How Search Guard works with Beat (without Logstash) ?
47 views
Skip to first unread message
Voortexx
Jan 18, 2019, 11:37:39 AM1/18/19
to Search Guard Community Forum
Elasticsearch and Search Guard version : 6.3.2
Entreprise Module : Disabled
JVM Version : 1.8.0_111
Operating System : Debian 9
I have a question because i didn't find any documentation about Beat in Search Guard main page.
Actually we are using Kibana and Elasticsearch without Logstash.
We don't need it because we only use Winlogbeat for the moment.
So, does we have to use Logstash to make Search Guard works with Beat or it can funtionnate without it ?
If yes is there any documentation to make Elasticsearch, Kibana, Searchguard and Beat work without Logstash ?
Thanks for help !
SG
Jan 19, 2019, 9:12:44 AM1/19/19
to search...@googlegroups.com
Search Guard works perfectly with beats although we no dedicated docs for it. You don't need logstash for it.
Beats are just client which communicate over HTTP/S and the most important config properties are:
output.elasticsearch:
username: filebeat
password: verysecret
protocol: https
hosts: ["localhost:9200"]
ssl.certificate_authorities:
- /etc/pki/my_root_ca.pem
If you like to use client certificate based authentication then it looks like
output.elasticsearch:
protocol: https
hosts: ["elasticsearch.example.com:9200"]
ssl.certificate_authorities:
- /etc/pki/my_root_ca.pem
ssl.certificate: "/etc/pki/client.pem"
ssl.key: "/etc/pki/key.pem"
See:
https://www.elastic.co/guide/en/beats/filebeat/current/securing-communication-elasticsearch.html
https://docs.search-guard.com/latest/client-certificate-auth
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/308ef842-1bde-4c7e-bd65-3adb79898d67%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Beats are just client which communicate over HTTP/S and the most important config properties are:
output.elasticsearch:
username: filebeat
password: verysecret
protocol: https
hosts: ["localhost:9200"]
ssl.certificate_authorities:
- /etc/pki/my_root_ca.pem
If you like to use client certificate based authentication then it looks like
output.elasticsearch:
protocol: https
hosts: ["elasticsearch.example.com:9200"]
ssl.certificate_authorities:
- /etc/pki/my_root_ca.pem
ssl.certificate: "/etc/pki/client.pem"
ssl.key: "/etc/pki/key.pem"
See:
https://www.elastic.co/guide/en/beats/filebeat/current/securing-communication-elasticsearch.html
https://docs.search-guard.com/latest/client-certificate-auth
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/308ef842-1bde-4c7e-bd65-3adb79898d67%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Voortexx
Feb 7, 2019, 4:26:52 AM2/7/19
to Search Guard Community Forum
Thanks for your reply, all is clear now !
Voortexx
Mar 29, 2019, 5:17:29 PM3/29/19
to Search Guard Community Forum
I put this into my winlogbeat file :
output.elasticsearch:
username: kibanaserver
password: kibanaserver
protocol: https
hosts: ["ip_address:9200"]
ssl.certificate_authorities:
-C:\Program Files\Winlogbeat\root-ca.cer
username: kibanaserver
password: kibanaserver
protocol: https
hosts: ["ip_address:9200"]
ssl.certificate_authorities:
-C:\Program Files\Winlogbeat\root-ca.cer
However, i didn't get any entry on kibana discovery
Reply all
Reply to author
Forward
0 new messages