Does Logstash "Elasticsearch" output plugin support client certificates

Hi Team ,

Does Logstash "Elasticsearch" output plugin support client certificates?

I can only see option there (cacert) to verify the ES node certificate but I would also like the Logstash pipeline to also identify itself with a client cert.

If there is no such option, is there a way to implement this with a different output plugin?

This is my config:

input {
  beats {
   port => 5044
   type => "log"
   host => "0.0.0.0"
   ssl => true
   ssl_certificate_authorities => [ "C:/Program Files/filebeat-5.5.2/certs/ca.crt" ]
   ssl_certificate => "C:/Program Files/filebeat-5.5.2/certs/Logstash-server.crt"
   ssl_key => "C:/Program Files/filebeat-5.5.2/certs/Logstash-server.p8"
   ssl_verify_mode => "force_peer"
  }
}

 output {
  stdout { codec => rubydebug  } elasticsearch {
    hosts => [ "https://xxxxxx:9200" ]
	user => "xxxxx"
	password => "xxxxxx"
	ssl => true
	cacert => "C:/Program Files/filebeat-5.5.2/certs/ca.crt"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

In my set up I have:
Filebeat and Logstash instence per each application server;
Kibana and Elasticsearch on a single server.

Filebeat and Lgstash have been set up with mutual authentication and this works fine but I would also want to configure mutual authentication between ES and LS so that I can take advantage of the role based access within a PKI realm and assign different roles for each logstash pipeline.

Thanks a lot in advance!

--Boz

Hey,

I think you are searching for these docs about setting up logstash with KPI?

--Alex

Hi Alex,

Тhanks for your response but I am using the cacert instead of the java truststore/keystore. In my understanding cacert and keystore/truststore options are different options to authenticating the ES server but I also need to be able to authenticate Logstash with a client certificate.

The http output plugin for Logstash and some other plugins have those options?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.