At first I was getting an elasticsearch error when i tried to run
auditbeat setup which was like that:
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://ubuntu-local.duckdns.org:9200: Get "https://myhost:9200": x509: certificate signed by unknown authority]
So i looked up the elastic forums and found a solution. I changed my auditbeat.yml to look like this:
output.elasticsearch: # Array of hosts to connect to. hosts: ["myhost:9200"] # Protocol - either `http` (default) or `https`. protocol: "https" ssl_verification_mode: "none" ssl.certificate_authorities: ["/apath/elasticsearch-ca.pem"] # Authentication credentials - either API key or username/password. #api_key: "id:api_key" username: "elastic" password: "mypass"
PS: i have setup Https on my kibana and elastic nodes but i don't want to set up to the Beats right now.
So then when i tried to run again
auditbeat setup i got another error, this time from kibana:
x509: certificate signed by unknown authority
So i added the same attributes i added into the elasticsearch section of the audibeat.yml file but with no luck
Here is the kibana section:
setup.kibana: # Kibana Host # Scheme and port can be left out and will be set to the default (http and 5601) # In case you specify and additional path, the scheme is required: http://localhost:5601/path # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 host: "https://myhost:5601" ssl_verification_mode: "none" ssl.certificate_authorities: "/apath/elasticsearch-ca.pem" # Kibana Space ID # ID of the Kibana Space into which the dashboards should be loaded. By default, # the Default Space will be used. #space.id:
Thanks in advance