filebeat与logstash实现ssl加密传输

logstash 192.168.1.26

filebeat 192.168.1.10

在logstash 端 生成证书

[root@redhat~]vi /etc/pki/tls/openssl.con 
#在[ v3_ca ]下面填写
subjectAltName = IP:192.168.1.26
[ v3_ca ] 
subjectKeyIdentifier=hash 
subjectAltName = IP:192.168.1.26   #若是elk端处于内网，建议ip写成公网出口ip 

[root@redhat~]cd /etc/pki/tls/ 
openssl req -subj '/CN=192.168.1.26/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash.key -out certs/logstash.crt

 log端生成证书

[root@redhat~]vi /etc/pki/tls/openssl.conf 
#在[ v3_ca ]下面填写subjectAltName = IP:192.168.1.40 

[ v3_ca ] 
subjectKeyIdentifier=hash
subjectAltName = IP:192.168.1.40 
#若是log端处于内网，建议ip写成公网出口ip

[root@redhat~]cd /etc/pki/tls/ 
openssl req -subj '/CN=192.168.1.40/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/filebeat.key -out certs/filebeat.crt

复制各自证书到对应主机的响应目录下，修改配置，并重启生效#elk端 

elk端
scp root@192.168.1.40:/etc/pki/tls/certs/filebeat.crt /etc/pki/tls/certs

#log端 
scp root@192.168.1.26:/etc/pki/tls/certs/logstash.crt /etc/pki/tls/certs 

#修改elk端的logstash配置 
[root@redhat~]vi /etc/logstash/conf.d/00-input-5044.conf 

input { 
  beats {
    port => 5044 
    ssl => true 
    ssl_certificate_authorities => ["/etc/pki/tls/certs/filebeat.crt"] 
    ssl_certificate => "/etc/pki/tls/certs/logstash.crt" 
    ssl_key => "/etc/pki/tls/private/logstash.key" 
    ssl_verify_mode => "force_peer" 
  } 
} 

#重启logstash 
systemctl restart logstash 

#修改elk端的filebeat配置 
[root@redhat~]vi /etc/filebeat/filebeat.yml 

output.logstash: 
# The Logstash hosts 
hosts: ["192.168.1.26:5044"] 

ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash.crt"] 
ssl.certificate: "/etc/pki/tls/certs/filebeat.crt" 
ssl.key: "/etc/pki/tls/private/filebeat.key" 

#重启filebeat 
systemctl restart filebeat