Hello,
sorry for my rough English.
I have a problem with filebeat.
I have a VPS server with logstash and another server with a file beat agent to perform tests
When I look at the filebeat logs I have this error:
ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://myserver.elk.net:5044)): x509: certificate signed by unknown authority.
here is my logstash configuration:
beats
{
host => "0.0.0.0"
port => 5044
ssl => true
ssl_certificate_authorities => ["/etc/elk-certs/elk-ssl.crt"]
ssl_certificate => "/etc/elk-certs/elk-ssl.crt"
ssl_key => "/etc/elk-certs/elk-ssl.key"
ssl_verify_mode => "force_peer"
}
And my config Filebeat :
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["myserver.elk.net:5044"]
ssl.certificate_authorities: ["/etc/elk-certs/elk-ssl.crt"]
ssl.certificate: "/etc/elk-certs/elk-ssl.crt"
ssl.key: "/etc/elk-certs/elk-ssl.key"
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
That's how I created my SSL certificate on my server logstash:
sudo mkdir -p /etc/elk-certs
cd /etc/elk-certs
sudo openssl req -subj '/CN=myserver.elk.net/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout elk-ssl.key -out elk-ssl.crt
chown logstash elk-ssl.crt
chown logstash elk-ssl.key
I then recreate the same tree on the filebeat server
Thanks for reading me.
If you have any tips thank you in advance!
See you soon