I want to make more secure sending monitoring data from filebeat to ES. Earlier it was secured just by login/password which were sent by HTTP that was detected by our internal IDS. So I implemented NGINX on port 9201 and made such a config, section is below:
#============================== Xpack Monitoring =============================== # filebeat can export internal metrics to a central Elasticsearch monitoring # cluster. This requires xpack monitoring to be enabled in Elasticsearch. The # reporting is disabled by default. # Set to true to enable the monitoring reporter. monitoring.enabled: true # Sets the UUID of the Elasticsearch cluster under which monitoring data for this # Filebeat instance will appear in the Stack Monitoring UI. If output.elasticsearch # is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch. #monitoring.cluster_uuid: monitoring.elasticsearch: cluster_uuid: j-xxxxxxxxxxxxxxxxxxxx hosts: ["https://test.test.local:9201"] username: beats_system password: xxxxxxxxxxxxxxxxxxxxx # Uncomment to send the metrics to Elasticsearch. Most settings from the # Elasticsearch output are accepted here as well. # Note that the settings should point to your Elasticsearch *monitoring* cluster. # Any setting that is not set is automatically inherited from the Elasticsearch # output configuration, so if you have the Elasticsearch output configured such # that it is pointing to your Elasticsearch monitoring cluster, you can simply # uncomment the following line. #monitoring.elasticsearch:
The problem is that filebeat starts and works but nothing is sent to ES. I haven't found any errors in filebeat and ES logs. Maybe something wrong with my config?