SSL Communication

Hi,

  1. I'm trying to secure communication between Logstash and Filebeat using SSL (windows). After installing X-pack there is no data flowing in.
  2. Also there is no logs in the filebeat folder despite manually creating Filebeat.log.

Please find the filebeat.yml and logstash.conf files below
Filebeat.yml
.
.
output.logstash:

The Logstash hosts

hosts: ["192.x.x.x:5044"]

Optional SSL. By default is off.

ssl.enabled: true

List of root certificates for HTTPS server verifications

ssl.certificate_authorities: "S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\ca\ca.crt"

Certificate for SSL client authentication

ssl.certificate: "S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\IDM01-Filebeat\IDM01-Filebeat.crt"

Client Certificate Key

ssl.key: "S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\IDM01-Filebeat\IDM01-Filebeat.key"

#logging.selectors: ["*"]

logging.to_files: true
logging.files.path: "S:\IDM\filebeat-6.2.2-windows-x86_64\logs\filebeat.log"

Logstash.conf
.
.
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => "C:\ELK6.2.2\elasticsearch-6.2.2\bin\x-pack\NewCertificates\ca\ca.crt"
ssl_certificate => "C:\ELK6.2.2\elasticsearch-6.2.2\bin\x-pack\NewCertificates\ELK\ELK.crt"
ssl_key => "C:\ELK6.2.2\elasticsearch-6.2.2\bin\x-pack\NewCertificates\ELK\ELK.key"
ssl_verify_mode => "peer"
}
}

Am I missing anything? Please help.
Regards,
Rahul

All steps can be found here: https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html

your filebeat output should look something like:

output.logstash:
  hosts: ["logs.mycompany.com:5044"]
  ssl.certificate_authorities: ["/etc/ca.crt"]
  ssl.certificate: "/etc/client.crt"
  ssl.key: "/etc/client.key"

logstash input should look something like:

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/ca.crt"]
    ssl_certificate => "/etc/server.crt"
    ssl_key => "/etc/server.key"
    ssl_verify_mode => "force_peer"
  }
}

Before running Filebeat, you should validate the Logstash server’s certificate:
curl -v --cacert S:\IDM\filebeat-6.2.2-windows-x86_64\NewCertificates\ca\ca.crt 192.x.x.x:5044

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.