Hi,
I encounter an error while I tried to connect filebeat to my elk cluster:
# filebeat test output
elasticsearch: <censored_server1>:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: <censored_server1>
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... ERROR 401 Unauthorized: Unauthorized
With password authentication all works fine, but isn't with certification authorization. I am sure all certs are valid, is it some internal flaw or I just doing something wrong?
Here is my config for filebeat:
# Wazuh - Filebeat configuration file
output.elasticsearch:
hosts: ["<censored_server1>:9200", "<censored_server2>:9200", "<censored_server3>:9200"]
username: admin
password: <censored>
protocol: https
ssl.certificate_authorities:
- <valid-path>/certs/root-ca.pem
ssl.certificate: "<valid-path>/certs/filebeat.pem"
ssl.key: "<valid-path>/certs/filebeat.key"
setup.template.json.enabled: true
setup.template.json.path: '<valid-path>/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
If that's not enough, please tell me what else should I attach for you to be able reproduce/possibly know about what is that error.
Edit: Third check of certificates... And that's definitely not their fault.