在我之前的文章 “Observability:如何把 Elastic Agent 采集的数据输入到 Logstash 并最终写入到 Elasticsearch”,我详细介绍了如何使用 Elastic Agents 采集数据并把数据通过 Logstash 发送至 Elasticsearch。细心的开发者可能注意到从 Elastic Agents 到 Logstash 直接的链接它不是加密的。这个在实际的使用中可能会有安全的隐患。那么我们该如何配置这个链接之间的安全呢?
要将数据从 Elastic Agent 安全地发送到 Logstash,你需要配置传输层安全性 (TLS)。 使用 TLS 可确保你的 Elastic Agent 将加密数据发送到受信任的 Logstash 服务器,并且你的 Logstash 服务器从受信任的 Elastic Agent 客户端接收数据。
我还是使用之前文章里的配置来进行展示:
前提条件
- 确保你的订阅级别支持输出到 Logstash。
- 在 Windows 上,将队列服务器的端口 8220 和 Logstash 的端口 5044 添加到 Windows 高级防火墙的入站端口规则。
- 如果你要连接到自我管理的 Elasticsearch 集群,则需要用于签署 Elasticsearch 集群 HTTP 层证书的 CA 证书。 有关更多信息,请参阅 Elasticsearch 安全文档。
生成自定义证书和私钥
你可以使用通常使用的任何过程来生成 PEM 格式的证书。 此处显示的示例使用 Elasticsearch 提供的 certutil 工具。
1)生成证书颁发机构 (CA)。 如果你想使用现有的 CA,请跳过此步骤。
./bin/elasticsearch-certutil ca --pem
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1
3. $ ./bin/elasticsearch-certutil ca --pem
4. This tool assists you in the generation of X.509 certificates and certificate
5. signing requests for use with SSL/TLS in the Elastic stack.
7. The 'ca' mode generates a new 'certificate authority'
8. This will create a new X.509 certificate and private key that can be used
9. to sign certificate when running in 'cert' mode.
11. Use the 'ca-dn' option if you wish to configure the 'distinguished name'
12. of the certificate authority
14. By default the 'ca' mode produces a single PKCS#12 output file which holds:
15. * The CA certificate
16. * The CA's private key
18. If you elect to generate PEM format certificates (the -pem option), then the output will
19. be a zip file containing individual files for the CA certificate and private key
21. Please enter the desired output file [elastic-stack-ca.zip]:
22. $ ls
23. LICENSE.txt bin elastic-stack-ca.zip logs
24. NOTICE.txt config jdk.app modules
25. README.asciidoc data lib plugins
26. $ unzip elastic-stack-ca.zip
27. Archive: elastic-stack-ca.zip
28. creating: ca/
29. inflating: ca/ca.crt
30. inflating: ca/ca.key
此命令创建一个 zip 文件,其中包含 CA 证书和用于签署证书的密钥。 解压 zip 文件:
2)生成由你的 CA 签名的客户端 SSL 证书。 例如:
1. ./bin/elasticsearch-certutil cert \
2. --name client \
3. --ca-cert /path/to/ca/ca.crt \
4. --ca-key /path/to/ca/ca.key \
5. --pem
我们在 Ubuntu OS 机器上运行如下的命令并获得相应的信息:
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1
3. $ ./bin/elasticsearch-certutil cert \
4. > --name client \
5. > --ca-cert ./ca/ca.crt \
6. > --ca-key ./ca/ca.key \
7. > --pem
8. This tool assists you in the generation of X.509 certificates and certificate
9. signing requests for use with SSL/TLS in the Elastic stack.
11. The 'cert' mode generates X.509 certificate and private keys.
12. * By default, this generates a single certificate and key for use
13. on a single instance.
14. * The '-multiple' option will prompt you to enter details for multiple
15. instances and will generate a certificate and key for each one
16. * The '-in' option allows for the certificate generation to be automated by describing
17. the details of each instance in a YAML file
19. * An instance is any piece of the Elastic Stack that requires an SSL certificate.
20. Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
21. may all require a certificate and private key.
22. * The minimum required value for each instance is a name. This can simply be the
23. hostname, which will be used as the Common Name of the certificate. A full
24. distinguished name may also be used.
