my question is very easy. Is it possible the Mutual authentication between Logstash and Beats. I can authenticate the server Logstash, but is there a way to authenticate the client?
I'd like to have different certificates for every beats node to solve many security incidents.
Yes it is possible. You need to refer to Beats Logstash configuration and Logstash Beats input configuration. Read optional SSL configuration parameters.
output.logstash:
# The Logstash hosts
hosts: ["instance:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/tmp/certs/ca.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/tmp/certs/filebeat.crt"
# Client Certificate Key
ssl.key: "/tmp/certs/filebeat.key"
When you say Logstash does not verify client, what is the error you get in Logstash log.
I used 2 different certificates, with real and fake hostname and I could write in elasticsearch.
So maybe there is a problem in my configuration.
I'm using force_peer for logstash and verification_mode: full for beats, but It doesn't work.
I don't have any errors. The configuration with certificate with fake name for beat works.
This is my problem. I'd like that with fake certificate logstash rejects connection.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.