在CentOS上配置Filebeat的数据加密,可以通过以下步骤实现:
首先,确保你已经在CentOS上安装了Filebeat。如果还没有安装,可以使用以下命令进行安装:
sudo yum install filebeat
编辑Filebeat的配置文件/etc/filebeat/filebeat.yml,添加或修改以下配置项以实现数据加密。
在filebeat.yml中,找到或添加以下配置项来启用SSL/TLS:
output.elasticsearch:
hosts: ["https://your_elasticsearch_host:9200"]
ssl.verification_mode: certificate
ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]
ssl.certificate: "/etc/filebeat/certs/filebeat.crt"
ssl.key: "/etc/filebeat/certs/filebeat.key"
hosts: Elasticsearch的地址,使用HTTPS协议。ssl.verification_mode: 设置为certificate以验证Elasticsearch的证书。ssl.certificate_authorities: 指定CA证书的路径。ssl.certificate: 指定Filebeat的客户端证书路径。ssl.key: 指定Filebeat的客户端私钥路径。确保Elasticsearch也配置了SSL/TLS。编辑Elasticsearch的配置文件/etc/elasticsearch/elasticsearch.yml,添加或修改以下配置项:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.enabled: 启用X-Pack安全功能。xpack.security.transport.ssl.*: 配置传输层的SSL/TLS。xpack.security.http.ssl.*: 配置HTTP层的SSL/TLS。使用Elasticsearch提供的工具生成所需的证书。
sudo bin/elasticsearch-certutil ca --pem --out /etc/filebeat/certs/ca.crt
sudo bin/elasticsearch-certutil cert --pem -out /etc/filebeat/certs/filebeat.crt --ca-cert /etc/filebeat/certs/ca.crt --ca-key /etc/filebeat/certs/ca.key
sudo bin/elasticsearch-certutil key --pem -out /etc/filebeat/certs/filebeat.key --ca-cert /etc/filebeat/certs/ca.crt --ca-key /etc/filebeat/certs/ca.key
完成配置后,重启Filebeat和Elasticsearch服务以应用更改。
sudo systemctl restart filebeat
sudo systemctl restart elasticsearch
确保Filebeat能够成功连接到Elasticsearch,并且数据传输是加密的。可以通过查看日志文件来验证:
sudo tail -f /var/log/filebeat/filebeat
sudo tail -f /var/log/elasticsearch/elasticsearch.log
通过以上步骤,你应该能够在CentOS上成功配置Filebeat的数据加密。