在Debian系统上配置Filebeat以增强安全性,可以遵循以下步骤:
sudo apt update
sudo apt install filebeat
/etc/filebeat/filebeat.yml 文件,配置Filebeat的输入和输出。例如:filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
output.elasticsearch:
hosts: ["elasticsearch:9200"]
username: "elastic"
password: "your_password"
setup.template.settings:
index.number_of_shards: 1
setup.ilm.enabled: false
xpack.monitoring.collection.enabled: false
xpack.monitoring.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/ssl/certs/filebeat.crt
xpack.security.transport.ssl.truststore.path: /etc/ssl/certs/filebeat.crt
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/ssl/certs/filebeat.crt
xpack.security.http.ssl.truststore.path: /etc/ssl/certs/filebeat.crt
elasticsearch.yml 文件中添加以下配置:xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12
sudo systemctl restart filebeat
sudo systemctl restart elasticsearch
sudo systemctl status filebeat
通过以上步骤,你可以在Debian系统上成功配置Filebeat的安全设置,包括启用TLS/SSL加密传输。请根据实际需求调整配置文件中的路径和索引名称。