Good afternoon, can you help with connecting metricbeat to elasticsearch wazuh
The file /etc/elasticsearch/elasticsearch.yml looks like this:
network.host: 0.0.0.0
node.name: elasticsearch
cluster.initial_master_nodes: elasticsearch
# Transport layer
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
# HTTP layer
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
# Elasticsearch authentication
xpack.security.enabled: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
The file /etc/metricbeat/metricbeat/metricbeat.yml looks like this to me:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "${ES_API_KEY}"
#api_key: "xxxx"
#username: "elastic"
#password: "xxxxx"
ssl.certificate_authorities: ["/etc/elasticsearch/certs/ca/ca.crt"]
ssl.certificate: "/etc/elasticsearch/certs/elasticsearch.crt"
ssl.key: "/etc/elasticsearch/certs/elasticsearch.key"
ssl.key_passphrase: "xxxxx"
But when checked with the command :
./metricbeat test output -c /etc/metricbeat/metricbeat.yml --path.home /usr/share/metricbeat/ --path.data /var/lib/metricbeat
elasticsearch: https://localhost:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: ::1, 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... ERROR x509: certificate is not valid for any names, but wanted to match localhost
I get an authorization error, can you tell me what I'm doing wrong?