T01:46:03.028+00:00][INFO ][savedobjects-service] [.kibana] INIT -> CREATE_NEW_TARGET. took: 82ms.
kibana-1 | [2025-05-21T01:46:03.033+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] INIT -> CREATE_NEW_TARGET. took: 83ms.
kibana-1 | [2025-05-21T01:46:03.063+00:00][INFO ][savedobjects-service] [.kibana_analytics] INIT -> CREATE_NEW_TARGET. took: 102ms.
kibana-1 | [2025-05-21T01:46:03.074+00:00][INFO ][savedobjects-service] [.kibana_security_solution] INIT -> CREATE_NEW_TARGET. took: 103ms.
kibana-1 | [2025-05-21T01:46:03.102+00:00][INFO ][savedobjects-service] [.kibana_ingest] INIT -> CREATE_NEW_TARGET. took: 96ms.
kibana-1 | [2025-05-21T01:46:03.107+00:00][INFO ][savedobjects-service] [.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 152ms.
kibana-1 | [2025-05-21T01:46:03.132+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] INIT -> CREATE_NEW_TARGET. took: 133ms.
kibana-1 | [2025-05-21T01:46:03.634+00:00][INFO ][savedobjects-service] [.kibana_security_solution] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 560ms.
kibana-1 | [2025-05-21T01:46:03.634+00:00][INFO ][savedobjects-service] [.kibana_security_solution] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:46:03.637+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 604ms.
kibana-1 | [2025-05-21T01:46:03.638+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:46:03.639+00:00][INFO ][savedobjects-service] [.kibana_analytics] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 576ms.
kibana-1 | [2025-05-21T01:46:03.640+00:00][INFO ][savedobjects-service] [.kibana_analytics] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:46:03.641+00:00][INFO ][savedobjects-service] [.kibana] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 613ms.
kibana-1 | [2025-05-21T01:46:03.642+00:00][INFO ][savedobjects-service] [.kibana] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:46:03.774+00:00][INFO ][savedobjects-service] [.kibana_analytics] MARK_VERSION_INDEX_READY -> DONE. took: 134ms.
kibana-1 | [2025-05-21T01:46:03.775+00:00][INFO ][savedobjects-service] [.kibana_analytics] Migration completed after 814ms
kibana-1 | [2025-05-21T01:46:03.777+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] MARK_VERSION_INDEX_READY -> DONE. took: 139ms.
kibana-1 | [2025-05-21T01:46:03.777+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] Migration completed after 827ms
kibana-1 | [2025-05-21T01:46:03.778+00:00][INFO ][savedobjects-service] [.kibana] MARK_VERSION_INDEX_READY -> DONE. took: 136ms.
kibana-1 | [2025-05-21T01:46:03.778+00:00][INFO ][savedobjects-service] [.kibana] Migration completed after 832ms
kibana-1 | [2025-05-21T01:46:03.779+00:00][INFO ][savedobjects-service] [.kibana_security_solution] MARK_VERSION_INDEX_READY -> DONE. took: 145ms.
kibana-1 | [2025-05-21T01:46:03.779+00:00][INFO ][savedobjects-service] [.kibana_security_solution] Migration completed after 808ms
kibana-1 | [2025-05-21T01:46:03.819+00:00][INFO ][savedobjects-service] [.kibana_ingest] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 717ms.
kibana-1 | [2025-05-21T01:46:03.819+00:00][INFO ][savedobjects-service] [.kibana_ingest] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:46:03.827+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 695ms.
kibana-1 | [2025-05-21T01:46:03.828+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:46:03.836+00:00][INFO ][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 730ms.
kibana-1 | [2025-05-21T01:46:03.837+00:00][INFO ][savedobjects-service] [.kibana_task_manager] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:46:03.886+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] MARK_VERSION_INDEX_READY -> DONE. took: 57ms.
kibana-1 | [2025-05-21T01:46:03.886+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] Migration completed after 887ms
kibana-1 | [2025-05-21T01:46:03.892+00:00][INFO ][savedobjects-service] [.kibana_ingest] MARK_VERSION_INDEX_READY -> DONE. took: 73ms.
kibana-1 | [2025-05-21T01:46:03.893+00:00][INFO ][savedobjects-service] [.kibana_ingest] Migration completed after 887ms
kibana-1 | [2025-05-21T01:46:03.924+00:00][INFO ][savedobjects-service] [.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE. took: 87ms.
kibana-1 | [2025-05-21T01:46:03.925+00:00][INFO ][savedobjects-service] [.kibana_task_manager] Migration completed after 971ms
kibana-1 | [2025-05-21T01:46:03.934+00:00][INFO ][status.core.elasticsearch] elasticsearch service is now available: Elasticsearch is available
kibana-1 | [2025-05-21T01:46:03.935+00:00][INFO ][status.core.savedObjects] savedObjects service is now available: SavedObjects service has completed migrations and is available
kibana-1 | [2025-05-21T01:46:03.946+00:00][INFO ][plugins-system.preboot] Stopping all plugins.
kibana-1 | [2025-05-21T01:46:03.947+00:00][INFO ][plugins-system.preboot] All plugins stopped.
kibana-1 | [2025-05-21T01:46:03.947+00:00][INFO ][plugins-system.standard] Starting [170] plugins: [devTools,translations,share,searchConnectors,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,contentManagement,cloud,taskManager,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,productDocBase,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldsMetadata,fieldFormats,expressions,screenshotting,dataViews,esUiShared,entitiesDataAccess,customIntegrations,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,entityManager,eventLog,actions,observabilityAIAssistant,notifications,inference,llmTasks,cloudDataMigration,aiAssistantManagementSelection,advancedSettings,grokdebugger,console,searchNotebooks,bfetch,data,savedObjectsTagging,globalSearchBar,savedObjectsManagement,unifiedSearch,navigation,graph,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,alerting,logsDataAccess,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,lens,maps,dataVisualizer,dashboard,triggersActionsUi,transform,stackConnectors,integrationAssistant,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,observabilityAiAssistantManagement,metricsDataAccess,logsShared,upgradeAssistant,inventory,aiops,discover,reporting,canvas,ml,searchPlayground,searchInferenceEndpoints,searchAssistant,elasticAssistant,logsExplorer,fleet,osquery,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,esql,enterpriseSearch,datasetQuality,dataQuality,cloudSecurityPosture,cloudDefend,securitySolution,securitySolutionEss,observability,uptime,slo,synthetics,observabilityLogsExplorer,observabilityOnboarding,observabilityAIAssistantApp,discoverEnhanced,links,dashboardEnhanced,apmDataAccess,infra,monitoring,logstash,apm,ux]
kibana-1 | [2025-05-21T01:46:03.957+00:00][INFO ][plugins.taskManager] Task manager isCloud=false isServerless=false claimStrategy=mget isBackgroundTaskNodeOnly=false heapSizeLimit=1098907648 defaultCapacity=10 autoCalculateDefaultEchCapacity=false
kibana-1 | [2025-05-21T01:46:03.963+00:00][INFO ][plugins.taskManager] using task claiming strategy: mget
kibana-1 | [2025-05-21T01:46:03.964+00:00][INFO ][plugins.taskManager] Starting the task poller
kibana-1 | [2025-05-21T01:46:04.429+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Sender-1.1.7 scheduled with interval 1h
kibana-1 | [2025-05-21T01:46:04.429+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] Started with interval of [1d] and timeout of [2m]
kibana-1 | [2025-05-21T01:46:04.430+00:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [UnenrollInactiveAgentsTask] Started with interval of [10m]
kibana-1 | [2025-05-21T01:46:04.430+00:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [DeleteUnenrolledAgentsTask] Started with interval of [1h]
kibana-1 | [2025-05-21T01:46:04.432+00:00][INFO ][plugins.fleet] Task Fleet-Metrics-Task:1.1.1 scheduled with interval 1m
kibana-1 | [2025-05-21T01:46:04.462+00:00][INFO ][plugins.infra] Skipping initialization of Profiling endpoints because 'profilingDataAccess' plugin is not available
kibana-1 | [2025-05-21T01:46:04.465+00:00][INFO ][plugins.monitoring.monitoring] config sourced from: production cluster
kibana-1 | [2025-05-21T01:46:04.516+00:00][INFO ][plugins.slo] Installing SLO shared resources
kibana-1 | [2025-05-21T01:46:04.548+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing component template .kibana-data-quality-dashboard-ecs-mappings
kibana-1 | [2025-05-21T01:46:04.551+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing component template .kibana-data-quality-dashboard-results-mappings
kibana-1 | [2025-05-21T01:46:04.587+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-conversations
kibana-1 | [2025-05-21T01:46:07.015+00:00][INFO ][http.server.Kibana] http server running at http://0.0.0.0:5601
kibana-1 | [2025-05-21T01:46:07.044+00:00][WARN ][plugins.taskManager] Background task node "c9dd891b-32f7-4246-bda7-8ed1d4e6e0c1" has no assigned partitions, claiming against all partitions
kibana-1 | [2025-05-21T01:46:07.113+00:00][INFO ][plugins.taskManager] Kibana Discovery Service has been started
kibana-1 | [2025-05-21T01:46:07.213+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.sli-mappings]
kibana-1 | [2025-05-21T01:46:07.274+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.summary-mappings]
kibana-1 | [2025-05-21T01:46:07.279+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.sli-settings]
kibana-1 | [2025-05-21T01:46:07.298+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.summary-settings]
kibana-1 | [2025-05-21T01:46:07.307+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Logger-Task scheduled with interval 15m
kibana-1 | [2025-05-21T01:46:07.395+00:00][INFO ][plugins.slo] Installing SLO index template [.slo-observability.sli]
kibana-1 | [2025-05-21T01:46:07.531+00:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Starting monitoring stats collection
kibana-1 | [2025-05-21T01:46:07.541+00:00][INFO ][plugins.fleet.endpoint.agentPolicyLicenseWatch] Checking agent policies for compliance with the current license.
