I used the following steps.
Logstash input part
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/tmp/certs/ca.crt"]
ssl_certificate => "/tmp/certs/logstash.crt"
ssl_key => "/tmp/certs/logstash.pk8"
ssl_verify_mode => "force_peer"
tags => [ "syslog" ]
}
Filebeat output part
output.logstash:
# The Logstash hosts
hosts: ["instance:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/tmp/certs/ca.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/tmp/certs/filebeat.crt"
# Client Certificate Key
ssl.key: "/tmp/certs/filebeat.key"
Command for certificates:
# CA
$ /usr/share/elasticsearch/bin/elasticsearch-certutil ca --pem --days 3650 -s
# Logstash cert
$ /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert /root/certs/ca.crt --ca-key /root/certs/ca.key --days 3650 --pem --dns istance
# Filebeat cert
$ /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert /root/certs/ca.crt --ca-key /root/certs/ca.key --days 3650 --pem --dns fake
This configuration works but Logstash doesn't authenticate the client.
Can you help me?