How to configure filebeat to use a particular cipher suite


(Sai Birada) #1

I want filebeat to send logs over tls using AES256-SHA cipher, I found cipher_suites option in tls options page of filebeat configuration. But when i used it, I am getting the following error
Exiting: error loading config file: YAML config parsing failed on logstash.yml: yaml: line 15: found character that cannot start any token
Following is my configuration file
filebeat:
prospectors:
-
paths:
- "/root/filebeat/data.log"

  input_type: log
  document_type: log
  registry_file: /var/lib/filebeat/registry

output:
logstash:
hosts: ["10.10.35.66:5044"]
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
cipher_suites: ["AES128/256"]

logging:
to_syslog: false
to_files: true

files:
path: /var/log/filebeat
name: filebeat.log
rotateeverybytes: 10485760
keepfiles: 7
level: debug


(adioss) #2

Maybe check https://www.elastic.co/guide/en/beats/filebeat/current/configuration-output-tls.html
but i think that there are typo on doc. eg: RSA-AES256-CBC-SHA is in fact RSA-AES-256-CBC-SHA
so something like: cipher_suites: [RSA-AES-256-CBC-SHA] should work?


(Steffen Siering) #3

here is a list of ciphers currently available: https://github.com/elastic/beats/blob/master/libbeat/outputs/tls.go#L173

File is yaml, either use:

    cipher_suites: 
      - RSA-AES-256-CBC-SHA

or

    cipher_suites: ["RSA-AES-256-CBC-SHA"]

GIthub issue for typos here: https://github.com/elastic/beats/issues/1801


(system) #4

This topic was automatically closed after 21 days. New replies are no longer allowed.