Hi,
What exactly is behavior of logstash with this configuration?
output {
elasticsearch {
user => ""
password => ""
ssl => "true"
ssl_certificate_verification => false
hosts => []
cacert => "/rootcafile.pem"
manage_template => false
index => ""
document_type => "%{[@metadata][type]}"
}
}
Will it will verify the elasticsearch on the end via the rootca with have configured as part of the "cacert" property above? It will then send the user/password over the established SSL connection?
Below is a list of our overall config here. I have the situation listed above, then our common logstash case (which I understand), then our elastic server config. I am only uncertain above the case where we use the cacert in logstash and what exactly happens there in the flow.
a few logstash's
output {
elasticsearch {
user => ""
password => ""
ssl => "true"
ssl_certificate_verification => false
hosts => []
cacert => "/rootcafile.pem"
manage_template => false
index => ""
document_type => "%{[@metadata][type]}"
}
}
most of our other logstash's
output{
elasticsearch {
hosts => ["edited"]
index => ""
user => ""
password => ""
template => ""
template_name => ""
template_overwrite => true
ssl => true
ssl_certificate_verification => false
truststore => ""
truststore_password=> ""
}
}
elasticsearch server
searchguard:
enterprise_modules_enabled: false
ssl:
transport:
enable_openssl_if_available: true
enabled: true
keystore_type: JKS
keystore_filepath:
keystore_password:
truststore_type: JKS
truststore_filepath:
truststore_password:
enforce_hostname_verification:
http:
enable_openssl_if_available: true
enabled: true
keystore_type: JKS
keystore_filepath:
keystore_password:
truststore_type: JKS
truststore_filepath:
truststore_password:
# Admin users
authcz.admin_dn:
-
Have read about the cacert here, but still would like to know the details of the specific config I posted.
https://www.elastic.co/guide/en/logstash/6.3/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-cacert
Thanks