Hi,
I'm trying to set TLS communication between filebeat and logstash. I can see the documentation here https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html but this is in case of crt and key. But I have a .pem
How should my config be changed?
Here is the logstash.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/etc/kibana/elasticsearch-ca.pem"]
#ssl_certificate => "/etc/server.crt"
#ssl_key => "/etc/server.key"
#cacert => '/home/amdin1/Desktop/elasticsearch-ca.pem'
ssl_verify_mode => "force_peer"
}
}
output {
if [@metadata][pipeline] {
elasticsearch {
hosts => "https://192.168.2.220:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => "elastic"
password => "@bc123"
ssl => true
cacert => '/etc/kibana/elasticsearch-ca.pem'
}
} else {
elasticsearch {
hosts => "https://192.168.2.220:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "@bc123"
ssl => true
cacert => '/etc/kibana/elasticsearch-ca.pem'
}
}
}
Here is the logstash optput part in filebeat.yml (note that elasticsearch-ca.pem is copied from server to ubuntu client desktop)
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["192.168.2.220:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/home/amdin/Desktop/elasticsearch-ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
Note: I already have the following:
- elastic-stack-ca.p12
- elastic-certificates.p12
- http.p12
- kibana-server.p12
- elasticsearch-ca.pem
Any help please?
Regards,