I have two beats on each server. Filebeat and auditbeat. I set up filebeat output to logstash and auditbeat output to elasticsearch. Filebeat encryption works fine. Now I'm setting up auditbeat's encryption.
I have copied this output from filebeat to auditbeat.yml:
output.elasticsearch: # Array of hosts to connect to. hosts: ["22.214.171.124:9200"] # Not the real IP # Protocol - either `http` (default) or `https`. #protocol: "https" # Authentication credentials - either API key or username/password. #api_key: "id:api_key" username: "elastic" password: "password" # Not the real password ssl.enabled: true ssl.certificate_authorities: ["/etc/elk/ca.crt"] # Certificate for SSL client authentication ssl.certificate: "/etc/elk/beats.crt" # Client Certificate Key ssl.key: "/etc/elk/beats.key" ssl.key_passphrase: "password" # Not the real password ssl.verification_mode: full
But when I ngep, I see it ships data to 9200 unencrypted. Am I missing something? Thanks ahead!