Filebeat에서 Logstash로 데이터 전송 시 ssl 설정
Create instance file for elasticsearch-certutil
logstash 노드에서 elasticsearch-certutil 명령어와 instance 파일을 사용하여 p12 파일 생성
# vi instance.yml
instances:
- name: "logstash"
ip:
- "192.168.1.2"Create p12 cert file from elasticsearch-certutil and instance.yml
# /usr/share/elasticsearch/bin/elasticsearch-certutil cert --in instance.yml --silent --out certs.zip
# cd /DIR_TO_LOGSTASH/cert && unzip ~/certs.zip -d ./
# ls
logstash.p12Create key and crt file from p12
openssl 명령어로 crt, key 파일 생성
# openssl pkcs12 -in logstash.p12 -out logstash.crt -clcerts -nokeys
# openssl pkcs12 -in logstash.p12 -out logstash.key -nocerts -nodesEdit each configuration
Logstash
vi logstash.yml
input {
beats {
...
ssl => true
ssl_certificate => "/[LOGSTASH]/cert/logstash.crt"
ssl_key => "/[LOGSTASH]/cert/logstash.key"
...
Filebeat
vi filebeat.yml
output.logstash:
...
ssl.certificate: "/[FILEBEAT]cert/logstash.crt"
ssl.key: "/[FILEBEAT]/cert/logstash.key"
ssl.certificate_authorities: ["/[FILEBEAT]/cert/logstash.crt"]
...Restart logstash and filebeat service on each server
In logstash server
# sudo kill -SIGHUP [PID_OF_$(ps aux |grep logstash)]
In filebeat server
# sudo service filebeat restartCheck each logstash and filebeat log for connection establishment
'System Engineering > Linux' 카테고리의 다른 글
| Nginx: How to purge the proxy cache (0) | 2020.05.25 |
|---|---|
| Ubuntu apt-get upgrade (0) | 2019.12.13 |
| Buffers and cache in memory (Linux) (0) | 2019.11.11 |
| Check the disk type in linux (ubuntu) (0) | 2019.11.07 |
| Bash: sed (0) | 2019.05.07 |