Logstashのクライアント認証について

Elastic In Your Native Tongue 日本語による質問・議論はこちら
1

logstashからlogstashへのhttpプロトコルを利用したデータ送信を模索しています。

output.http -> input.httpによるデータ送信は確認できました。
あとはhttpsとクライアント認証でデータ送信を実現したいと考えています。

公式docを見るとSSL(https)とクライアント認証が可能なようにみえます。

検証した結果、SSLは出来たのですがクライアント認証がうまくいきません。

よろしくお願いします。

以下、検証時情報。

証明書コマンド例
openssl req -x509 -days 18250 -batch -nodes -newkey rsa:2048 -keyout test.key -out test.cert -subj /CN=test)

*送信側*
input {
stdin{}
}
output {
http{
http_method => "post"
url => "https://test:443"
cacert => "./crt/test.crt"
}
}

*受信側*
input {
http{
port => 443
ssl => true
ssl_certificate => "./crt/test.crt"
ssl_key => "./crt/test.key"
}
}
output {
stdout{
codec => rubydebug
}
}

2

what is the problem you see? I tried your configuration and was able to send data:

/tmp/logstash-7.1.0 % bin/logstash -f in.cfg
Sending Logstash logs to /tmp/logstash-7.1.0/logs which is now configured via log4j2.properties
[2019-06-06T13:41:54,883][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-06-06T13:41:54,896][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.1.0"}
[2019-06-06T13:41:56,732][INFO ][logstash.javapipeline    ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, :thread=>"#<Thread:0x33f4594 run>"}
[2019-06-06T13:41:56,839][INFO ][logstash.javapipeline    ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2019-06-06T13:41:56,899][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-06-06T13:41:57,116][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
hey

/tmp/logstash-7.1.0 % bin/logstash -f out.cfg --path.data data2
Sending Logstash logs to /tmp/logstash-7.1.0/logs which is now configured via log4j2.properties
[2019-06-06T13:42:02,007][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-06-06T13:42:02,016][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.1.0"}
[2019-06-06T13:42:03,259][INFO ][logstash.javapipeline    ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, :thread=>"#<Thread:0x6d41fc93 run>"}
[2019-06-06T13:42:03,921][INFO ][logstash.javapipeline    ] Pipeline started {"pipeline.id"=>"main"}
[2019-06-06T13:42:03,936][INFO ][logstash.inputs.http     ] Starting http input listener {:address=>"0.0.0.0:443", :ssl=>"true"}
[2019-06-06T13:42:03,974][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-06-06T13:42:04,252][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9601}
{
      "@version" => "1",
    "@timestamp" => 2019-06-06T12:42:32.435Z,
       "headers" => {
             "connection" => "Keep-Alive",
           "content_type" => "application/json",
         "content_length" => "95",
        "accept_encoding" => "gzip,deflate",
            "http_accept" => nil,
              "http_host" => "test:443",
        "http_user_agent" => "Manticore 0.6.4",
         "request_method" => "POST",
           "http_version" => "HTTP/1.1",
           "request_path" => "/"
    },
       "message" => "hey",
          "host" => "127.0.0.1"
}
3

thanks jsvd.

私もデータ送信は出来ました。
クライアント証明書が出来ません。
クライアント証明書の作成方法や下のoptionsの設定のサンプルとかありますか?

output.http.
client_cert:?
client_key:?

input:.http
ssl_certificate_authorities:?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.