How to configure Filebeat and Logstash 8.1 with TLS

fim · April 4, 2022, 3:19pm

We are trying to secure the connectivity between Filebeat 8.1.1 >> Logstash 8.1.1 >> Elasticsearch 8.1.1
The documentation says we have to add a .p12 certificate in the output section of filebeat.yml and logstash pipeline.

But the built-in Elasticsearch CA doesn't offer a .p12 certificate.

We even do not know the Elasticsearch CA password in order to convert/create a .p12 certificate.

Any help is much appreciated.

ikakavas · April 5, 2022, 2:45am

Both Configure SSL | Filebeat Reference [8.1] | Elastic and Secure communication with Elasticsearch | Filebeat Reference [8.1] | Elastic describe how to do this with PEM encoded certificates

You basically need:

output.elasticsearch:
  hosts: ["https://myEShost:9200"]
  username: "filebeat_writer" 
  password: "YOUR_PASSWORD" 
  ssl.certificate_authorities: /path/to/http_ca.crt

For more details, check the referenced docs

HTH

fim · April 10, 2022, 1:15pm

We were successful implementing the communication between filebeat <> logstash.

But after hours of troubleshooting (since we do not get any errors neither in the logstash log nor in the Elasticsearch log, we still face issue with the connectivitiy between logstash <> Elasticsearch.

We followed this documentation:

We do not get it, which option we should choose.

OPTION 1

output {
  elasticsearch {
    hosts => ["https://myhost.local] 
    cacert => '/etc/logstash/config/certs/ca.crt'
    user => logstash_internal
    password => x-pack-test-password
  }
}

OPTION 2

output {
  elasticsearch {
    hosts => ["https://myhost.local] 
    ssl => true
    cacert => '/path/to/cert.pem' 
    user => logstash_internal
    password => x-pack-test-password
  }
}

In Option 1, the output section of the pipelines.conf a ca.crt is required, but how do we get a .crt format? We just have .pem available from the default Elasticsearch CA?

Option 2 didn't work as well.

Additionally, is the basic authentication optional or required when using the certificate?

Could somebody share the minimum requirement of a conf file when sending data from logstash to Elasticsearch including TSL encryption?

system · May 8, 2022, 1:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL between Filebeat and Logstash using .p12 Logstash	8	5257	May 9, 2018
Filebeat to Logstash TLS Logstash elastic-stack-security	1	253	June 20, 2020
Filebeat encrypted communication to Logstash Beats	3	369	July 31, 2020
Setting up Secure connection between Filebeat and Logstash Logstash elastic-stack-security	1	347	August 8, 2019
Secure filebeat to logstash Beats filebeat	22	1943	August 27, 2020

How to configure Filebeat and Logstash 8.1 with TLS

Related topics