kibana-1 | [2025-05-21T01:46:07.636+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
kibana-1 | [2025-05-21T01:46:07.666+00:00][INFO ][plugins.slo] Installing SLO index template [.slo-observability.summary]
kibana-1 | [2025-05-21T01:46:07.761+00:00][INFO ][plugins.productDocBase.doc-manager] Task ProductDocBase:EnsureUpToDate scheduled to run soon
kibana-1 | [2025-05-21T01:46:07.773+00:00][INFO ][plugins.fleet.endpoint.agentPolicyLicenseWatch] All agent policies are compliant, nothing to do!
kibana-1 | [2025-05-21T01:46:07.987+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing index template .kibana-data-quality-dashboard-results-index-template
kibana-1 | [2025-05-21T01:46:08.108+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-conversations
kibana-1 | [2025-05-21T01:46:08.288+00:00][INFO ][plugins.reporting.store] Creating ILM policy for reporting data stream: kibana-reporting
kibana-1 | [2025-05-21T01:46:08.315+00:00][INFO ][plugins.taskManager] Background task node "c9dd891b-32f7-4246-bda7-8ed1d4e6e0c1" now claiming with assigned partitions
kibana-1 | [2025-05-21T01:46:08.386+00:00][WARN ][plugins.taskManager] Task Manager is unhealthy, the assumedRequiredThroughputPerMinutePerKibana (NaN) >= capacityPerMinutePerKibana (1200)
kibana-1 | [2025-05-21T01:46:08.392+00:00][INFO ][status.plugins.alerting] alerting plugin is now available: Alerting is (probably) ready
kibana-1 | [2025-05-21T01:46:08.395+00:00][INFO ][status.plugins.fleet] fleet plugin is now available: Fleet is setting up
kibana-1 | [2025-05-21T01:46:08.395+00:00][INFO ][status.plugins.licensing] licensing plugin is now available: License fetched
kibana-1 | [2025-05-21T01:46:08.396+00:00][INFO ][status.plugins.taskManager] taskManager plugin is now available: Task Manager is healthy
kibana-1 | [2025-05-21T01:46:08.473+00:00][INFO ][status] Kibana is now available
kibana-1 | [2025-05-21T01:46:08.517+00:00][INFO ][plugins.eventLog] Installing index template .kibana-event-log-template
kibana-1 | [2025-05-21T01:46:08.748+00:00][INFO ][plugins.fleet] Beginning fleet setup
kibana-1 | [2025-05-21T01:46:08.749+00:00][INFO ][plugins.fleet] Cleaning old indices
kibana-1 | [2025-05-21T01:46:08.889+00:00][INFO ][plugins.ecsDataQualityDashboard] Updating data streams - .kibana-data-quality-dashboard-results-*
kibana-1 | [2025-05-21T01:46:09.109+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-conversations-*
kibana-1 | [2025-05-21T01:46:09.122+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-knowledge-base
kibana-1 | [2025-05-21T01:46:09.231+00:00][WARN ][plugins.actions] Missing required project id while running actions:connector_usage_reporting
kibana-1 | [2025-05-21T01:46:09.421+00:00][INFO ][plugins.eventLog] Creating datastream .kibana-event-log-ds
kibana-1 | [2025-05-21T01:46:09.523+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-knowledge-base
kibana-1 | [2025-05-21T01:46:09.670+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"rag-cluster-dev"}
kibana-1 | [2025-05-21T01:46:09.843+00:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
kibana-1 | [2025-05-21T01:46:10.293+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] [runTask()] started
kibana-1 | [2025-05-21T01:46:10.294+00:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [runTask()] started
kibana-1 | [2025-05-21T01:46:10.294+00:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [runTask()] started
kibana-1 | [2025-05-21T01:46:10.318+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] [runTask()] ended: no files to process
kibana-1 | [2025-05-21T01:46:10.338+00:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [DeleteUnenrolledAgentsTask] runTask ended: Delete unenrolled agents is disabled
kibana-1 | [2025-05-21T01:46:10.419+00:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [UnenrollInactiveAgentsTask] runTask ended: success
kibana-1 | [2025-05-21T01:46:10.691+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.692+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.692+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.692+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.693+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.693+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.693+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.693+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.694+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:10.748+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-knowledge-base-*
kibana-1 | [2025-05-21T01:46:10.771+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-prompts
kibana-1 | [2025-05-21T01:46:10.882+00:00][INFO ][plugins.fleet] Output secrets storage is disabled as minimum fleet server version has not been met
kibana-1 | [2025-05-21T01:46:11.246+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:11.247+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:46:11.493+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-prompts
kibana-1 | [2025-05-21T01:46:11.770+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-prompts-*
kibana-1 | [2025-05-21T01:46:11.774+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-anonymization-fields
kibana-1 | [2025-05-21T01:46:12.020+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-anonymization-fields
kibana-1 | [2025-05-21T01:46:12.115+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-anonymization-fields-*
kibana-1 | [2025-05-21T01:46:12.119+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-attack-discovery
kibana-1 | [2025-05-21T01:46:12.237+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-attack-discovery
kibana-1 | [2025-05-21T01:46:12.374+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-attack-discovery-*
kibana-1 | [2025-05-21T01:46:12.474+00:00][INFO ][plugins.reporting.store] Linking ILM policy to reporting data stream: .kibana-reporting, component template: kibana-reporting@custom
# ====>>> kibana-1 | [2025-05-21T01:46:12.654+00:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, private key passphrase is being stored in plain text
kibana-1 | [2025-05-21T01:46:12.893+00:00][INFO ][plugins.fleet] Fleet setup completed
# ====>>> kibana-1 | [2025-05-21T01:46:12.911+00:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, agent uninstall tokens are being stored in plain text
kibana-1 | [2025-05-21T01:46:12.913+00:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask
kibana-1 | [2025-05-21T01:46:12.943+00:00][INFO ][plugins.securitySolution.endpoint.policyProtectionsComplianceChecks] All relevant features are enabled. Nothing to do!
kibana-1 | [2025-05-21T01:46:12.944+00:00][INFO ][plugins.securitySolution.endpoint.agentPolicyFeatures] App feature [endpoint_agent_tamper_protection] is enabled. Nothing to do!
kibana-1 | [2025-05-21T01:46:13.067+00:00][INFO ][plugins.fleet] Install with state machine - Starting installation of synthetics@1.3.0 from bundled
kibana-1 | [2025-05-21T01:46:13.156+00:00][INFO ][plugins.securitySolution.endpoint:metadata-check-transforms-task:0.0.1] no endpoint installation found
kibana-1 | [2025-05-21T01:46:15.933+00:00][INFO ][plugins.synthetics] Installed synthetics index templates
다른 부분만 모아서 보면 아래와 같다.