25. * A filename value may be required for each instance. This is necessary when the
26. name would result in an invalid file or directory name. The name provided here
27. is used as the directory name (within the zip) and the prefix for the key and
28. certificate files. The filename is required if you are prompted and the name
29. is not displayed in the prompt.
30. * IP addresses and DNS names are optional. Multiple values can be specified as a
31. comma separated string. If no IP addresses or DNS names are provided, you may
32. disable hostname verification in your SSL configuration.
35. * All certificates generated by this tool will be signed by a certificate authority (CA)
36. unless the --self-signed command line option is specified.
37. The tool can automatically generate a new CA for you, or you can provide your own with
38. the --ca or --ca-cert command line options.
41. By default the 'cert' mode produces a single PKCS#12 output file which holds:
42. * The instance certificate
43. * The private key for the instance certificate
44. * The CA certificate
46. If you specify any of the following options:
47. * -pem (PEM formatted output)
48. * -multiple (generate multiple certificates)
49. * -in (generate certificates from an input file)
50. then the output will be be a zip file containing individual certificate/key files
52. Please enter the desired output file [certificate-bundle.zip]:
54. Certificates written to /Users/liuxg/elastic/elasticsearch-8.8.1/certificate-bundle.zip
56. This file should be properly secured as it contains the private key for
57. your instance.
58. After unzipping the file, there will be a directory for each instance.
59. Each instance has a certificate and private key.
60. For each Elastic product that you wish to configure, you should copy
61. the certificate, key, and CA certificate to the relevant configuration directory
62. and then follow the SSL configuration instructions in the product guide.
64. For client applications, you may only need to copy the CA certificate and
65. configure the client to trust this certificate.
66. $ unzip certificate-bundle.zip
67. Archive: certificate-bundle.zip
68. creating: client/
69. inflating: client/client.crt
70. inflating: client/client.key
3)生成由你的 CA 签名的 Logstash SSL 证书。 例如:
1. ./bin/elasticsearch-certutil cert \
2. --name logstash \
3. --ca-cert /path/to/ca/ca.crt \
4. --ca-key /path/to/ca/ca.key \
5. --dns your.host.name.here \
6. --ip 192.0.2.1 \
7. --pem
针对我的情况:
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1
3. $ ls
4. LICENSE.txt ca data logs
5. NOTICE.txt certificate-bundle.zip elastic-stack-ca.zip modules
6. README.asciidoc client jdk.app plugins
7. bin config lib
8. $ rm certificate-bundle.zip
9. remove certificate-bundle.zip? y
10. $ ./bin/elasticsearch-certutil cert \
11. > --name logstash \
12. > --ca-cert ./ca/ca.crt \
13. > --ca-key ./ca/ca.key \
14. > --dns ubuntu2004 \
15. > --ip 192.168.0.8 \
16. > --pem
17. This tool assists you in the generation of X.509 certificates and certificate
18. signing requests for use with SSL/TLS in the Elastic stack.
20. The 'cert' mode generates X.509 certificate and private keys.
21. * By default, this generates a single certificate and key for use
22. on a single instance.
23. * The '-multiple' option will prompt you to enter details for multiple
24. instances and will generate a certificate and key for each one
25. * The '-in' option allows for the certificate generation to be automated by describing
26. the details of each instance in a YAML file
28. * An instance is any piece of the Elastic Stack that requires an SSL certificate.
29. Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
30. may all require a certificate and private key.
31. * The minimum required value for each instance is a name. This can simply be the
32. hostname, which will be used as the Common Name of the certificate. A full
33. distinguished name may also be used.
34. * A filename value may be required for each instance. This is necessary when the
35. name would result in an invalid file or directory name. The name provided here
36. is used as the directory name (within the zip) and the prefix for the key and
37. certificate files. The filename is required if you are prompted and the name
38. is not displayed in the prompt.
39. * IP addresses and DNS names are optional. Multiple values can be specified as a
40. comma separated string. If no IP addresses or DNS names are provided, you may
41. disable hostname verification in your SSL configuration.
44. * All certificates generated by this tool will be signed by a certificate authority (CA)
45. unless the --self-signed command line option is specified.
46. The tool can automatically generate a new CA for you, or you can provide your own with
47. the --ca or --ca-cert command line options.
50. By default the 'cert' mode produces a single PKCS#12 output file which holds:
51. * The instance certificate
52. * The private key for the instance certificate
53. * The CA certificate
55. If you specify any of the following options:
56. * -pem (PEM formatted output)
57. * -multiple (generate multiple certificates)
58. * -in (generate certificates from an input file)
59. then the output will be be a zip file containing individual certificate/key files
61. Please enter the desired output file [certificate-bundle.zip]:
63. Certificates written to /Users/liuxg/elastic/elasticsearch-8.8.1/certificate-bundle.zip
65. This file should be properly secured as it contains the private key for
66. your instance.
67. After unzipping the file, there will be a directory for each instance.
68. Each instance has a certificate and private key.
69. For each Elastic product that you wish to configure, you should copy
70. the certificate, key, and CA certificate to the relevant configuration directory
71. and then follow the SSL configuration instructions in the product guide.
73. For client applications, you may only need to copy the CA certificate and
74. configure the client to trust this certificate.
75. $ unzip certificate-bundle.zip
76. Archive: certificate-bundle.zip
77. creating: logstash/
78. inflating: logstash/logstash.crt
79. inflating: logstash/logstash.key
4)将 Logstash 密钥转换为 pkcs8。 例如,在 Linux 上运行:
openssl pkcs8 -inform PEM -in logstash.key -topk8 -nocrypt -outform PEM -out logstash.pkcs8.key
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1
3. $ cd logstash/
4. $ openssl pkcs8 -inform PEM -in logstash.key -topk8 -nocrypt -outform PEM -out logstash.pkcs8.key
5. $ ls
6. logstash.crt logstash.key logstash.pkcs8.key
将这些文件存储在安全的位置。我们通过如下的命令来把需要的文件拷贝到 Logstash 的安装目录中去:
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1/logstash
3. $ scp logstash.crt parallels@ubuntu2024:/home/parallels/logstash/logstash-8.8.1/certs
4. logstash.crt 100% 1188 3.0MB/s 00:00
5. $ scp logstash.pkcs8.key parallels@ubuntu2024:/home/parallels/logstash/logstash-8.8.1/certs
6. logstash.pkcs8.key 100% 1708 1.2MB/s 00:00
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1
3. $ cd ca/
4. $ ls
5. ca.crt ca.key
6. $ scp ca.crt parallels@ubuntu2024:/home/parallels/logstash/logstash-8.8.1/certs
7. ca.crt
上述命令在 macOS 上运行。我们在 Ubuntu OS 中进行查看:
1. parallels@ubuntu2004:~/logstash/logstash-8.8.1/certs$ pwd
2. /home/parallels/logstash/logstash-8.8.1/certs
3. parallels@ubuntu2004:~/logstash/logstash-8.8.1/certs$ ls
4. ca.crt logstash.crt logstash.pkcs8.key
我们也把 client 相应的证书拷贝到 Ubuntu OS 里去:
1. $ pwd
2. /Users/liuxg/elastic/elasticsearch-8.8.1
3. $ cd ca/
4. $ ls
5. ca.crt ca.key
6. $ scp ca.crt parallels@ubuntu2024:/home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs
7. ca.crt 100% 1200 890.5KB/s 00:00
8. $ cd ..
