Auditbeat sends unencrypted data

elk6 · July 31, 2020, 2:56pm

I have two beats on each server. Filebeat and auditbeat. I set up filebeat output to logstash and auditbeat output to elasticsearch. Filebeat encryption works fine. Now I'm setting up auditbeat's encryption.

I have copied this output from filebeat to auditbeat.yml:

output.elasticsearch:               
  # Array of hosts to connect to.
  hosts: ["91.242.11.225:9200"] # Not the real IP

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "password" # Not the real password
  ssl.enabled: true
  ssl.certificate_authorities: ["/etc/elk/ca.crt"]

  # Certificate for SSL client authentication
  ssl.certificate: "/etc/elk/beats.crt"

  # Client Certificate Key
  ssl.key: "/etc/elk/beats.key"
  ssl.key_passphrase: "password" # Not the real password
  ssl.verification_mode: full

But when I ngep, I see it ships data to 9200 unencrypted. Am I missing something? Thanks ahead!

system · August 28, 2020, 4:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat encryption error Beats filebeat	5	2095	August 27, 2020
Secure auditbeat output Beats auditbeat	2	362	August 3, 2020
Auditbeat encryption and dashboards Beats elastic-stack-security , auditbeat	1	632	August 29, 2020
Encrypt filebeat to logstash Logstash elastic-stack-security	4	682	August 26, 2020
Filebeat cannot connect to Logstash using ssl. curl: (35) TCP connection reset by peer Beats filebeat	3	1655	January 14, 2020

Auditbeat sends unencrypted data

Related topics