I am using logstash in the SSL environment, in such a way that beats are connecting to logstash but logstash itself not sending data to elasticsearch. So I added the file
output plugin, it seems the problem is not resolved
Elasticsearch Index
root@ubuntu-s-2vcpu-4gb-blr1-01:~# curl https://localhost:9200/_cat/indices --insecure -u admin:admin
yellow open security-auditlog-2020.04.24 l6Z0rboZSaaVtYhp0W8z6A 1 1 1722 0 545.8kb 545.8kb
green open wazuh-alerts-3.x-2020.04.23 8gJ2UmWrSxKskXUOW95jmw 3 0 644 0 1.1mb 1.1mb
yellow open security-auditlog-2020.04.23 lGnEmAgETPmMcg0rqzMHig 1 1 768 0 361.7kb 361.7kb
green open .kibana_task_manager_1 xP-DYERoTYS6zT3g0JR3lg 1 0 2 0 26.7kb 26.7kb
green open .apm-agent-configuration 8UjsvJjlRlG7vdr50MfQJg 1 0 0 0 283b 283b
green open ilm-history-1-000001 7c7IRPJQQBCjAX1vUDd0CA 1 0 18 0 25.3kb 25.3kb
green open .kibana_1 Jfrow1yoRDagBZzxfAqcdA 1 0 511 26 461.3kb 461.3kb
green open .opendistro_security kqcyE_MsRfSdw3kHevDgbg 1 0 6 0 32.5kb 32.5kb
green open kibana_sample_data_flights xC40h468Rp2YYzGoruRQPQ 1 0 13059 0 6.3mb 6.3mb
Logstash configuration
input {
beats {
port => 5044
host => "0.0.0.0"
}
}
output {
file {
path => "/root/%{[@metadata][beat]}-%{+YYYY.MM.dd}.txt"
}
elasticsearch {
hosts => ["https://localhost:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
user => "admin"
password => "admin"
ssl_certificate_verification => "false"
}
}
Packetbeat testing connection
logstash: PRIVATE_IP:5044...
connection...
parse host... OK
dns lookup... OK
addresses: 167.71.226.87
dial up... OK
TLS... WARN secure connection disabled
talk to server... OK
Files in /root
root@ubuntu-s-2vcpu-4gb-blr1-01:~# ls /root/
root@ubuntu-s-2vcpu-4gb-blr1-01:~#