모드 WARN 로그이고 암호화를 하라는 내용이다.
[WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, private key passphrase is being stored in plain text
[WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, agent uninstall tokens are being stored in plain text
암호화 설정 O
사용한 docker compose yml(kibana.yml)
아래와 같이 암호화 부분을 추가하고 로그를 살펴보기로 한다.
아래 암호화 값은 Kibana Encryption Key Generation Utility를 사용해서 생성했다. 별첨 참고.
(근데 사용자 마음대로 아무 값이나 넣어도되는 것 같다.)
나 같은 경우에는 우선 Kibana를 docker로 배포하고 컨테이너 내부에 들어가서 bin/kibana-encryption-keys generate 실행해서 Key 값을 반환 받아 사용했다.
services:
kibana:
image: ${KIBANA_IMAGE}
restart: unless-stopped
volumes:
- /data001/kibana/config/certs:/usr/share/kibana/config/certs
- /data001/kibana/data:/usr/share/kibana/data
- /logs001/kibana/logs:/usr/share/kibana/logs
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVER_PUBLICBASEURL=https://${DOMAIN}:5601
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=["https://${ES01_HOSTNAME}:9200"]
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
- TELEMETRY_ENABLED=false
- XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- XPACK_REPORTING_ENCRYPTIONKEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- XPACK_SECURITY_ENCRYPTIONKEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mem_limit: ${KIBANA_MEM_LIMIT}
extra_hosts:
- "${ES01_HOSTNAME}=${ES01_IP}"
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
docker compose -f kibana.yml up 명령어 실행 후 로그
암호화 안했을 때 발생하던 WARN 로그들이 사라지고 암호화 설정 관련된 로그들이 늘어났다.
[+] Running 1/0
✔ Container dev-kibana-1 Created 0.1s
Attaching to kibana-1
kibana-1 | Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.17/production.html#openssl-legacy-provider
kibana-1 | {"log.level":"info","@timestamp":"2025-05-21T01:51:43.566Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agentVersion":"4.10.0","env":{"pid":7,"proctitle":"/usr/share/kibana/bin/../node/glibc-217/bin/node","os":"linux 6.1.134-152.225.amzn2023.x86_64","arch":"x64","host":"8149f2666f8b","timezone":"UTC+00","runtime":"Node.js v20.18.2"},"config":{"active":{"source":"start","value":true},"breakdownMetrics":{"source":"start","value":false},"captureBody":{"source":"start","value":"off","commonName":"capture_body"},"captureHeaders":{"source":"start","value":false},"centralConfig":{"source":"start","value":false},"contextPropagationOnly":{"source":"start","value":true},"environment":{"source":"start","value":"production"},"globalLabels":{"source":"start","value":[["git_rev","1b0d1f7623ae3403e69092138ea8905314ddd819"]],"sourceValue":{"git_rev":"1b0d1f7623ae3403e69092138ea8905314ddd819"}},"logLevel":{"source":"default","value":"info","commonName":"log_level"},"metricsInterval":{"source":"start","value":120,"sourceValue":"120s"},"serverUrl":{"source":"start","value":"https://kibana-cloud-apm.apm.us-east-1.aws.found.io/","commonName":"server_url"},"transactionSampleRate":{"source":"start","value":0.1,"commonName":"transaction_sample_rate"},"captureSpanStackTraces":{"source":"start","sourceValue":false},"secretToken":{"source":"start","value":"[REDACTED]","commonName":"secret_token"},"serviceName":{"source":"start","value":"kibana","commonName":"service_name"},"serviceVersion":{"source":"start","value":"8.17.5","commonName":"service_version"}},"activationMethod":"require","message":"Elastic APM Node.js Agent v4.10.0"}
kibana-1 | Native global console methods have been overridden in production environment.
kibana-1 | [2025-05-21T01:51:44.721+00:00][INFO ][root] Kibana is starting
kibana-1 | [2025-05-21T01:51:44.815+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
kibana-1 | [2025-05-21T01:51:51.090+00:00][INFO ][plugins-service] The following plugins are disabled: "cloudChat,cloudExperiments,cloudFullStory,dataUsage,investigateApp,investigate,profilingDataAccess,profiling,searchHomepage,searchIndices,securitySolutionServerless,serverless,serverlessObservability,serverlessSearch".
kibana-1 | [2025-05-21T01:51:51.165+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
kibana-1 | [2025-05-21T01:51:51.294+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
kibana-1 | [2025-05-21T01:51:51.341+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
kibana-1 | [2025-05-21T01:51:51.632+00:00][INFO ][plugins-system.standard] Setting up [170] plugins: [devTools,translations,share,searchConnectors,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,contentManagement,cloud,taskManager,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,productDocBase,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldsMetadata,fieldFormats,expressions,screenshotting,dataViews,esUiShared,entitiesDataAccess,customIntegrations,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,entityManager,eventLog,actions,observabilityAIAssistant,notifications,inference,llmTasks,cloudDataMigration,aiAssistantManagementSelection,advancedSettings,grokdebugger,console,searchNotebooks,bfetch,data,savedObjectsTagging,globalSearchBar,savedObjectsManagement,unifiedSearch,navigation,graph,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,alerting,logsDataAccess,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,lens,maps,dataVisualizer,dashboard,triggersActionsUi,transform,stackConnectors,integrationAssistant,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,observabilityAiAssistantManagement,metricsDataAccess,logsShared,upgradeAssistant,inventory,aiops,discover,reporting,canvas,ml,searchPlayground,searchInferenceEndpoints,searchAssistant,elasticAssistant,logsExplorer,fleet,osquery,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,esql,enterpriseSearch,datasetQuality,dataQuality,cloudSecurityPosture,cloudDefend,securitySolution,securitySolutionEss,observability,uptime,slo,synthetics,observabilityLogsExplorer,observabilityOnboarding,observabilityAIAssistantApp,discoverEnhanced,links,dashboardEnhanced,apmDataAccess,infra,monitoring,logstash,apm,ux]
kibana-1 | [2025-05-21T01:51:51.860+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: e930955b-1231-4e37-959e-38f500091021
kibana-1 | [2025-05-21T01:51:52.105+00:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
kibana-1 | [2025-05-21T01:51:52.491+00:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Ubuntu 20.04 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.
kibana-1 | [2025-05-21T01:51:52.644+00:00][INFO ][plugins.security.config] Hashed 'xpack.security.encryptionKey' for this instance: hPSRNBMjSMC8dG04wfpv9KUJ3LsvWaycnihO8aGZDj0=
kibana-1 | [2025-05-21T01:51:52.644+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
kibana-1 | [2025-05-21T01:51:52.678+00:00][INFO ][plugins.security.config] Hashed 'xpack.security.encryptionKey' for this instance: hPSRNBMjSMC8dG04wfpv9KUJ3LsvWaycnihO8aGZDj0=
kibana-1 | [2025-05-21T01:51:52.678+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
kibana-1 | [2025-05-21T01:51:52.696+00:00][INFO ][plugins.telemetry] Telemetry collection is disabled. For more information on telemetry settings, refer to https://www.elastic.co/guide/en/kibana/8.17/telemetry-settings-kbn.html.
