SSL Communication

Rahul_Pm · April 25, 2018, 9:23am

Hi,

I'm trying to secure communication between Logstash and Filebeat using SSL (windows). After installing X-pack there is no data flowing in.
Also there is no logs in the filebeat folder despite manually creating Filebeat.log.

Please find the filebeat.yml and logstash.conf files below
Filebeat.yml
.
.
output.logstash:

The Logstash hosts

hosts: ["192.x.x.x:5044"]

Optional SSL. By default is off.

ssl.enabled: true

List of root certificates for HTTPS server verifications

ssl.certificate_authorities: "S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\ca\ca.crt"

Certificate for SSL client authentication

ssl.certificate: "S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\IDM01-Filebeat\IDM01-Filebeat.crt"

Client Certificate Key

ssl.key: "S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\IDM01-Filebeat\IDM01-Filebeat.key"

#logging.selectors: ["*"]

logging.to_files: true
logging.files.path: "S:\IDM\filebeat-6.2.2-windows-x86_64\logs\filebeat.log"

Logstash.conf
.
.
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => "C:\ELK6.2.2\elasticsearch-6.2.2\bin\x-pack\NewCertificates\ca\ca.crt"
ssl_certificate => "C:\ELK6.2.2\elasticsearch-6.2.2\bin\x-pack\NewCertificates\ELK\ELK.crt"
ssl_key => "C:\ELK6.2.2\elasticsearch-6.2.2\bin\x-pack\NewCertificates\ELK\ELK.key"
ssl_verify_mode => "peer"
}
}

Am I missing anything? Please help.
Regards,
Rahul

JKhondhu · April 26, 2018, 8:45pm

All steps can be found here: https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html

your filebeat output should look something like:

output.logstash:
  hosts: ["logs.mycompany.com:5044"]
  ssl.certificate_authorities: ["/etc/ca.crt"]
  ssl.certificate: "/etc/client.crt"
  ssl.key: "/etc/client.key"

logstash input should look something like:

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/ca.crt"]
    ssl_certificate => "/etc/server.crt"
    ssl_key => "/etc/server.key"
    ssl_verify_mode => "force_peer"
  }
}

Before running Filebeat, you should validate the Logstash server’s certificate:
curl -v --cacert S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\ca\ca.crt 192.x.x.x:5044

system · May 24, 2018, 8:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Secure Communication Between Filebeat and Logstash Logstash	1	997	October 31, 2017
Debug Errors while setting up SSL communication between Filebeat and Logstash Beats filebeat	7	7158	December 15, 2017
Configuring x-pack for SSl communication betweeen elasticsearch and logstash Logstash	16	3767	July 13, 2017
Filebeat cannot connect to Logstash using ssl. curl: (35) TCP connection reset by peer Beats filebeat	3	1655	January 14, 2020
Using ssl between filebeat client and logstash server Logstash	1	716	July 6, 2017