9. $ cd client/
10. $ ls
11. client.crt client.key
12. $ scp client.crt parallels@ubuntu2024:/home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs
13. client.crt 100% 1143 873.4KB/s 00:00
14. $ scp client.key parallels@ubuntu2024:/home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs
15. client.key 100% 1675 1.2MB/s 00:00
我们可以在 Ubuntu OS 里进行查看:
1. parallels@ubuntu2004:~/fleet/elastic-agent-8.8.1-linux-arm64/certs$ pwd
2. /home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs
3. parallels@ubuntu2004:~/fleet/elastic-agent-8.8.1-linux-arm64/certs$ ls
4. ca.crt client.crt client.key
配置 Logstash 管道
提示:如果你已经创建了 Logstash elastic-agent-pipeline.conf 管道并将其添加到 pipelines.yml,请跳到示例配置并根据需要修改管道配置。
在 Logstash 配置目录中,打开 pipelines.yml 文件并添加以下配置。 替换你的文件的路径。
1. - pipeline.id: elastic-agent-pipeline
2. path.config: "/etc/path/to/elastic-agent-pipeline.conf"
在 elastic-agent-pipeline.conf 文件中,添加管道配置。 请注意,Elastic Cloud 上的 Elasticsearch 服务所需的配置与自管理 Elasticsearch 集群不同。 如果你复制了 Fleet 中显示的配置,请根据需要进行调整。
我们参照之前文章 “安装独立的 Elastic Agents 并采集数据 – Elastic Stack 8.0” 的例子,我们通过解压缩的方式来安装 Logstash:
logstash.conf
1. input {
2. elastic_agent {
3. port => 5044
4. ssl => true
5. ssl_certificate_authorities => ["/home/parallels/logstash/logstash-8.8.1/certs/ca.crt"]
6. ssl_certificate => "/home/parallels/logstash/logstash-8.8.1/certs/logstash.crt"
7. ssl_key => "/home/parallels/logstash/logstash-8.8.1/certs/logstash.pkcs8.key"
8. ssl_verify_mode => "force_peer"
9. }
10. }
12. output {
13. stdout {}
15. elasticsearch {
16. hosts => ["https://192.168.0.3:9200"]
17. index => "data-%{+YYYY.MM.dd}"
18. ssl => true
19. ilm_enabled => true
20. user => "elastic"
21. password => "z5nxTriCD4fi7jSS=GFM"
22. ca_trusted_fingerprint => "783663875df7ae1daf3541ab293d8cd48c068b3dbc2d9dd6fa8a668289986ac2"
23. }
24. }
请注意在上面,我们使用了 pkcs8 格式的证书。这个在 Elastic 官方文档中指出。
在上面,我们把之前生成的证书拷贝到 Ubuntu OS 机器中,并进行相应的配置。配置完毕后,我们就使用如下的命令来进行启动:
./bin/logstash -f logstash.conf
一旦 Logstash 被成功地运行起来了,我们就可以来配置 elastic-agent.yml 文件。请参考之前的文章 “Observability:如何把 Elastic Agent 采集的数据输入到 Logstash 并最终写入到 Elasticsearch” 来了解如何在 standalone 模式下获得 elastic-agent.yml 文件的配置。我们需要针对它的 output 部分进行配置:
elastic-agent.yml
1. outputs:
2. default:
3. type: logstash
4. hosts: ["192.168.0.8:5044"]
5. ssl.enabled: true
6. ssl.certificate: "/home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs/client.crt"
7. ssl.key: "/home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs/client.key"
8. ssl.certificate_authorities: ["/home/parallels/fleet/elastic-agent-8.8.1-linux-arm64/certs/ca.crt"]
9. # ssl.verification _mode: "none"
请注意上面的证书文件是在上面的部分生成,并通过 scp 的方法拷贝过来的。
除了上面的配置方法之外,我们还可以通过如下的方式来进行配置:
elastic-agent.yml
1. outputs:
2. default:
3. type: logstash
4. hosts: ["192.168.0.8:5044"]
