How to push log from Filebeat to Logstash/Elasticsearch affer setting secure TSL?

nhattanmai · October 22, 2021, 4:34am

Dear all,
I configured Encrypt traffic between Kibana and Elasticsearch successfully and now I can start Kibana (not yet https) and connected Elasticsearch

Here is Elasticsearch's setting:

network.host: 0.0.0.0
discovery.seed_hosts: []
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: http.p12

But I don't know how to connect Filebeat to Logstash or Elasticsearch after setting security for Elasticsearch. I try config Filebeat to connect with Elasticsearch but fail:

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["10.50.2.185:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"
  #ssl_verification_mode: "none"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "beats_system"
  password: "XXXXXXXXX"

Error of filebeat:

2021-10-22T11:31:26.174+0700    ERROR   [esclientleg]   transport/logging.go:37 Error dialing x509: certificate signed by unknown authority     {"network": "tcp", "address": "10.50.2.185:9200"}
2021-10-22T11:31:27.751+0700    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://10.50.2.185:9200)): Get "https://10.50.2.185:9200": $
2021-10-22T11:31:27.751+0700    INFO    [publisher_pipeline_output]     pipeline/output.go:145  Attempting to reconnect to backoff(elasticsearch(https://10.50.2.185:9200)) with 1 reconnect attempt(s)
2021-10-22T11:31:27.751+0700    INFO    [publisher]     pipeline/retry.go:219   retryer: send unwait signal to consumer
2021-10-22T11:31:27.751+0700    INFO    [publisher]     pipeline/retry.go:223     done

I use username/password to authenticate with Elasticsearch but the log show about unknow certificate.
How can I connect Filebeat with Elasticseach (or Logstash) with secure setting?
Thank you!

system · November 19, 2021, 6:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.