Does Logstash "Elasticsearch" output plugin support client certificates


(Bozho Bekriev) #1

Hi Team ,

Does Logstash "Elasticsearch" output plugin support client certificates?

I can only see option there (cacert) to verify the ES node certificate but I would also like the Logstash pipeline to also identify itself with a client cert.

If there is no such option, is there a way to implement this with a different output plugin?

This is my config:

input {
  beats {
   port => 5044
   type => "log"
   host => "0.0.0.0"
   ssl => true
   ssl_certificate_authorities => [ "C:/Program Files/filebeat-5.5.2/certs/ca.crt" ]
   ssl_certificate => "C:/Program Files/filebeat-5.5.2/certs/Logstash-server.crt"
   ssl_key => "C:/Program Files/filebeat-5.5.2/certs/Logstash-server.p8"
   ssl_verify_mode => "force_peer"
  }
}

 output {
  stdout { codec => rubydebug  } elasticsearch {
    hosts => [ "https://xxxxxx:9200" ]
	user => "xxxxx"
	password => "xxxxxx"
	ssl => true
	cacert => "C:/Program Files/filebeat-5.5.2/certs/ca.crt"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

In my set up I have:
Filebeat and Logstash instence per each application server;
Kibana and Elasticsearch on a single server.

Filebeat and Lgstash have been set up with mutual authentication and this works fine but I would also want to configure mutual authentication between ES and LS so that I can take advantage of the role based access within a PKI realm and assign different roles for each logstash pipeline.

Thanks a lot in advance!

--Boz


(Alexander Reelsen) #2

Hey,

I think you are searching for these docs about setting up logstash with KPI?

--Alex


(Bozho Bekriev) #3

Hi Alex,

Š¢hanks for your response but I am using the cacert instead of the java truststore/keystore. In my understanding cacert and keystore/truststore options are different options to authenticating the ES server but I also need to be able to authenticate Logstash with a client certificate.

The http output plugin for Logstash and some other plugins have those options?


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.