Filebeat with minimal security on ELK

Elastic Stack Elasticsearch
1

Hello everyone,

I am using one ELK stack into only one Centos server.
I tried to follow this tutorial :
security-minimal-setup

So i added this

xpack.security.enabled: true
discovery.type: single-node

into the Elasticsearch.yml

and this
elasticsearch.username: "kibana_system"
into the kibana.yml

It works well into the kibana, i can log in with now one user "elastic"

But it's going wrong with filebeat on my client server which can no more send logs to Elasticsearch.
Does i have to add something into the filebeat configuration ?

setup.kibana:
  host: "10.1.24.194:5601"

output.elasticsearch:
  hosts: ["10.1.24.194:9200"]
  protocol: "https"

Many thanks !

2

Yes, you will need to add a username and password. Check out the Basic authentication section here - Configure the Elasticsearch output | Filebeat Reference [8.11] | Elastic

3

Thanks for the help, i tried to follow the doc

Here's the configuration on the filebeat client

output.elasticsearch:
  hosts: ["10.1.24.194:9200"]
  protocol: "https"
  username: "filebeat_writer"
  password: "Fil3b3ower"
  setup.ilm.check_exists: false

I did this after
privileges-to-publish-events
with an new role and one new user linked to this role "filebeat_writer"

It still not working after
systemctl restart elasticsearch && systemctl restart kibana

I got this error on the filebeat client log:

eslegclient/connection.go:253 Ping request failed with: Get "https://10.1.24.194:9200": dial tcp 10.1.24.194:9200: connectex: Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée.

4

That suggests that there's something blocking Filebeat.

5

if i don't use

xpack.security.enabled: true

nothing block and it works very well for filebeat, any idea ?

6

Hello everyone, if any ideas, help, you are very welcome :slight_smile: