Hi,
I am unable to send the data from metricbeat to elasticsearch over SSL.
My setup is:
Elasticsearch 6.4.2
Metricbeat 6.6.1
I have done the following steps:
-
Install Elasticsearch
-
Create CA and Certificates
Create the CA as follows
bin/elasticsearch-certutil ca --pemCreate the certificates as follows
bin/elasticsearch-certutil cert --ca-cert config/certi/ca/ca.crt --ca-key config/certi/ca/ca.key --pem -
In elasticsearch.yml
path.data: /mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/data
path.logs: /mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/logs
network.host: xxx.xx.xxx.xx
http.port: 9202
#----------------------------------- X-Pack ------------------------------------
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/config/certs/instance/instance.key
xpack.security.transport.ssl.certificate: /mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/config/certs/instance/instance.crt
xpack.security.transport.ssl.certificate_authorities: [ "/mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/config/certs/ca/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/config/certs/instance/instance.key
xpack.security.http.ssl.certificate: /mnt/appln/elkuser/withoutdns/elasticsearch-6.4.2/config/certs/instance/instance.crt
Started the elasticsearch
- metricbeat.yml
output.elasticsearch:
hosts: ["xxx.xx.xx.xx:9202"]
protocol: "https"
username: "elastic"
password: "verysecret"
ssl.certificate_authorities: ["/mnt/appln/elkuser/withoutdns/metricbeat-6.6.1-linux-x86_64/certs/ca/ca.pem"]
ssl.certificate: "/mnt/appln/elkuser/withoutdns/metricbeat-6.6.1-linux-x86_64/certs/instance/instance.pem"
ssl.key: "/mnt/appln/elkuser/withoutdns/metricbeat-6.6.1-linux-x86_64/certs/instance/instance.key"
and then started the metricbeat using
./metricbeat -e
But I am unable to send the metric data to elasticsearch and getting the error as
"Failed to connect to backoff(elasticsearch(https://xxx.xx.xxx.xx:9202)): Get https://xxx.xx.xxx.xx:9202: Forbidden"
The certificates I have created are all without dns name and so I am using IP in metricbeat.yml