Centralized beats configuration

rpendela · November 30, 2018, 9:25pm

I am trying to utilize the centralize beats feature but seems it requires to configure plain format of user credentials in filebeat.yml file.

#========================= Central Management =================================

# Beats is configured under central management, you can define most settings
# from the Kibana UI. You can update this file to configure the settings that
# are not supported by Kibana Beats management.

management:
  enabled: true
  period: 1m0s
  access_token: ${management.accesstoken}
  kibana:
    protocol: https
    host: <kibana-url>
    path: ""
    space.id: ""
    username: ""
    password: ""
    ssl: null
    timeout: 10s
    ignoreversion: true

Is there anyway to hide credentials because agents are going to be in all places and thats security concern.

Also, seems I cannot configure multiple modules using this feature

mladen · December 3, 2018, 8:39pm

Hi @rpendela please see my post

BR,
Mladen

rpendela · December 4, 2018, 9:27pm

Hey @mladen thanks for reply and I tried like this but didn't work until I enter credentials in plain text

#================================ Keystore ==========================================

# Location of the Keystore containing the keys and their sensitive values.

keystore.path: "${path.config}/filebeat.keystore"

# are not supported by Kibana Beats management.

management:
  enabled: true
  period: 1m0s
  access_token: ${management.accesstoken}
  kibana:
    protocol: https
    host: <kibana-url>
    path: ""
    space.id: ""
    username: "username"
    password: ""{$Password}" ----> (which I created using keystore
    ssl: null
    timeout: 10s
    ignoreversion: true

Also,
It seems I need to go back to original server where beat installed to configure below things (which defeats the centralize config purpose), I may be missing on how to do

I am not able to go further if I configure output logstash (I see option output logstash but when I enter logstash hosts and save then continues it's not going further or not giving any error)
No extra configurations like where to store the logs
X-pack monitoring settings

rpendela · December 10, 2018, 5:46pm

Can anyone help here?

mladen · December 15, 2018, 12:04pm

Hello @rpendela, sorry for my late response. When enroll agent in metricbeat you have only token for that agent. To setup output to elasticsearch use the folowing steps:

Add password to keystore:

metricbeat keystore add ES_PWD

I enter password for metricbeat_internal.

Go to kibana and change output for Elasticsearch:

user: metricbeat_internal
password: ${ES_PWD}

and save changes.

After this restart metricbeat service.

Now if you check your management.yml user and pass should be like this:

elasticsearch:
        hosts:
        - testelastic:9200
        password: ${ES_PWD}
        username: metricbeat_internal

BR,
Mladen

system · January 12, 2019, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Large scale deployment of beats through Central Management Beats fleet	3	622	November 4, 2022
Beats - Central Management (Beta) Beats fleet	3	647	March 11, 2019
Central pipeline management - beats strategy Logstash	1	311	March 18, 2021
Central Management: Wrong beat id Beats	1	666	January 9, 2019
Recommended way of storing credentials in Beats configuration file? Beats filebeat	2	954	June 28, 2020

Centralized beats configuration

Related topics