5. ssl.enabled: true
6. ssl.certificate: |
7. -----BEGIN CERTIFICATE-----
8. MIIDITCCAgmgAwIBAgIVAIM1GqVt3OuMATFeE0WnC1oy6NIqMA0GCSqGSIb3DQEB
9. CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
10. ZXJhdGVkIENBMB4XDTIzMDYyNTE0NTM0MloXDTI2MDYyNDE0NTM0MlowETEPMA0G
11. A1UEAxMGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+3M
12. zbfXZMtrAtwVfA4YqKY7kKG5CTYkg30nUQLjnYyQxZIW8uiUceLmGWCOmsA7q6V/
13. TiMIQt8BQ4QufJxfPZKxh5JxdstClrQde0IxvkI3/uLsYvQXuKBSrVTGG4MAcMQ6
14. ELeDbAvx9UdjnP2JDYmDKn/dsR5Ba2En8Pf0LHsQtocKBQ/Cgvc+KdPF2k+1178c
15. qqZYJNNKVo1VkvIKO+tw1rvEO844mgGxmiw6OinCbfpbVbslTfq6Ei/hTKLO4pCN
16. MH2dYFCvVaWgFTs7E89HB43+8n0VLuhtVTpNZ1eFUB9mLAzzXQic+DX1oaHt9qBE
17. FXgBpOXOaGbdZdOdcwIDAQABo00wSzAdBgNVHQ4EFgQUF9W0KNnRZF6lZq7M+9Ds
18. GY0/8zgwHwYDVR0jBBgwFoAUvybvHTp1FnykQfXeFTTArmhDlL8wCQYDVR0TBAIw
19. ADANBgkqhkiG9w0BAQsFAAOCAQEA0/qr+b/IgBJ4fexS9Fvi6yan6etug+2/EZRf
20. AQpE2NwD2A/FNeA2GL5p5tvDMfPlxvFNRDGUIpMUeUw+oK1F04MFEmAC5kH80alK
21. x4j3wWY6ZtdT4p+XuLqKesxH+ArodlY2oWkfqxRWjDpw6MBI426/bsTps+UiBEg4
22. unW/9koH8C6WBBraDH7VT3vboM6Bx/bgbHeDxAdyMrxT1BUttaj0uWInQFbtm43i
23. WsfKlyaP45tez1hFWp9kD9HmFmOTOgld9KKCewGWjl/NJrcMK76Q5K1ibC++Afpu
24. YceIrRzoGb4SHYpIqFGoWgBhE5hYSJ+/G3W2j2aZadWm/9yLsw==
25. -----END CERTIFICATE-----
27. ssl.key: |
28. -----BEGIN RSA PRIVATE KEY-----
29. MIIEpAIBAAKCAQEA8+3MzbfXZMtrAtwVfA4YqKY7kKG5CTYkg30nUQLjnYyQxZIW
30. 8uiUceLmGWCOmsA7q6V/TiMIQt8BQ4QufJxfPZKxh5JxdstClrQde0IxvkI3/uLs
31. YvQXuKBSrVTGG4MAcMQ6ELeDbAvx9UdjnP2JDYmDKn/dsR5Ba2En8Pf0LHsQtocK
32. BQ/Cgvc+KdPF2k+1178cqqZYJNNKVo1VkvIKO+tw1rvEO844mgGxmiw6OinCbfpb
33. VbslTfq6Ei/hTKLO4pCNMH2dYFCvVaWgFTs7E89HB43+8n0VLuhtVTpNZ1eFUB9m
34. LAzzXQic+DX1oaHt9qBEFXgBpOXOaGbdZdOdcwIDAQABAoIBABONOv4+PxiIKYKo
35. K1yvMJDMCjg0jkVLvq9/Z5hZt+7X5n6/j/FWbReXzUO5dpS21dGTSVn0+uOJRmun
36. +6XnTsb7rBkmxstzzVmRBE/t5VjPq/dVLwdbc09MInRcOCjaXj2rrM/MNc+CQZmc
37. aEKcG9Em9YmBiD57I1k9B1uMNFkgOA3J8zBL1UI4dCzW0otYEAvkvgC1bhOc4hZe
38. Im5EguAHPz5yflc5+IFw/iImL5f66tHDuXUTxlMnSY/Fozl34nyxSIVdkD5I1vsC
39. Ph9imQcyt2ikR/g+aINnSPOEYYTczebnpJ82xafygrJHNG0ovdLEL21OdMyrhkYZ
40. zdG9VZECgYEA/KcB18gt81I9LPY1wV9hvgDvTiUxbSNDmiOnzahlXIKyMJz8rMrN
41. sqO5E7j9F3BMCjNCjftL7gmSxJCLS8wCQ7J/cA2V8luMsATg28rwrLvyUjLcynbj
42. r2M+6jIEf+IeuPO23SDwgJNjdy2MK6D2Hb1NXNpdJm/DMdf+4LqCHVsCgYEA9ykz
43. 9Sl8H4BfThrcR+uGPjaVn5GFi/j8bbadK7EYS3MKZ3isxyQulwwwkBS6rI03TXfz
44. PzSne+/fFDS7GWueD3j78+yo6uqXZIskIgYgPBcPK+581bfdZLuKgAc4ez7Vidpo
45. df7PmeLVHopjSQjZrEg8bWumU/bi0kmLB9n/g8kCgYEAzyp5/l+sHfpvIzD3vwng
46. 8ZV+pAsnTiA+TGO0MpREGOkqB2aSYXUh2bsaBSwIi3GPSEXj6twF1LeQ2xDSx2IO
47. 8Uep602YiFO9No+peVAcrOanufLuzC1UYPn2Gr7MpbfaDTn51bQuwJ8aThzQ9O1V
48. IemZR+vduaim23YLDmagTkUCgYEA8vPAjBwkU77XcCo9IEEnK15yg3EDSk0MrTgV
49. lQ426GuD7aQUiohJd9bWobqOqPEDTJY9OIMko1JuASm4RMuhimoNmH+op4rEGGQh
