在Debian上实现Filebeat数据加密传输,需通过SSL/TLS配置,步骤如下:
安装Filebeat:
sudo apt-get update && sudo apt-get install filebeat
生成证书与密钥:
mkdir -p /etc/filebeat/ssl
openssl req -x509 -newkey rsa:2048 -keyout /etc/filebeat/ssl/filebeat.key -out /etc/filebeat/ssl/filebeat.crt -days 365 -nodes -subj "/CN=your_domain.com"
配置Filebeat:
编辑/etc/filebeat/filebeat.yml
,在output.elasticsearch
中添加SSL配置:
output.elasticsearch:
hosts: ["https://your-elasticsearch-server:9200"]
ssl.enabled: true
ssl.certificate_authorities: ["/etc/filebeat/ssl/filebeat.crt"]
ssl.certificate: "/etc/filebeat/ssl/filebeat.crt"
ssl.key: "/etc/filebeat/ssl/filebeat.key"
ssl.verification_mode: certificate
并指定CA证书。配置Elasticsearch(若需):
确保Elasticsearch启用SSL(参考官方文档),例如:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.certificate: "/etc/elasticsearch/certs/http.pem"
xpack.security.http.ssl.key: "/etc/elasticsearch/certs/http-key.pem"
重启服务:
sudo systemctl restart filebeat
sudo systemctl restart elasticsearch
验证配置:
检查Filebeat日志/var/log/filebeat/filebeat
,确认无错误且能正常传输数据。
注意:
filebeat
用户)。