文章目录
实验环境
elk端(logstash) centos7.4 192.168.1.26 elk-server
log端(filebeat) centos7.4 192.168.1.40 boke-host
elk端生成证书
vi /etc/pki/tls/openssl.cnf
#在[ v3_ca ]下面填写subjectAltName = IP:192.168.1.26
[ v3_ca ]
subjectKeyIdentifier=hash
subjectAltName = IP:192.168.1.26 #若是elk端处于内网,建议ip写成公网出口ip
cd /etc/pki/tls/
openssl req -subj '/CN=192.168.1.26/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash.key -out certs/logstash.crt
log端生成证书
vi /etc/pki/tls/openssl.cnf
#在[ v3_ca ]下面填写subjectAltName = IP:192.168.1.40
[ v3_ca ]
subjectKeyIdentifier=hash
subjectAltName = IP:192.168.1.40 #若是log端处于内网,建议ip写成公网出口ip
cd /etc/pki/tls/
openssl req -subj '/CN=192.168.1.40/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/filebeat.key -out certs/filebeat.crt
复制各自证书到对应主机的响应目录下,修改配置,并重启生效
#elk端
scp root@192.168.1.40:/etc/pki/tls/certs/filebeat.crt /etc/pki/tls/certs
#log端
scp root@192.168.1.26:/etc/pki/tls/certs/logstash.crt /etc/pki/tls/certs
#修改elk端的logstash配置
vi /etc/logstash/conf.d/00-input-5044.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/etc/pki/tls/certs/filebeat.crt"]
ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
ssl_key => "/etc/pki/tls/private/logstash.key"
ssl_verify_mode => "force_peer"
}
}
#重启logstash
systemctl restart logstash
#修改elk端的filebeat配置
vi /etc/filebeat/filebeat.yml
output.logstash:
# The Logstash hosts
hosts: ["192.168.1.26:5044"]
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash.crt"]
ssl.certificate: "/etc/pki/tls/certs/filebeat.crt"
ssl.key: "/etc/pki/tls/private/filebeat.key"
#重启filebeat
systemctl restart filebeat
如果文章对你有帮助,欢迎点击上方按钮打赏作者
暂无评论