kibana-1 | [2025-05-21T01:51:52.813+00:00][INFO ][plugins.encryptedSavedObjects] Hashed 'xpack.encryptedSavedObjects.encryptionKey' for this instance: l1uDJuasCI0B/PjJ5ZHq6bXEN255ZMC/APWhgs9g584=
kibana-1 | [2025-05-21T01:51:52.968+00:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
kibana-1 | [2025-05-21T01:51:53.324+00:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
kibana-1 | [2025-05-21T01:51:55.242+00:00][INFO ][plugins.reporting.config] Hashed 'xpack.reporting.encryptionKey' for this instance: 2QEXLwuOFL5LT8IVz3IZOefKBVflvY4yfMFrIXR7lyo=
kibana-1 | [2025-05-21T01:51:56.345+00:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
kibana-1 | [2025-05-21T01:51:57.411+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Registering endpoint:user-artifact-packager task with timeout of [20m], interval of [60s] and policy update batch size of [25]
kibana-1 | [2025-05-21T01:51:57.412+00:00][INFO ][plugins.securitySolution.endpoint:complete-external-response-actions] Registering task [endpoint:complete-external-response-actions] with timeout of [5m] and run interval of [60s]
kibana-1 | [2025-05-21T01:51:58.860+00:00][INFO ][elasticsearch-service] Successfully connected to Elasticsearch after waiting for 364 milliseconds
kibana-1 | [2025-05-21T01:51:59.034+00:00][INFO ][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
kibana-1 | [2025-05-21T01:51:59.046+00:00][INFO ][savedobjects-service] Starting saved objects migrations
kibana-1 | [2025-05-21T01:51:59.292+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] INIT -> CREATE_NEW_TARGET. took: 66ms.
kibana-1 | [2025-05-21T01:51:59.295+00:00][INFO ][savedobjects-service] [.kibana] INIT -> CREATE_NEW_TARGET. took: 101ms.
kibana-1 | [2025-05-21T01:51:59.314+00:00][INFO ][savedobjects-service] [.kibana_ingest] INIT -> CREATE_NEW_TARGET. took: 62ms.
kibana-1 | [2025-05-21T01:51:59.317+00:00][INFO ][savedobjects-service] [.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 88ms.
kibana-1 | [2025-05-21T01:51:59.335+00:00][INFO ][savedobjects-service] [.kibana_security_solution] INIT -> CREATE_NEW_TARGET. took: 95ms.
kibana-1 | [2025-05-21T01:51:59.342+00:00][INFO ][savedobjects-service] [.kibana_analytics] INIT -> CREATE_NEW_TARGET. took: 108ms.
kibana-1 | [2025-05-21T01:51:59.359+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] INIT -> CREATE_NEW_TARGET. took: 113ms.
kibana-1 | [2025-05-21T01:51:59.894+00:00][INFO ][savedobjects-service] [.kibana_ingest] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 579ms.
kibana-1 | [2025-05-21T01:51:59.894+00:00][INFO ][savedobjects-service] [.kibana_ingest] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:51:59.897+00:00][INFO ][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 580ms.
kibana-1 | [2025-05-21T01:51:59.897+00:00][INFO ][savedobjects-service] [.kibana_task_manager] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:51:59.899+00:00][INFO ][savedobjects-service] [.kibana] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 604ms.
kibana-1 | [2025-05-21T01:51:59.899+00:00][INFO ][savedobjects-service] [.kibana] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:51:59.901+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 609ms.
kibana-1 | [2025-05-21T01:51:59.902+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:52:00.055+00:00][INFO ][savedobjects-service] [.kibana] MARK_VERSION_INDEX_READY -> DONE. took: 156ms.
kibana-1 | [2025-05-21T01:52:00.056+00:00][INFO ][savedobjects-service] [.kibana] Migration completed after 862ms
kibana-1 | [2025-05-21T01:52:00.058+00:00][INFO ][savedobjects-service] [.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE. took: 161ms.
kibana-1 | [2025-05-21T01:52:00.060+00:00][INFO ][savedobjects-service] [.kibana_task_manager] Migration completed after 831ms
kibana-1 | [2025-05-21T01:52:00.062+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] MARK_VERSION_INDEX_READY -> DONE. took: 161ms.
kibana-1 | [2025-05-21T01:52:00.063+00:00][INFO ][savedobjects-service] [.kibana_usage_counters] Migration completed after 837ms
kibana-1 | [2025-05-21T01:52:00.064+00:00][INFO ][savedobjects-service] [.kibana_ingest] MARK_VERSION_INDEX_READY -> DONE. took: 170ms.
kibana-1 | [2025-05-21T01:52:00.065+00:00][INFO ][savedobjects-service] [.kibana_ingest] Migration completed after 813ms
kibana-1 | [2025-05-21T01:52:00.103+00:00][INFO ][savedobjects-service] [.kibana_analytics] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 761ms.
kibana-1 | [2025-05-21T01:52:00.103+00:00][INFO ][savedobjects-service] [.kibana_analytics] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:52:00.105+00:00][INFO ][savedobjects-service] [.kibana_security_solution] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 770ms.
kibana-1 | [2025-05-21T01:52:00.106+00:00][INFO ][savedobjects-service] [.kibana_security_solution] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 1ms.
kibana-1 | [2025-05-21T01:52:00.110+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] CREATE_NEW_TARGET -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 751ms.
kibana-1 | [2025-05-21T01:52:00.111+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] CHECK_VERSION_INDEX_READY_ACTIONS -> MARK_VERSION_INDEX_READY. took: 0ms.
kibana-1 | [2025-05-21T01:52:00.162+00:00][INFO ][savedobjects-service] [.kibana_security_solution] MARK_VERSION_INDEX_READY -> DONE. took: 56ms.
kibana-1 | [2025-05-21T01:52:00.163+00:00][INFO ][savedobjects-service] [.kibana_security_solution] Migration completed after 923ms
kibana-1 | [2025-05-21T01:52:00.195+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] MARK_VERSION_INDEX_READY -> DONE. took: 85ms.
kibana-1 | [2025-05-21T01:52:00.195+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] Migration completed after 949ms
kibana-1 | [2025-05-21T01:52:00.197+00:00][INFO ][savedobjects-service] [.kibana_analytics] MARK_VERSION_INDEX_READY -> DONE. took: 94ms.
kibana-1 | [2025-05-21T01:52:00.197+00:00][INFO ][savedobjects-service] [.kibana_analytics] Migration completed after 963ms
kibana-1 | [2025-05-21T01:52:00.207+00:00][INFO ][status.core.elasticsearch] elasticsearch service is now available: Elasticsearch is available
kibana-1 | [2025-05-21T01:52:00.207+00:00][INFO ][status.core.savedObjects] savedObjects service is now available: SavedObjects service has completed migrations and is available
kibana-1 | [2025-05-21T01:52:00.211+00:00][INFO ][plugins-system.preboot] Stopping all plugins.
kibana-1 | [2025-05-21T01:52:00.213+00:00][INFO ][plugins-system.preboot] All plugins stopped.
