Hi Team ,
Does Logstash "Elasticsearch" output plugin support client certificates?
I can only see option there (cacert) to verify the ES node certificate but I would also like the Logstash pipeline to also identify itself with a client cert.
If there is no such option, is there a way to implement this with a different output plugin?
This is my config:
input {
beats {
port => 5044
type => "log"
host => "0.0.0.0"
ssl => true
ssl_certificate_authorities => [ "C:/Program Files/filebeat-5.5.2/certs/ca.crt" ]
ssl_certificate => "C:/Program Files/filebeat-5.5.2/certs/Logstash-server.crt"
ssl_key => "C:/Program Files/filebeat-5.5.2/certs/Logstash-server.p8"
ssl_verify_mode => "force_peer"
}
}
output {
stdout { codec => rubydebug } elasticsearch {
hosts => [ "https://xxxxxx:9200" ]
user => "xxxxx"
password => "xxxxxx"
ssl => true
cacert => "C:/Program Files/filebeat-5.5.2/certs/ca.crt"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
In my set up I have:
Filebeat and Logstash instence per each application server;
Kibana and Elasticsearch on a single server.
Filebeat and Lgstash have been set up with mutual authentication and this works fine but I would also want to configure mutual authentication between ES and LS so that I can take advantage of the role based access within a PKI realm and assign different roles for each logstash pipeline.
Thanks a lot in advance!
--Boz