Regarding for elastic stack encrypted connections

166 views
Skip to first unread message

Lokman Hakim

unread,
Mar 26, 2020, 1:01:56 PM3/26/20
to Wazuh mailing list
Dear All Brother,
Hope you are very well,
I face some problem in encryption communication wazuh and ELK

I going to share my configure below

Setting up SSL for Elasticsearch
------------------------------------

cat > /usr/share/elasticsearch/instances.yml << EOF
instances:
    - name: "wazuh-manager"
      ip:
        - "192.168.5.11"
    - name: "elasticsearch"
      ip:
        - "192.168.5.11"
    - name: "kibana"
      ip:
        - "192.168.5.11"
EOF


cat >> /etc/elasticsearch/elasticsearch.yml << EOF

#Unbind to a specific IP:
network.host: 127.0.0.1
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.5.11"]

#Transport layer
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca/ca.crt" ]

#HTTP layer
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca/ca.crt" ]
EOF

Note: After configuring elasticsearch not run please help me...

Thanks,
Lokman Hakim

Daria Kempny

unread,
Mar 26, 2020, 3:55:00 PM3/26/20
to Wazuh mailing list
Hello Lokman Hakim,

Could you please tell us what Wazuh and Elasticsearch version you have installed?

Your elasticsearch.yml file has some misconfigurations.
network.host is input twice. The value 0.0.0.0 is an acceptable IP address and will bind to all network interfaces.
As you have a single-node Elastic cluster you don't need discovery.seed_hosts option. This option lists Elasticsearch cluster master-eligible nodes.
Please use cluster.initial_master_nodes option instead.

You can read about both options on:
https://www.elastic.co/guide/en/elasticsearch/reference/current/discovery-settings.html#discovery-settings

To configure X-Pack please follow the documentation on:
https://documentation.wazuh.com/3.12/installation-guide/installing-elastic-stack/protect-installation/xpack.html

This guide explains how to change the other configuration files taking part in the X-Pack setup.

We hope that that information helps.

All the best,
Daria Kempny

Lokman Hakim

unread,
Mar 27, 2020, 7:49:51 AM3/27/20
to Wazuh mailing list
Dear Daria,

Thanks for your advice now elasticsearch up and running but now I face another problem like KIbana not running. I share my configuration in PDF file. Please see the attach file and give me advice on how to resolve it

Thank's
Lokman Hakim
Kibana problem.pdf

Daria Kempny

unread,
Mar 27, 2020, 10:51:29 AM3/27/20
to Wazuh mailing list

Hello Lokman Hakim,

Please do the changes in your configurations.

In elasticsearch.yml use the Elsaticsearch host IP:

network.host: <elasticsearch_ip>

In kibana.yml:

elasticsearch.hosts: ["https:<elasticsearch_ip>:9200"]

In the filebeat.yml:

output.elasticsearch.hosts: ["<elasticsearch_ip>:9200"]

To access Kibana the browser address will be: https://<kibana_ip>:5601

Please let us know if after changes it is all working.

Best regards,
Daria Kempny
Reply all
Reply to author
Forward
0 new messages