kibana-1 | [2025-05-21T01:52:00.213+00:00][INFO ][plugins-system.standard] Starting [170] plugins: [devTools,translations,share,searchConnectors,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,contentManagement,cloud,taskManager,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,productDocBase,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldsMetadata,fieldFormats,expressions,screenshotting,dataViews,esUiShared,entitiesDataAccess,customIntegrations,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,entityManager,eventLog,actions,observabilityAIAssistant,notifications,inference,llmTasks,cloudDataMigration,aiAssistantManagementSelection,advancedSettings,grokdebugger,console,searchNotebooks,bfetch,data,savedObjectsTagging,globalSearchBar,savedObjectsManagement,unifiedSearch,navigation,graph,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,alerting,logsDataAccess,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,lens,maps,dataVisualizer,dashboard,triggersActionsUi,transform,stackConnectors,integrationAssistant,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,observabilityAiAssistantManagement,metricsDataAccess,logsShared,upgradeAssistant,inventory,aiops,discover,reporting,canvas,ml,searchPlayground,searchInferenceEndpoints,searchAssistant,elasticAssistant,logsExplorer,fleet,osquery,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,esql,enterpriseSearch,datasetQuality,dataQuality,cloudSecurityPosture,cloudDefend,securitySolution,securitySolutionEss,observability,uptime,slo,synthetics,observabilityLogsExplorer,observabilityOnboarding,observabilityAIAssistantApp,discoverEnhanced,links,dashboardEnhanced,apmDataAccess,infra,monitoring,logstash,apm,ux]
kibana-1 | [2025-05-21T01:52:00.224+00:00][INFO ][plugins.taskManager] Task manager isCloud=false isServerless=false claimStrategy=mget isBackgroundTaskNodeOnly=false heapSizeLimit=1098907648 defaultCapacity=10 autoCalculateDefaultEchCapacity=false
kibana-1 | [2025-05-21T01:52:00.229+00:00][INFO ][plugins.taskManager] using task claiming strategy: mget
kibana-1 | [2025-05-21T01:52:00.230+00:00][INFO ][plugins.taskManager] Starting the task poller
kibana-1 | [2025-05-21T01:52:00.616+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Sender-1.1.7 scheduled with interval 1h
kibana-1 | [2025-05-21T01:52:00.617+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] Started with interval of [1d] and timeout of [2m]
kibana-1 | [2025-05-21T01:52:00.617+00:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [UnenrollInactiveAgentsTask] Started with interval of [10m]
kibana-1 | [2025-05-21T01:52:00.617+00:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [DeleteUnenrolledAgentsTask] Started with interval of [1h]
kibana-1 | [2025-05-21T01:52:00.620+00:00][INFO ][plugins.fleet] Task Fleet-Metrics-Task:1.1.1 scheduled with interval 1m
kibana-1 | [2025-05-21T01:52:00.647+00:00][INFO ][plugins.infra] Skipping initialization of Profiling endpoints because 'profilingDataAccess' plugin is not available
kibana-1 | [2025-05-21T01:52:00.650+00:00][INFO ][plugins.monitoring.monitoring] config sourced from: production cluster
kibana-1 | [2025-05-21T01:52:00.699+00:00][INFO ][plugins.slo] Installing SLO shared resources
kibana-1 | [2025-05-21T01:52:00.727+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing component template .kibana-data-quality-dashboard-ecs-mappings
kibana-1 | [2025-05-21T01:52:00.730+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing component template .kibana-data-quality-dashboard-results-mappings
kibana-1 | [2025-05-21T01:52:00.767+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-conversations
kibana-1 | [2025-05-21T01:52:03.147+00:00][INFO ][http.server.Kibana] http server running at http://0.0.0.0:5601
kibana-1 | [2025-05-21T01:52:03.175+00:00][WARN ][plugins.taskManager] Background task node "e930955b-1231-4e37-959e-38f500091021" has no assigned partitions, claiming against all partitions
kibana-1 | [2025-05-21T01:52:03.225+00:00][INFO ][plugins.taskManager] Kibana Discovery Service has been started
kibana-1 | [2025-05-21T01:52:03.353+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=1password]
kibana-1 | [2025-05-21T01:52:03.353+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=abnormal_security]
kibana-1 | [2025-05-21T01:52:03.354+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=activemq]
kibana-1 | [2025-05-21T01:52:03.354+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=akamai]
kibana-1 | [2025-05-21T01:52:03.354+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=amazon_security_lake]
kibana-1 | [2025-05-21T01:52:03.354+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=apache]
kibana-1 | [2025-05-21T01:52:03.355+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=apache_spark]
kibana-1 | [2025-05-21T01:52:03.355+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=apache_tomcat]
kibana-1 | [2025-05-21T01:52:03.355+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=apm]
kibana-1 | [2025-05-21T01:52:03.356+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=arista_ngfw]
kibana-1 | [2025-05-21T01:52:03.356+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=atlassian_bitbucket]
kibana-1 | [2025-05-21T01:52:03.356+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=atlassian_confluence]
kibana-1 | [2025-05-21T01:52:03.356+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=atlassian_jira]
kibana-1 | [2025-05-21T01:52:03.357+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=auditd]
kibana-1 | [2025-05-21T01:52:03.357+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=auditd_manager]
kibana-1 | [2025-05-21T01:52:03.357+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=auth0]
kibana-1 | [2025-05-21T01:52:03.357+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=authentik]
kibana-1 | [2025-05-21T01:52:03.358+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=aws]
kibana-1 | [2025-05-21T01:52:03.358+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=aws_bedrock]
kibana-1 | [2025-05-21T01:52:03.358+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=aws_logs]
kibana-1 | [2025-05-21T01:52:03.358+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=awsfargate]
kibana-1 | [2025-05-21T01:52:03.358+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=awsfirehose]
kibana-1 | [2025-05-21T01:52:03.359+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure]
kibana-1 | [2025-05-21T01:52:03.359+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_application_insights]
kibana-1 | [2025-05-21T01:52:03.359+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_billing]
kibana-1 | [2025-05-21T01:52:03.360+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_blob_storage]
kibana-1 | [2025-05-21T01:52:03.360+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_frontdoor]
kibana-1 | [2025-05-21T01:52:03.360+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_metrics]
kibana-1 | [2025-05-21T01:52:03.360+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_network_watcher_nsg]
kibana-1 | [2025-05-21T01:52:03.361+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_network_watcher_vnet]
kibana-1 | [2025-05-21T01:52:03.361+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=azure_openai]
kibana-1 | [2025-05-21T01:52:03.365+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=barracuda]
kibana-1 | [2025-05-21T01:52:03.365+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=barracuda_cloudgen_firewall]
kibana-1 | [2025-05-21T01:52:03.365+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=bbot]
kibana-1 | [2025-05-21T01:52:03.365+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=beaconing]
kibana-1 | [2025-05-21T01:52:03.366+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=beat]
kibana-1 | [2025-05-21T01:52:03.366+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=bitdefender]
kibana-1 | [2025-05-21T01:52:03.366+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=bitwarden]
kibana-1 | [2025-05-21T01:52:03.366+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=box_events]
kibana-1 | [2025-05-21T01:52:03.367+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=carbon_black_cloud]
kibana-1 | [2025-05-21T01:52:03.367+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=carbonblack_edr]
kibana-1 | [2025-05-21T01:52:03.367+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cassandra]
kibana-1 | [2025-05-21T01:52:03.367+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cef]
kibana-1 | [2025-05-21T01:52:03.368+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cel]
kibana-1 | [2025-05-21T01:52:03.368+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ceph]
kibana-1 | [2025-05-21T01:52:03.368+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=checkpoint]
kibana-1 | [2025-05-21T01:52:03.368+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisa_kevs]
kibana-1 | [2025-05-21T01:52:03.369+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_aironet]
kibana-1 | [2025-05-21T01:52:03.369+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_asa]
kibana-1 | [2025-05-21T01:52:03.369+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_duo]
kibana-1 | [2025-05-21T01:52:03.369+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_ftd]
kibana-1 | [2025-05-21T01:52:03.370+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_ios]
kibana-1 | [2025-05-21T01:52:03.370+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_ise]
kibana-1 | [2025-05-21T01:52:03.370+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_meraki]
kibana-1 | [2025-05-21T01:52:03.370+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_nexus]
kibana-1 | [2025-05-21T01:52:03.371+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_secure_email_gateway]
kibana-1 | [2025-05-21T01:52:03.371+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_secure_endpoint]
kibana-1 | [2025-05-21T01:52:03.371+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cisco_umbrella]
kibana-1 | [2025-05-21T01:52:03.371+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=citrix_adc]
kibana-1 | [2025-05-21T01:52:03.372+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=citrix_waf]
kibana-1 | [2025-05-21T01:52:03.372+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cloud_defend]
kibana-1 | [2025-05-21T01:52:03.372+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cloud_security_posture]
kibana-1 | [2025-05-21T01:52:03.372+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cloudflare]
kibana-1 | [2025-05-21T01:52:03.373+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cloudflare_logpush]
kibana-1 | [2025-05-21T01:52:03.373+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cockroachdb]
kibana-1 | [2025-05-21T01:52:03.373+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=couchbase]
