在CentOS上,Filebeat可以通过配置SSL/TLS加密来实现安全传输。以下是具体的配置步骤:
openssl genrsa -out ca.key
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
openssl genrsa -out server.key
openssl req -new -key server.key -subj "/CN=本机IP" -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out server.crt -days 5000
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl ca -in client.csr -cert ca.crt -keyfile ca.key -out client.crt
编辑filebeat.yml文件,添加或修改以下配置:
output.elasticsearch:
hosts: ["https://your_elasticsearch_host:9200"]
ssl.certificate_authorities: ["/path/to/ca.crt"]
ssl.certificate: "/path/to/client.crt"
ssl.key: "/path/to/client.key"
protocol: "https"
username: "elastic"
password: "your_elasticsearch_password"
确保Elasticsearch已启用安全特性并配置了相应的证书。编辑elasticsearch.yml文件,添加或修改以下配置:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: "/path/to/server.key"
xpack.security.transport.ssl.certificate: "/path/to/server.crt"
xpack.security.transport.ssl.certificate_authorities: ["/path/to/ca.crt"]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: "/path/to/server.key"
xpack.security.http.ssl.certificate: "/path/to/server.crt"
xpack.security.http.ssl.certificate_authorities: ["/path/to/ca.crt"]
通过以上步骤,Filebeat与Elasticsearch之间的通信将通过SSL/TLS加密,从而保证数据传输的安全性。