I am trying to setup a securized ELK stack with redis as a buffer :
filebeat -> redis -> logstash -> elastic
I installed redis with TLS configuration, filebeat can communicate with redis over TLS without any issue.
But i don't understand how to configure logstash. There is a boolean option ssl, but where can i provide the redis certificate ?
filebeat.yml
output.redis:
hosts: ["redishost:6379"]
password: "password"
key: "filebeat"
db: 0
timeout: 5
ssl:
enabled: true
certificate_authorities: ["/etc/filebeat/cert/ca.crt"]
insecure: true
supported_protocols: [TLSv1.2]
verification_mode: none
redis.conf in logstash
redis {
host => "redishost"
password => "password"
db => 0
key => "filebeat"
data_type => "list"
ssl => true
}
Thanks in advance
CodePudding user response:
You cannot configure logstash to trust the redis certificate, or the authority that signed it. The certificate has to be trusted by the JRE or JDK that runs logstash.