Filebeat clients specified by ip addresses for 'force_peer'

peter_j · September 26, 2018, 12:38pm

Hello
I'm authenticating FileBeat clients on Logstash over ssl (ssl_verify_mode: force_peer).

I created self signed cert

../bin/elasticsearch-certutil ca --pem --silent --out ca.zip

then generated logstash and filebeat certs

elasticsearch-certutil cert --silent --pem --in instances.yml --ca-cert ca/ca.crt --ca-key ca/ca.key --out cert.zip

I created instances.yml und run elasticsearch-certutil with elasticsearch-certutil --in instances.yml ...

It works but the FileBeat clients are specified in instances.yml by their ip addresses.

  - name: logstash_unit1
    dns:
      - logstash
      - node1
      - localhost
  - name: filebeat
    dns:
      - node1
      - node2
      - localhost
    ip:
      - 161.222.72.115
      - 127.0.0.1

The FileBeat clients connects to logstash over proxy and their ip addresses can change.
Can i specify an address range instead of ip address?
How can i get rid of ip addresses for filebeat client certs?

Thank you
Peter

ruflin · September 27, 2018, 3:06pm

Could you try to just remove the IP addresses and rely only the dns names?

peter_j · September 28, 2018, 2:27pm

Removed the ips and it works. Seems like ssl client-auth doesn't need the ips.

BTW Elastic is awesome
Peter

system · October 26, 2018, 2:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL between Filebeat and Logstash using .p12 Logstash	8	5257	May 9, 2018
Logstash optional client cert authentication/validation Beats	1	452	March 31, 2018
Filebeat cannot connect to Logstash using ssl. curl: (35) TCP connection reset by peer Beats filebeat	3	1655	January 14, 2020
Ssl setup for filebeat and logstash in docker getting desperate now Beats docker , filebeat	12	219	August 21, 2024
Filebeat encrypted communication to Logstash Beats	3	369	July 31, 2020

Filebeat clients specified by ip addresses for 'force_peer'

Related topics