kibana-1 | [2025-05-21T01:52:03.373+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=couchdb]
kibana-1 | [2025-05-21T01:52:03.374+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=crowdstrike]
kibana-1 | [2025-05-21T01:52:03.374+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cyberark_pta]
kibana-1 | [2025-05-21T01:52:03.374+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cyberarkpas]
kibana-1 | [2025-05-21T01:52:03.374+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=cybereason]
kibana-1 | [2025-05-21T01:52:03.374+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=darktrace]
kibana-1 | [2025-05-21T01:52:03.375+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ded]
kibana-1 | [2025-05-21T01:52:03.375+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=dga]
kibana-1 | [2025-05-21T01:52:03.375+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=digital_guardian]
kibana-1 | [2025-05-21T01:52:03.375+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=docker]
kibana-1 | [2025-05-21T01:52:03.376+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=elastic_agent]
kibana-1 | [2025-05-21T01:52:03.376+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=elasticsearch]
kibana-1 | [2025-05-21T01:52:03.376+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=endpoint]
kibana-1 | [2025-05-21T01:52:03.376+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=enterprisesearch]
kibana-1 | [2025-05-21T01:52:03.377+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=entityanalytics_entra_id]
kibana-1 | [2025-05-21T01:52:03.377+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=entityanalytics_okta]
kibana-1 | [2025-05-21T01:52:03.377+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=eset_protect]
kibana-1 | [2025-05-21T01:52:03.377+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ess_billing]
kibana-1 | [2025-05-21T01:52:03.377+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=etcd]
kibana-1 | [2025-05-21T01:52:03.378+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=f5_bigip]
kibana-1 | [2025-05-21T01:52:03.378+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=falco]
kibana-1 | [2025-05-21T01:52:03.378+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=filestream]
kibana-1 | [2025-05-21T01:52:03.378+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fim]
kibana-1 | [2025-05-21T01:52:03.379+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fireeye]
kibana-1 | [2025-05-21T01:52:03.379+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fleet_server]
kibana-1 | [2025-05-21T01:52:03.379+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=forcepoint_web]
kibana-1 | [2025-05-21T01:52:03.379+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=forgerock]
kibana-1 | [2025-05-21T01:52:03.380+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet]
kibana-1 | [2025-05-21T01:52:03.380+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet_forticlient]
kibana-1 | [2025-05-21T01:52:03.380+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet_fortiedr]
kibana-1 | [2025-05-21T01:52:03.380+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet_fortigate]
kibana-1 | [2025-05-21T01:52:03.381+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet_fortimail]
kibana-1 | [2025-05-21T01:52:03.381+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet_fortimanager]
kibana-1 | [2025-05-21T01:52:03.381+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=fortinet_fortiproxy]
kibana-1 | [2025-05-21T01:52:03.381+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=gcp]
kibana-1 | [2025-05-21T01:52:03.381+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=gcp_pubsub]
kibana-1 | [2025-05-21T01:52:03.381+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=gcp_vertexai]
kibana-1 | [2025-05-21T01:52:03.382+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=gigamon]
kibana-1 | [2025-05-21T01:52:03.382+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=github]
kibana-1 | [2025-05-21T01:52:03.382+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=gitlab]
kibana-1 | [2025-05-21T01:52:03.382+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=golang]
kibana-1 | [2025-05-21T01:52:03.382+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=google_cloud_storage]
kibana-1 | [2025-05-21T01:52:03.382+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=google_scc]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=google_workspace]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=hadoop]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=haproxy]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=hashicorp_vault]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=hid_bravura_monitor]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=http_endpoint]
kibana-1 | [2025-05-21T01:52:03.383+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=httpjson]
kibana-1 | [2025-05-21T01:52:03.384+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ibmmq]
kibana-1 | [2025-05-21T01:52:03.384+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=iis]
kibana-1 | [2025-05-21T01:52:03.384+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=imperva]
kibana-1 | [2025-05-21T01:52:03.384+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=imperva_cloud_waf]
kibana-1 | [2025-05-21T01:52:03.384+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=infoblox_bloxone_ddi]
kibana-1 | [2025-05-21T01:52:03.384+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=infoblox_nios]
kibana-1 | [2025-05-21T01:52:03.385+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=iptables]
kibana-1 | [2025-05-21T01:52:03.385+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=jamf_compliance_reporter]
kibana-1 | [2025-05-21T01:52:03.385+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=jamf_protect]
kibana-1 | [2025-05-21T01:52:03.385+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=journald]
kibana-1 | [2025-05-21T01:52:03.385+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=jumpcloud]
kibana-1 | [2025-05-21T01:52:03.386+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=juniper]
kibana-1 | [2025-05-21T01:52:03.386+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=juniper_srx]
kibana-1 | [2025-05-21T01:52:03.386+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=kafka]
kibana-1 | [2025-05-21T01:52:03.389+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=kafka_log]
kibana-1 | [2025-05-21T01:52:03.389+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=keycloak]
kibana-1 | [2025-05-21T01:52:03.389+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=kibana]
kibana-1 | [2025-05-21T01:52:03.389+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=kubernetes]
kibana-1 | [2025-05-21T01:52:03.389+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=lastpass]
kibana-1 | [2025-05-21T01:52:03.390+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=lmd]
kibana-1 | [2025-05-21T01:52:03.390+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=log]
kibana-1 | [2025-05-21T01:52:03.390+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=logstash]
kibana-1 | [2025-05-21T01:52:03.390+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=lumos]
kibana-1 | [2025-05-21T01:52:03.390+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=lyve_cloud]
kibana-1 | [2025-05-21T01:52:03.391+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=m365_defender]
kibana-1 | [2025-05-21T01:52:03.391+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=mattermost]
kibana-1 | [2025-05-21T01:52:03.391+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=memcached]
kibana-1 | [2025-05-21T01:52:03.391+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=menlo]
kibana-1 | [2025-05-21T01:52:03.391+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_defender_cloud]
kibana-1 | [2025-05-21T01:52:03.392+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_defender_endpoint]
kibana-1 | [2025-05-21T01:52:03.392+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_dhcp]
kibana-1 | [2025-05-21T01:52:03.392+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_dnsserver]
kibana-1 | [2025-05-21T01:52:03.392+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_exchange_online_message_trace]
kibana-1 | [2025-05-21T01:52:03.393+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_exchange_server]
kibana-1 | [2025-05-21T01:52:03.393+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=microsoft_sqlserver]
kibana-1 | [2025-05-21T01:52:03.393+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=mimecast]
kibana-1 | [2025-05-21T01:52:03.393+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=modsecurity]
kibana-1 | [2025-05-21T01:52:03.393+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=mongodb]
kibana-1 | [2025-05-21T01:52:03.394+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=mongodb_atlas]
kibana-1 | [2025-05-21T01:52:03.396+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=mysql]
kibana-1 | [2025-05-21T01:52:03.396+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=mysql_enterprise]
kibana-1 | [2025-05-21T01:52:03.396+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=nagios_xi]
kibana-1 | [2025-05-21T01:52:03.397+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=nats]
kibana-1 | [2025-05-21T01:52:03.397+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=netflow]
kibana-1 | [2025-05-21T01:52:03.397+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=netskope]
kibana-1 | [2025-05-21T01:52:03.397+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=network_traffic]
kibana-1 | [2025-05-21T01:52:03.397+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=nginx]
kibana-1 | [2025-05-21T01:52:03.398+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=nginx_ingress_controller]
kibana-1 | [2025-05-21T01:52:03.398+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=o365]
kibana-1 | [2025-05-21T01:52:03.398+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=okta]
kibana-1 | [2025-05-21T01:52:03.398+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=openai]
kibana-1 | [2025-05-21T01:52:03.399+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=oracle]
kibana-1 | [2025-05-21T01:52:03.399+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=oracle_weblogic]
kibana-1 | [2025-05-21T01:52:03.399+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=osquery]
kibana-1 | [2025-05-21T01:52:03.399+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=osquery_manager]
kibana-1 | [2025-05-21T01:52:03.400+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=panw]
kibana-1 | [2025-05-21T01:52:03.400+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=panw_cortex_xdr]
kibana-1 | [2025-05-21T01:52:03.400+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=pfsense]
kibana-1 | [2025-05-21T01:52:03.400+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=php_fpm]