50. t4Q4CXlNQ4zhjx92c/9ZrHHsllF0jFZx2pMINKdhgOzdnbwiZBR5ucFYtS55VeZO
51. 0P/8B+kCgYA/PxzmM0Zw3lkg137SReu0yKQTcxPJN9jAZEf6CFJH9cfj8lz/y8Ww
52. Q/pck51GskOgTrevTNFKig/Ey73fh+Igv2cv2TFFOD9kyl/G7TzU/37yAjqw27hG
53. WQjG/XFVXcnun37hABL6mo+9Up83P/VuHDmFcFbq5ieaj4xxnLYg7A==
54. -----END RSA PRIVATE KEY-----
56. ssl.certificate_authorities:
57. - |
58. -----BEGIN CERTIFICATE-----
59. MIIDSjCCAjKgAwIBAgIVAL6DjfaZpmvUvgvD1oLrSW+MS2SzMA0GCSqGSIb3DQEB
60. CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
61. ZXJhdGVkIENBMB4XDTIzMDYyNTE0NTMwN1oXDTI2MDYyNDE0NTMwN1owNDEyMDAG
62. A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew
63. ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD8wWK4d0D6bCKs7tv3Aw9z
64. 51XmG6V3qovUcYaIQsNsCO+/oN/58zwI4YpGnx/p1f+LINW/TrQ17iK1sIiuHSTt
65. EC/nModLB/zworoKzfazDWWPgFi50d3e2FhkoiBSia5hoWKuFdnvRjUHC5cX+i4K
66. jDQFtK8uBueZI8js4X8JUC3XHBgQbt7e5Wb7a/8lWnTMAB+F7kiZrc/3KrVARRlk
67. P9MkTxF3109Rm48KfwtK0ENKJX/Ys58p+k4OsDIv45bmPizfPSFiUnZqbdEVroPJ
68. HsuP2Y37jwcl5xWFlejTqBkCNwIw5u+qzn/WVy4SlfaodgIuRVUiNH7rMGemhsuF
69. AgMBAAGjUzBRMB0GA1UdDgQWBBS/Ju8dOnUWfKRB9d4VNMCuaEOUvzAfBgNVHSME
70. GDAWgBS/Ju8dOnUWfKRB9d4VNMCuaEOUvzAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
71. SIb3DQEBCwUAA4IBAQAf5zqnTJqy2xFCzFv11YyOQ3aso8tlr55nnpDecdpcMu5k
72. ++HcUCL9ahMBvRYiOHJC9rQzxCHzE0IIgmoGlk2A9Bul65ti5ry3uAjAhG2Ld77v
73. idX//HsFM3A4HMV2UemonvEKFYFengc+st76E3+au40t7QOUSAHCHMdSeeY4VYiv
74. lop6neQ/DYUCKysyHNnj8nwrUoAT7LfBECeE4JpE5Gp5NgYIYuBtF4hn3PTf5lSt
75. 05gl72ME/1ILyxuXroqOA2B9rvMlrt/8Uwmp7usggdo8mtsTM4O6ccUmLHTubnhv
76. +eaVWHoOU4LU+YrhqgqpFlbjcJ5JG1wyovaieDt4
77. -----END CERTIFICATE-----
79. #ssl.verification _mode: "none"
在上面,我们通过粘贴的方式来进行的。这个方法的好处是它和文件的路径没有关系了。特别值得注意的是 ssl.key 它是 RSA PRIVATE KEY 格式的而不是和 logstash.conf 中 elastic-agent input 输入中所需要的 pkcs8 格式的。
等我们配置完后,我们可以通过如下的命令来进行运行:
sudo ./elastic-agent install
1. parallels@ubuntu2004:~/fleet/elastic-agent-8.8.1-linux-arm64$ pwd
2. /home/parallels/fleet/elastic-agent-8.8.1-linux-arm64
3. parallels@ubuntu2004:~/fleet/elastic-agent-8.8.1-linux-arm64$ sudo ./elastic-agent install
4. Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:y
5. Do you want to enroll this Agent into Fleet? [Y/n]:n
我们可以通过如下的命令来查看 elastic-agent 的状态:
service elastic-agent status
在过程中如果有遇到错误信息,我们可以通过如下的方法来查看 elastic-agent 的日志信息:
1. arallels@ubuntu2004:~$ su
2. Password:
3. root@ubuntu2004:/home/parallels# cd /opt/Elastic/Agent/
4. root@ubuntu2004:/opt/Elastic/Agent# ls
5. certs elastic-agent-20230626-1.ndjson elastic-agent.paste.yml fleet.enc NOTICE.txt
6. data elastic-agent-20230626.ndjson elastic-agent.reference.yml fleet.enc.lock README.md
7. elastic-agent elastic-agent.back.yml elastic-agent.yml LICENSE.txt vault
