At first I was getting an elasticsearch error when i tried to run auditbeat setup
which was like that: Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://ubuntu-local.duckdns.org:9200: Get "https://myhost:9200": x509: certificate signed by unknown authority]
So i looked up the elastic forums and found a solution. I changed my auditbeat.yml to look like this:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["myhost:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
ssl_verification_mode: "none"
ssl.certificate_authorities: ["/apath/elasticsearch-ca.pem"]
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "mypass"
PS: i have setup Https on my kibana and elastic nodes but i don't want to set up to the Beats right now.
So then when i tried to run again auditbeat setup
i got another error, this time from kibana:
again about x509: certificate signed by unknown authority
So i added the same attributes i added into the elasticsearch section of the audibeat.yml file but with no luck
Here is the kibana section:
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "https://myhost:5601"
ssl_verification_mode: "none"
ssl.certificate_authorities: "/apath/elasticsearch-ca.pem"
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
#space.id:
Any ideas?
Thanks in advance