kibana-1 | [2025-05-21T01:52:03.400+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ping_one]
kibana-1 | [2025-05-21T01:52:03.401+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=postgresql]
kibana-1 | [2025-05-21T01:52:03.401+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=prisma_access]
kibana-1 | [2025-05-21T01:52:03.401+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=prisma_cloud]
kibana-1 | [2025-05-21T01:52:03.401+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=problemchild]
kibana-1 | [2025-05-21T01:52:03.401+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=profiler_agent]
kibana-1 | [2025-05-21T01:52:03.402+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=prometheus]
kibana-1 | [2025-05-21T01:52:03.402+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=proofpoint_on_demand]
kibana-1 | [2025-05-21T01:52:03.402+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=proofpoint_tap]
kibana-1 | [2025-05-21T01:52:03.402+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=pulse_connect_secure]
kibana-1 | [2025-05-21T01:52:03.402+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=qnap_nas]
kibana-1 | [2025-05-21T01:52:03.403+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=qualys_vmdr]
kibana-1 | [2025-05-21T01:52:03.403+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=rabbitmq]
kibana-1 | [2025-05-21T01:52:03.403+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=rapid7_insightvm]
kibana-1 | [2025-05-21T01:52:03.403+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=redis]
kibana-1 | [2025-05-21T01:52:03.404+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=salesforce]
kibana-1 | [2025-05-21T01:52:03.404+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=santa]
kibana-1 | [2025-05-21T01:52:03.404+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=security_detection_engine]
kibana-1 | [2025-05-21T01:52:03.404+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sentinel_one]
kibana-1 | [2025-05-21T01:52:03.404+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sentinel_one_cloud_funnel]
kibana-1 | [2025-05-21T01:52:03.404+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=slack]
kibana-1 | [2025-05-21T01:52:03.405+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=snort]
kibana-1 | [2025-05-21T01:52:03.405+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=snyk]
kibana-1 | [2025-05-21T01:52:03.405+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sonicwall_firewall]
kibana-1 | [2025-05-21T01:52:03.405+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sophos]
kibana-1 | [2025-05-21T01:52:03.405+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sophos_central]
kibana-1 | [2025-05-21T01:52:03.406+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=spring_boot]
kibana-1 | [2025-05-21T01:52:03.406+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=spycloud]
kibana-1 | [2025-05-21T01:52:03.408+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=squid]
kibana-1 | [2025-05-21T01:52:03.408+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=stan]
kibana-1 | [2025-05-21T01:52:03.409+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=stormshield]
kibana-1 | [2025-05-21T01:52:03.409+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sublime_security]
kibana-1 | [2025-05-21T01:52:03.409+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=suricata]
kibana-1 | [2025-05-21T01:52:03.409+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=symantec_edr_cloud]
kibana-1 | [2025-05-21T01:52:03.410+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=symantec_endpoint]
kibana-1 | [2025-05-21T01:52:03.410+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=symantec_endpoint_security]
kibana-1 | [2025-05-21T01:52:03.410+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=synthetics]
kibana-1 | [2025-05-21T01:52:03.410+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=synthetics_dashboards]
kibana-1 | [2025-05-21T01:52:03.410+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=sysmon_linux]
kibana-1 | [2025-05-21T01:52:03.411+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=system]
kibana-1 | [2025-05-21T01:52:03.411+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=system_audit]
kibana-1 | [2025-05-21T01:52:03.411+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=tanium]
kibana-1 | [2025-05-21T01:52:03.411+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=tcp]
kibana-1 | [2025-05-21T01:52:03.411+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=teleport]
kibana-1 | [2025-05-21T01:52:03.412+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=tenable_io]
kibana-1 | [2025-05-21T01:52:03.412+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=tenable_sc]
kibana-1 | [2025-05-21T01:52:03.412+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=thycotic_ss]
kibana-1 | [2025-05-21T01:52:03.412+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_abusech]
kibana-1 | [2025-05-21T01:52:03.412+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_anomali]
kibana-1 | [2025-05-21T01:52:03.413+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_cif3]
kibana-1 | [2025-05-21T01:52:03.413+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_crowdstrike]
kibana-1 | [2025-05-21T01:52:03.413+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_cybersixgill]
kibana-1 | [2025-05-21T01:52:03.413+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_eclecticiq]
kibana-1 | [2025-05-21T01:52:03.413+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_eset]
kibana-1 | [2025-05-21T01:52:03.416+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_maltiverse]
kibana-1 | [2025-05-21T01:52:03.416+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_mandiant_advantage]
kibana-1 | [2025-05-21T01:52:03.416+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_misp]
kibana-1 | [2025-05-21T01:52:03.417+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_opencti]
kibana-1 | [2025-05-21T01:52:03.417+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_otx]
kibana-1 | [2025-05-21T01:52:03.417+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_rapid7_threat_command]
kibana-1 | [2025-05-21T01:52:03.417+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_recordedfuture]
kibana-1 | [2025-05-21T01:52:03.417+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_threatconnect]
kibana-1 | [2025-05-21T01:52:03.418+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_threatq]
kibana-1 | [2025-05-21T01:52:03.418+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=ti_util]
kibana-1 | [2025-05-21T01:52:03.418+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=tines]
kibana-1 | [2025-05-21T01:52:03.418+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=tomcat]
kibana-1 | [2025-05-21T01:52:03.418+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=traefik]
kibana-1 | [2025-05-21T01:52:03.419+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=trellix_edr_cloud]
kibana-1 | [2025-05-21T01:52:03.419+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=trellix_epo_cloud]
kibana-1 | [2025-05-21T01:52:03.419+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=trend_micro_vision_one]
kibana-1 | [2025-05-21T01:52:03.419+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=trendmicro]
kibana-1 | [2025-05-21T01:52:03.419+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=udp]
kibana-1 | [2025-05-21T01:52:03.420+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=vectra_detect]
kibana-1 | [2025-05-21T01:52:03.420+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=vsphere]
kibana-1 | [2025-05-21T01:52:03.420+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=watchguard_firebox]
kibana-1 | [2025-05-21T01:52:03.420+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=websphere_application_server]
kibana-1 | [2025-05-21T01:52:03.420+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=windows]
kibana-1 | [2025-05-21T01:52:03.421+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=winlog]
kibana-1 | [2025-05-21T01:52:03.421+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=wiz]
kibana-1 | [2025-05-21T01:52:03.421+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zeek]
kibana-1 | [2025-05-21T01:52:03.421+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zerofox]
kibana-1 | [2025-05-21T01:52:03.421+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zeronetworks]
kibana-1 | [2025-05-21T01:52:03.422+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zookeeper]
kibana-1 | [2025-05-21T01:52:03.422+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zoom]
kibana-1 | [2025-05-21T01:52:03.422+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zscaler_zia]
kibana-1 | [2025-05-21T01:52:03.422+00:00][INFO ][plugins.security.audit.ecs] User has accessed epm-packages [id=zscaler_zpa]
kibana-1 | [2025-05-21T01:52:03.547+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
kibana-1 | [2025-05-21T01:52:03.557+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Logger-Task scheduled with interval 15m
kibana-1 | [2025-05-21T01:52:03.599+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-conversations
kibana-1 | [2025-05-21T01:52:03.823+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-conversations-*
kibana-1 | [2025-05-21T01:52:03.856+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-knowledge-base
kibana-1 | [2025-05-21T01:52:03.899+00:00][INFO ][plugins.reporting.store] Creating ILM policy for reporting data stream: kibana-reporting
kibana-1 | [2025-05-21T01:52:03.936+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.summary-mappings]
kibana-1 | [2025-05-21T01:52:03.972+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.sli-settings]
kibana-1 | [2025-05-21T01:52:03.980+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.sli-mappings]
kibana-1 | [2025-05-21T01:52:03.986+00:00][INFO ][plugins.taskManager] Background task node "e930955b-1231-4e37-959e-38f500091021" now claiming with assigned partitions
kibana-1 | [2025-05-21T01:52:03.997+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-knowledge-base
kibana-1 | [2025-05-21T01:52:04.021+00:00][INFO ][plugins.eventLog] Installing index template .kibana-event-log-template
kibana-1 | [2025-05-21T01:52:04.023+00:00][INFO ][plugins.slo] Installing SLO component template [.slo-observability.summary-settings]
kibana-1 | [2025-05-21T01:52:04.025+00:00][INFO ][plugins.reporting.store] Linking ILM policy to reporting data stream: .kibana-reporting, component template: kibana-reporting@custom
kibana-1 | [2025-05-21T01:52:04.173+00:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Starting monitoring stats collection
kibana-1 | [2025-05-21T01:52:04.184+00:00][INFO ][plugins.fleet.endpoint.agentPolicyLicenseWatch] Checking agent policies for compliance with the current license.
