Logstash output to ES via ssl


(Michael) #1

Hi,

Are there docs/example of using the ssl options in the es output plugin? I'm setting LS and ES on different hosts. I want to encrypt output from LS to ES. I can't seem to find an docs on using using ssl from LS to ES via the ES output plugin. Is there a better output plugin to use for ssl between LS and ES?

thanks,

MIke


(Mark Walkom) #2

The LS docs do go into setting up SSL certs - https://www.elastic.co/guide/en/logstash/2.1/plugins-outputs-elasticsearch.html

What specifically are you missing there?


(Michael) #3

Maybe an example setup would help those of us new to ELKS on how its suppose to be set up. When I set ssl = true and cacert to a certificate file for the es output plugin. logstash get an error connecting to ES via https. straight http without ssl works fine on the es output plugin. Maybe I'm not understanding how the es output plugin works to communicate with ES via ssl. What am i mis-configuring or haven't configured on ES that needs to be there be to accept the https connection from logstash es output plugin.


(Mark Walkom) #4

What's the error?
How did you setup SSL on the ES end?


(Michael) #5

I believe that is the crux of the issue. filebeat to logstash via ssl only needed certificates and the configuration was very straight forward. Logstash to ES on the other hand isn't as straight forward. If one does not use shield, what are the option to configure tls/ssl on ES for logstash to connect to ES via ssl? I think that's what I'm confuse at. I don't see any ssl configuration in the default ES yaml or any do doc to add ssl to that yaml unless I missed it. I see the tls/ssl guide, but it very shield centric. Searching the web gives me nginx/apache proxy option. Are there any ES option without shield not requiring web frontend proxies?


(Mark Walkom) #6

Without Shield for SSL, you need to roll your own.


(system) #7