Centralized beats configuration


(Ramesh Pendela) #1

I am trying to utilize the centralize beats feature but seems it requires to configure plain format of user credentials in filebeat.yml file.

#========================= Central Management =================================

# Beats is configured under central management, you can define most settings
# from the Kibana UI. You can update this file to configure the settings that
# are not supported by Kibana Beats management.

management:
  enabled: true
  period: 1m0s
  access_token: ${management.accesstoken}
  kibana:
    protocol: https
    host: <kibana-url>
    path: ""
    space.id: ""
    username: ""
    password: ""
    ssl: null
    timeout: 10s
    ignoreversion: true

Is there anyway to hide credentials because agents are going to be in all places and thats security concern.

  1. Also, seems I cannot configure multiple modules using this feature

(Mladen Stankovic) #2

Hi @rpendela please see my post

BR,
Mladen


(Ramesh Pendela) #3

Hey @mladen thanks for reply and I tried like this but didn't work until I enter credentials in plain text

#================================ Keystore ==========================================

# Location of the Keystore containing the keys and their sensitive values.

keystore.path: "${path.config}/filebeat.keystore"

# are not supported by Kibana Beats management.

management:
  enabled: true
  period: 1m0s
  access_token: ${management.accesstoken}
  kibana:
    protocol: https
    host: <kibana-url>
    path: ""
    space.id: ""
    username: "username"
    password: ""{$Password}" ----> (which I created using keystore
    ssl: null
    timeout: 10s
    ignoreversion: true

Also,
It seems I need to go back to original server where beat installed to configure below things (which defeats the centralize config purpose), I may be missing on how to do

  1. I am not able to go further if I configure output logstash (I see option output logstash but when I enter logstash hosts and save then continues it's not going further or not giving any error)
  2. No extra configurations like where to store the logs
  3. X-pack monitoring settings

(Ramesh Pendela) #4

Can anyone help here?


(Mladen Stankovic) #5

Hello @rpendela, sorry for my late response. When enroll agent in metricbeat you have only token for that agent. To setup output to elasticsearch use the folowing steps:

Add password to keystore:

metricbeat keystore add ES_PWD

I enter password for metricbeat_internal.

Go to kibana and change output for Elasticsearch:

user: metricbeat_internal
password: ${ES_PWD}

and save changes.

After this restart metricbeat service.

Now if you check your management.yml user and pass should be like this:

elasticsearch:
        hosts:
        - testelastic:9200
        password: ${ES_PWD}
        username: metricbeat_internal

BR,
Mladen