kibana-1 | [2025-05-21T01:52:04.339+00:00][INFO ][plugins.eventLog] Creating datastream .kibana-event-log-ds
kibana-1 | [2025-05-21T01:52:04.382+00:00][WARN ][plugins.taskManager] Task Manager is unhealthy, the assumedRequiredThroughputPerMinutePerKibana (NaN) >= capacityPerMinutePerKibana (1200)
kibana-1 | [2025-05-21T01:52:04.388+00:00][INFO ][status.plugins.alerting] alerting plugin is now available: Alerting is (probably) ready
kibana-1 | [2025-05-21T01:52:04.388+00:00][INFO ][status.plugins.fleet] fleet plugin is now available: Fleet is setting up
kibana-1 | [2025-05-21T01:52:04.389+00:00][INFO ][status.plugins.licensing] licensing plugin is now available: License fetched
kibana-1 | [2025-05-21T01:52:04.389+00:00][INFO ][status.plugins.taskManager] taskManager plugin is now available: Task Manager is healthy
kibana-1 | [2025-05-21T01:52:04.396+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] [runTask()] started
kibana-1 | [2025-05-21T01:52:04.404+00:00][INFO ][plugins.slo] Installing SLO index template [.slo-observability.sli]
kibana-1 | [2025-05-21T01:52:04.432+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] [runTask()] ended: no files to process
kibana-1 | [2025-05-21T01:52:04.455+00:00][INFO ][plugins.productDocBase.doc-manager] Task ProductDocBase:EnsureUpToDate scheduled to run soon
kibana-1 | [2025-05-21T01:52:04.470+00:00][INFO ][status] Kibana is now available
kibana-1 | [2025-05-21T01:52:04.472+00:00][INFO ][plugins.fleet.endpoint.agentPolicyLicenseWatch] All agent policies are compliant, nothing to do!
kibana-1 | [2025-05-21T01:52:04.571+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-knowledge-base-*
kibana-1 | [2025-05-21T01:52:04.599+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-prompts
kibana-1 | [2025-05-21T01:52:04.602+00:00][INFO ][plugins.fleet] Beginning fleet setup
kibana-1 | [2025-05-21T01:52:04.603+00:00][INFO ][plugins.fleet] Cleaning old indices
kibana-1 | [2025-05-21T01:52:04.760+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing index template .kibana-data-quality-dashboard-results-index-template
kibana-1 | [2025-05-21T01:52:04.763+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-prompts
kibana-1 | [2025-05-21T01:52:05.120+00:00][INFO ][plugins.slo] Installing SLO index template [.slo-observability.summary]
kibana-1 | [2025-05-21T01:52:05.778+00:00][INFO ][plugins.ecsDataQualityDashboard] Updating data streams - .kibana-data-quality-dashboard-results-*
kibana-1 | [2025-05-21T01:52:05.789+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-prompts-*
kibana-1 | [2025-05-21T01:52:06.161+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-anonymization-fields
kibana-1 | [2025-05-21T01:52:06.435+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-anonymization-fields
kibana-1 | [2025-05-21T01:52:06.546+00:00][WARN ][plugins.actions] Missing required project id while running actions:connector_usage_reporting
kibana-1 | [2025-05-21T01:52:06.549+00:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [runTask()] started
kibana-1 | [2025-05-21T01:52:06.549+00:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [runTask()] started
kibana-1 | [2025-05-21T01:52:06.558+00:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
kibana-1 | [2025-05-21T01:52:06.822+00:00][INFO ][plugins.fleet.fleet:delete-unenrolled-agents-task:1.0.0] [DeleteUnenrolledAgentsTask] runTask ended: Delete unenrolled agents is disabled
kibana-1 | [2025-05-21T01:52:06.827+00:00][INFO ][plugins.fleet.fleet:unenroll-inactive-agents-task:1.0.0] [UnenrollInactiveAgentsTask] runTask ended: success
kibana-1 | [2025-05-21T01:52:06.924+00:00][INFO ][plugins.fleet] Output secrets storage is disabled as minimum fleet server version has not been met
kibana-1 | [2025-05-21T01:52:07.275+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.275+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.275+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.276+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.276+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.276+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.527+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-anonymization-fields-*
kibana-1 | [2025-05-21T01:52:07.535+00:00][INFO ][plugins.elasticAssistant.service] Installing component template .kibana-elastic-ai-assistant-component-template-attack-discovery
kibana-1 | [2025-05-21T01:52:07.775+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.778+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.779+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.779+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.779+00:00][INFO ][plugins.securitySolution.telemetry_events.sender.task] Telemetry is not opted-in
kibana-1 | [2025-05-21T01:52:07.848+00:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_all_statuses":0,"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"inactive":0,"unenrolled":0,"num_host_urls":0},"license_issued_to":"rag-cluster-dev"}
kibana-1 | [2025-05-21T01:52:07.886+00:00][INFO ][plugins.elasticAssistant.service] Installing index template .kibana-elastic-ai-assistant-index-template-attack-discovery
kibana-1 | [2025-05-21T01:52:08.440+00:00][INFO ][plugins.elasticAssistant.service] Updating data streams - .kibana-elastic-ai-assistant-attack-discovery-*
kibana-1 | [2025-05-21T01:52:09.794+00:00][INFO ][plugins.fleet] Fleet setup completed
kibana-1 | [2025-05-21T01:52:09.824+00:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask
kibana-1 | [2025-05-21T01:52:09.850+00:00][INFO ][plugins.securitySolution.endpoint.policyProtectionsComplianceChecks] All relevant features are enabled. Nothing to do!
kibana-1 | [2025-05-21T01:52:09.850+00:00][INFO ][plugins.securitySolution.endpoint.agentPolicyFeatures] App feature [endpoint_agent_tamper_protection] is enabled. Nothing to do!
kibana-1 | [2025-05-21T01:52:09.953+00:00][INFO ][plugins.fleet] Install with state machine - Starting installation of synthetics@1.3.0 from bundled
kibana-1 | [2025-05-21T01:52:11.334+00:00][INFO ][plugins.securitySolution.endpoint:metadata-check-transforms-task:0.0.1] no endpoint installation found
kibana-1 | [2025-05-21T01:52:12.823+00:00][INFO ][plugins.synthetics] Installed synthetics index templates
별첨. Kibana Encryption Key Generation Utility
bin/kibana-encryption-keys generate 명령어를 실행하면 아래와 같이 나온다.
Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.17/production.html#openssl-legacy-provider
## Kibana Encryption Key Generation Utility
The 'generate' command guides you through the process of setting encryption keys for:
xpack.encryptedSavedObjects.encryptionKey
Used to encrypt stored objects such as dashboards and visualizations
https://www.elastic.co/guide/en/kibana/current/xpack-security-secure-saved-objects.html#xpack-security-secure-saved-objects
xpack.reporting.encryptionKey
Used to encrypt saved reports
https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html#general-reporting-settings
xpack.security.encryptionKey
Used to encrypt session information
https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-session-and-cookie-settings
Already defined settings are ignored and can be regenerated using the --force flag. Check the documentation links for instructions on how to rotate encryption keys.
Definitions should be set in the kibana.yml used configure Kibana.
Settings:
xpack.encryptedSavedObjects.encryptionKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xpack.reporting.encryptionKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xpack.security.encryptionKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
끝
반응형
'Elastic Stack' 카테고리의 다른 글
| Elastiscearch, Kibana, Metricbeat 구축 Using Docker Compose (Single Node&Multi Node) (0) | 2025.06.24 |
|---|
