Filebeat over HTTPS

1
votes

I am totally newbie in elk but I'm currently deploying ELK stack via docker-compose (https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html TLS part).

Elasticsearch and Kibana work correctly in HTTPS.

However, I don't understand how to enable Filebeat over HTTPS. I would like to send my nginx logs which is located on another server (over internet, so I do not want to send logs in clear text). Everything works fine in HTTP but when I switch to HTTPS and reload Filebeat I get the following message:

Error: ... Get https://10.15.0.12:9200: x509: certificate is valid for 127.0.0.0.1, not 10.15.0.12

I know I'm doing something wrong but I don't find the answer for Filebeat over HTTPS...

Here is my Filebeat configuration :

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["10.15.0.12:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"

  # Authentication credentials - either API key or username/password.
  username: "elastic"
  password: "myelasticpassword"

Thanks in advance.

1
elasticsearchelastic-stackfilebeatelk

1 Answers

2
votes

I found the error :

My self signed certificate was for 127.0.0.1 host.

I've changed the IP in the instances.yml

Then I changed my filebeat config :

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["xx.xx.xx.xx:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "mypassword"
  ssl.verification_mode: none