Centralized beats configuration

rpendela · November 30, 2018, 9:25pm

I am trying to utilize the centralize beats feature but seems it requires to configure plain format of user credentials in filebeat.yml file.

#========================= Central Management =================================

# Beats is configured under central management, you can define most settings
# from the Kibana UI. You can update this file to configure the settings that
# are not supported by Kibana Beats management.

management:
  enabled: true
  period: 1m0s
  access_token: ${management.accesstoken}
  kibana:
    protocol: https
    host: <kibana-url>
    path: ""
    space.id: ""
    username: ""
    password: ""
    ssl: null
    timeout: 10s
    ignoreversion: true

Is there anyway to hide credentials because agents are going to be in all places and thats security concern.

Also, seems I cannot configure multiple modules using this feature

mladen · December 3, 2018, 8:39pm

Hi @rpendela please see my post

BR,
Mladen

rpendela · December 4, 2018, 9:27pm

Hey @mladen thanks for reply and I tried like this but didn't work until I enter credentials in plain text

#================================ Keystore ==========================================

# Location of the Keystore containing the keys and their sensitive values.

keystore.path: "${path.config}/filebeat.keystore"

# are not supported by Kibana Beats management.

management:
  enabled: true
  period: 1m0s
  access_token: ${management.accesstoken}
  kibana:
    protocol: https
    host: <kibana-url>
    path: ""
    space.id: ""
    username: "username"
    password: ""{$Password}" ----> (which I created using keystore
    ssl: null
    timeout: 10s
    ignoreversion: true

Also,
It seems I need to go back to original server where beat installed to configure below things (which defeats the centralize config purpose), I may be missing on how to do

I am not able to go further if I configure output logstash (I see option output logstash but when I enter logstash hosts and save then continues it's not going further or not giving any error)
No extra configurations like where to store the logs
X-pack monitoring settings

rpendela · December 10, 2018, 5:46pm

Can anyone help here?

mladen · December 15, 2018, 12:04pm

Hello @rpendela, sorry for my late response. When enroll agent in metricbeat you have only token for that agent. To setup output to elasticsearch use the folowing steps:

Add password to keystore:

metricbeat keystore add ES_PWD

I enter password for metricbeat_internal.

Go to kibana and change output for Elasticsearch:

user: metricbeat_internal
password: ${ES_PWD}

and save changes.

After this restart metricbeat service.

Now if you check your management.yml user and pass should be like this:

elasticsearch:
        hosts:
        - testelastic:9200
        password: ${ES_PWD}
        username: metricbeat_internal

BR,
Mladen

system · January 12, 2019, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.