Filebeat Error

Hello team,

When I setup the auditbeat, I face some issues in my elk server.

Here is error information:

x509: certificate signed by unknown authority.

Could you please help for this issues?

Thanks,

Hi @Phyo_WaThone_Win

could you please share the output of below cmd for further comment:

.\auditbeat.exe test output

Also could you please share the content of "Elasticsearch Output" part from auditbeat.yml.

Thanks for your reply.

Here is my auditbeat output when I run the auditbeat.

Get \"https://10.10.10.2:9200\": x509: certificate signed by unknown authority]","service.name":"auditbeat","ecs.version":"1.6.0"} Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://10.10.10.2:9200: Get "https://10.10.10.2:9200": x509: certificate signed by unknown authority]

And, here is my elasticsearch output from my auditbeat.yml:

output.elasticsearch:

Array of hosts to connect to.

hosts: ["10.10.10.2:9200"]

Protocol - either http (default) or https.

protocol: "https"

Authentication credentials - either API key or username/password.

#api_key: "id:api_key"
username: "user"
password: "mypassword"
`

Hi @Phyo_WaThone_Win

As I can see you have configured output as elasticsearch is https.

So you have to provide elasticsearch's SSL certificate for handshake between the auditbeat and elasticsearch.

Could you please copy the SSL certificate to the machine where auditbeat is running and add a below configuration in output.elasticsearch stanza.

ssl.certificate_authorities: "C:\tmp\elasticsearch-ca.pem"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.