Hi,
*Running ELK 7.9
I am in the process of securing my ELK nodes and I have been struggling with the security settings for the last few days. After spending some time on this, I finally have Elasticsearch and Kibana configured for secure connection and both using certificates in PKCS#12
format.
Most of the documentation found around the web explain how to configure Kibana to use only PEM
format, and so with Logstash, but I was wondering if like Kibana, Logstash is now able to handle PKCS#12
. I would like to use the PKCS#12
format (if possible) to make my config simpler.
- Is Logstash now able to handle
PKCS#12
format?
If YES, please help me with the right steps and config sample.
Documentation used
https://www.elastic.co/guide/en/elasticsearch/reference/7.9/configuring-tls.html#tls-http
https://www.elastic.co/guide/en/logstash/current/ls-security.html
Thank you
*This is the current config that I am trying , but not working so far....
- My
truststore
is not password protected at the moment (password is an empty string)
logstash.yml
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: ["https://localhost:9200"]
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "*******************"
xpack.monitoring.elasticsearch.ssl.truststore.path: "/etc/logstash/certs/elastic-certificates.p12"
xpack.monitoring.elasticsearch.ssl.keystore.path: "/etc/logstash/certs/elastic-certificates.p12"
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
Pipeline config file
output {
elasticsearch {
hosts => "https://127.0.0.1:9200"
index => "[some index]"
template_overwrite => true
template => "[some template]"
user => "logstash_internal"
password => "******************"
keystore => "/etc/logstash/certs/elastic-certificates.p12"
truststore => "/etc/logstash/certs/elastic-certificates.p12"
}
}
Log output
[2020-08-26T13:13:14,528][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.9.0", "jruby.version"=>"jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 OpenJDK 64-Bit Server VM 11.0.8+10-post-Debian-1deb10u1 on 11.0.8+10-post-Debian-1deb10u1 +indy +jit [linux-x86_64]"}
[2020-08-26T13:13:15,912][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"undefined method `toCharArray' for nil:NilClass"}
[2020-08-26T13:13:15,948][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
[2020-08-26T13:13:19,009][INFO ][org.reflections.Reflections] Reflections took 30 ms to scan 1 urls, producing 22 keys and 45 values
[2020-08-26T13:13:19,631][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[2020-08-26T13:13:19,848][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-08-26T13:13:24,903][INFO ][logstash.runner ] Logstash shut down.
[2020-08-26T13:13:24,922][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit