Filebeat configuration - ssl.verification_mode: none doesn't work

Elastic Stack Beats
,
1

Hello

Version of filebeat : 6.3.0

I don't understand why ssl.verification_mode is ignored.
In filebeat.yml, i am trying to configure ssl for ElasticSearchOutput.

https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html

I am want to disable ssl verification to allow all connection.
I put "ssl.verification_mode: none" in filebeat.yml but in Filebeat log i still have error about certificate.
I try many things without success.

filebeat.yml

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  hosts: ["https://myurl:443/elastic"]
  ssl.verification_mode: none
  proxy_url: http://myproxy:8080
  index: "filebeat-%{[fields.type]:other}-%{[beat.version]}-%{+yyyy.MM.dd}"

Filebeat Log

2019-01-30T09:49:46.389+0100	ERROR	pipeline/output.go:74	Failed to connect: Get https://myurl:443: x509: certificate signed by unknown authority
2019-01-30T09:49:50.283+0100	ERROR	pipeline/output.go:74	Failed to connect: Get https://myurl:443: x509: certificate signed by unknown authority
2019-01-30T09:49:55.301+0100	ERROR	pipeline/output.go:74	Failed to connect: Get https://myurl:443: x509: certificate signed by unknown authority
2019-01-30T09:49:55.301+0100	INFO	[publish]	pipeline/retry.go:149	retryer: send wait signal to consumer
2019-01-30T09:49:55.301+0100	INFO	[publish]	pipeline/retry.go:151	  done

Thanks in advance
Nabil

2

Could you please format your configuration </>? It is possible that there is a whitespace error in your file. Thus, Filebeat does not pick up the configuration correctly.

3

@kvch thanks sorry it was my first post.
Locally fine but it doesn't work with proxy and ssl configuration.
Does the 'ssl.verification_mode : none' parameter work for you ?

Does it works only in x-pack feature?

4

Help me please!!

5

Hi @kacedn!

Please be patient in waiting for responses to your question and refrain from
pinging multiple times asking for a response or opening multiple topics for
the same question. This is a community forum, it may take time for someone to
reply to your question. For more information please refer to the Community
Code of Conduct specifically
the section "Be patient".

If you are in need of a service with an SLA that covers response times for
questions then you may want to consider talking to us about a
subscription.

Since you are using a non https proxy proxy_url: http://myproxy:8080, and the filebeat will talk to the proxy over plain http, I don't think you need to set ssl.verification_mode: none. There is no TLS connection for which to not do verification.