Hello,
so we've started to renew our Cluster for various reasons:
3 Node Cluster (CentOS 7)
Using:
Kibana 7.15
Elasticsearch 7.15
Logstash 7.15
Filebeat 7.15
Winlogbeat 7.15
After we setup xpack Security within Elasticsearch - we proceeded to get our Log-Sources connected. It worked just fine for the firewalls - using the modules of Filebeat. No Problem with the delivery whatsoever.
When we tried to connect our Windows Clients to Elasticsearch - we fail.
The Config Test says it's ok - but the output test runs into a timeout.
C:\Program Files\Winlogbeat>winlogbeat test output
elasticsearch: https://X.X.X.X:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.28.99.66
dial up... ERROR dial tcp 10.28.99.66:9200: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Here's the .yml Configuration on both sides:
Winlogbeat:
output.elasticsearch:
enabled: true
hosts: ["X.X.X.X:9200", "Y.Y.Y.Y:9200", "Z.Z.Z.Z:9200"]
username: "winlogbeat"
password: "YjkS1EvKdPaZvYUC"
ssl.certificate_authorities: "C:\Program Files\winlogbeat\certs\ca.newkey"
#ssl.certificate: "C:\Program Files\winlogbeat\certs\cert.newkey"
#ssl.key: "C:\Program Files\winlogbeat\certs\key.newkey
protocol: "https"
we've tried it both with ssl.certifacte & key enable and disabled.
Elasticsearch:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/key.newkey
xpack.security.transport.ssl.certificate: certs/cert.newkey
xpack.security.transport.ssl.certificate_authorities: ["/etc/elasticsearch/certs/ca.newkey"]
We've tried both with certificate verificate set to none and certificate.
I parsed the logs of elasticsearch - but cannot find any errors belonging to the Windows Server on which we're testing on.
Firewall Rules are in place.
I am sure that i'm just in a kind of tunnel vision and i'm missing out on a crucial simple part - but i fail to see it - maybe someone can help?
Thanks in advance!