At least for kibana-oss 7.4, this is how I can access Kibana logs.
The file `/var/log/kibana` is not created and if I set it as a log file, kibana does not have permission to write there.
See also:
https://github.com/elastic/kibana/issues/6579
A content security policy is a great addition to the protections built
into Kibana, but it's not effective in older browsers (like IE11) that
do not enforce the policy.
When CSP strict mode is enabled, right before the Kibana app is
bootstrapped, a basic safety check is performed to see if "naked" inline
scripts are rejected. If inline scripting is allowed by the browser,
then an error message is presented to the user and Kibana never attempts
to bootstrap.
* csp: nonce and unsafe-eval for scripts
To kick things off, a rudimentary CSP implementation only allows
dynamically loading new JavaScript if it includes an associated nonce
that is generated on every load of the app.
A more sophisticated content security policy is necessary, particularly
one that bans eval for scripts, but one step at a time.
* img-src is not necessary if the goal is not to restrict
* configurable CSP owned by security team
* smoke test
* remove x-content-security-policy
* document csp.rules
* fix tsconfig for test
* switch integration test back to regular js
* stop looking for tsconfig in test
* grrr, linting errors not caught by precommit
* docs: people -> you for consistency sake
Co-Authored-By: epixa <court@epixa.com>
* Add a note about index migrations to the kibana setup docs
* Tewak the migrations asciidocs for clarity
* docs: refine saved object migration details
Breaking down the migration process into sections helps people find
and link to relevant information more easily.
The focus is on ongoing maintenance of Kibana, whereas the initial new
experience in 6.5.0 is treated as a note of clarification.
Error handling should be expanded in the future to include details about
specific known error cases.
* Adding option to always present the certificate when connecting to ES
* Updating docs
* Adding some more tests
* Adding alwaysPresentCertificate option to monitoring
* [config] logging.useUTC -> logging.timezone
* docs
* [env] exit if starting as root
* fix import path
* add link and timezone example
* Revert "[env] exit if starting as root"
This reverts commit f6e9090833a5180fe360a9ff54543c37c0ca3a58.
* Add clarification for server.ssl.supportedProtocols setting
Added clarification that the setting has to be an array. With the current wording you can assume that you can just add it as a simple string.
* Update settings.asciidoc
* Update config schema to allow map.tilemap & map.regionmap
* Inject map.regionmap & map.tilemap. Fall back to top-level config declarations if needed
* Warn user on use of legacy map config vals
* Don't create default map objects for deprecated entries. Add notes indicating top-level objects are deprecated
* Update map references in docs
* Shuffle map configurations in docs to be grouped together
