I have to enable SSL/TLS in Filebeat configuration to encrypt communication to Logstash.
Right now my ELK cluster use SSL/TLS configuration between nodes with self-signed certificates. Logstash is started on each ELK node.
Certs were generated on the first node of ELK cluster through:
bin/elasticsearch-certutil cert ca --pem --in /tmp/instance.yml --out /tmp/certs/certs.zip
File instance.yml included list of ELK nodes. Command elasticsearch-certutil generated certs for each node like this:
ca.crt
node.crt
node01.key
The question is how to generate certs for machines where filebeat is installed?
Do you have any experience with such configuration?
Do you want to encrypt the communication or do you want to use client authentication? For Encryption, you do not need certificates on the filebeat machines. Just configure filebeat to use SSL and where to find the certificate authorities:
output.logstash:
# The Logstash hosts
hosts: ["host:5043"]
ssl.enabled: true
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/path/to/intermediateCa.crt", "/path/to/rootCa.crt"]
In the Logstash pipeline configure the SSL too(Be aware that the key must be pkcs8 as far as I know):
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.