Logstash Key store

Elastic Stack Logstash
1

I am trying to improve my ELK security with logstash keystore.

I am following instruction from this article:
https://www.elastic.co/guide/en/logstash/current/keystore.html

All instructions seems to be straight forward until there is actually time to type variables ....

I want to create 2 variables: ${var1} , ${var1}. I have created password protected keystore and I have moved it to config folder (this is where my .conf file is located)

Now, when I create variables that supposed to hold cloud_id and cloud_auth do I need to type it character by character or can I simple copy - paste? Especially cloud_id is a super long String. To make it more complicated when I type I can not see what is getting type. This makes it super easy to make a mistake.

As always, thank you for support in the advance.

2

Hmm don't think you should move the keystore it belongs here

The keystore must be located in Logstash’s path.settings directory. This is the same directory that contains the logstash.yml file.

And yes you can paste in the strings at the command line

3

By defult keysotre is located in bin folder. You are right instruction says ''same direectory that contain logstash.yml'' which is config folder

image
image949×453 48.6 KB

4

Directory layout.

Typically you run keystore from base directory not from inside the .\bin and then it should probably end up in the right place.

.\bin\logstash-keystore create

5

That's correct, after creation keystore ends up in bin dicrectory. But also, as you cited above

The keystore must be located in Logstash’s path.settings directory. This is the same directory that contains the logstash.yml file.

This says that logstash.yml should be in the same direcotry that keystore. Does it mean that I should move .yml file to bin instead of moving keystore to config directory?

image
image958×128 7.01 KB

6

Exactly what command and from exactly where did you run it.

Or try it and see if it works.

I've always run the command exactly as it's defined in the documents, from the base directory not inside the bin and never had an issue.

In fact I've never really even thought about where it is until you asked I follow the documents and it's always worked.

1 Like
7 
ceres:logstash-7.13.0 sbrown$ pwd
/Users/sbrown/workspace/elastic-install/7.13.0/logstash-7.13.0

ceres:logstash-7.13.0 sbrown$ ./bin/logstash-keystore create
....

ceres:logstash-7.13.0 sbrown$ cd config
ceres:config sbrown$ pwd
/Users/sbrown/workspace/elastic-install/7.13.0/logstash-7.13.0/config
ceres:config sbrown$ ls -la
total 40
drwxr-xr-x   9 sbrown  staff    288 Jun 10 19:22 ./
drwxr-xr-x  19 sbrown  staff    608 Jun  8 08:48 ../
-rw-r--r--   1 sbrown  staff   2034 May 19 14:58 jvm.options
-rw-r--r--   1 sbrown  staff   7561 May 19 14:58 log4j2.properties
-rw-r--r--   1 sbrown  staff    342 May 19 14:58 logstash-sample.conf 
-rw-r--r--   1 sbrown  staff    472 Jun 10 19:22 logstash.keystore <-----
-rw-r--r--   1 sbrown  staff  11194 May 19 14:58 logstash.yml
-rw-r--r--   1 sbrown  staff   3693 May 19 14:58 pipelines.yml
-rw-r--r--   1 sbrown  staff   1696 May 19 14:58 startup.options
ceres:config sbrown$
1 Like
8

Nice, so it created keystore in config folder when you executed "logstash-keystore create" from the base directory. Cool, I have a few meetings in the morning but I will keep working on this today.

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.