Dear all,
I configured Encrypt traffic between Kibana and Elasticsearch successfully and now I can start Kibana (not yet https) and connected Elasticsearch
Here is Elasticsearch's setting:
network.host: 0.0.0.0
discovery.seed_hosts: []
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: http.p12
But I don't know how to connect Filebeat to Logstash or Elasticsearch after setting security for Elasticsearch. I try config Filebeat to connect with Elasticsearch but fail:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["10.50.2.185:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
#ssl_verification_mode: "none"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "beats_system"
password: "XXXXXXXXX"
Error of filebeat:
2021-10-22T11:31:26.174+0700 ERROR [esclientleg] transport/logging.go:37 Error dialing x509: certificate signed by unknown authority {"network": "tcp", "address": "10.50.2.185:9200"}
2021-10-22T11:31:27.751+0700 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://10.50.2.185:9200)): Get "https://10.50.2.185:9200": $
2021-10-22T11:31:27.751+0700 INFO [publisher_pipeline_output] pipeline/output.go:145 Attempting to reconnect to backoff(elasticsearch(https://10.50.2.185:9200)) with 1 reconnect attempt(s)
2021-10-22T11:31:27.751+0700 INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2021-10-22T11:31:27.751+0700 INFO [publisher] pipeline/retry.go:223 done
I use username/password to authenticate with Elasticsearch but the log show about unknow certificate.
How can I connect Filebeat with Elasticseach (or Logstash) with secure setting?
Thank you!