8. root@ubuntu2004:/opt/Elastic/Agent# cd data/elastic-agent-4ac18b/logs
9. root@ubuntu2004:/opt/Elastic/Agent/data/elastic-agent-4ac18b/logs# ls
10. elastic-agent-20230626.ndjson elastic-agent-watcher-20230626.ndjson
11. root@ubuntu2004:/opt/Elastic/Agent/data/elastic-agent-4ac18b/logs# cat elastic-agent-20230626.ndjson
12. {"log.level":"info","@timestamp":"2023-06-26T00:22:02.151Z","log.origin":{"file.name":"cmd/run.go","file.line":236},"message":"APM instrumentation disabled","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
13. {"log.level":"info","@timestamp":"2023-06-26T00:22:02.151Z","log.origin":{"file.name":"application/application.go","file.line":49},"message":"Gathered system information","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
14. {"log.level":"info","@timestamp":"2023-06-26T00:22:02.174Z","log.origin":{"file.name":"application/application.go","file.line":55},"message":"Detected available inputs and outputs","log":{"source":"elastic-agent"},"inputs":["uwsgi/metrics","apache/metrics","nginx/metrics","cloudbeat","container","gcp-pubsub","docker/metrics","mqtt","gcp/metrics","kafka/metrics","synthetics/tcp","entity-analytics","gcs","netflow","kibana/metrics","cloudbeat/cis_eks","cloudbeat/vuln_mgmt_aws","endpoint","cometd","windows/metrics","mssql/metrics","oracle/metrics","activemq/metrics","zookeeper/metrics","synthetics/icmp","azure-eventhub","kafka","aws/metrics","awsfargate/metrics","memcached/metrics","statsd/metrics","cloudfoundry","tcp","azure/metrics","iis/metrics","aws-cloudwatch","haproxy/metrics","apm","logstash/metrics","mongodb/metrics","pf-elastic-symbolizer","cel","o365audit","redis","linux/metrics","lumberjack","redis/metrics","cloudfoundry/metrics","audit/system","audit/file_integrity","cloudbeat/cis_k8s","winlog","http/metrics","synthetics/browser","http_endpoint","unix","elasticsearch/metrics","postgresql/metrics","system/metrics","jolokia/metrics","rabbitmq/metrics","cloud_defend/control","aws-s3","log","udp","enterprisesearch/metrics","packet","vsphere/metrics","pf-host-agent","pf-elastic-collector","journald","syslog","syncgateway/metrics","fleet-server","traefik/metrics","stan/metrics","filestream","beat/metrics","nats/metrics","prometheus/metrics","containerd/metrics","sql/metrics","synthetics/http","osquery","azure-blob-storage","docker","kubernetes/metrics","audit/auditd","cloudbeat/cis_aws","httpjson","mysql/metrics","etcd/metrics"],"ecs.version":"1.6.0"}
15. {"log.level":"info","@timestamp":"2023-06-26T00:22:02.174Z","log.origin":{"file.name":"capabilities/capabilities.go","file.line":54},"message":"Capabilities file not found in /opt/Elastic/Agent/capabilities.yml","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
16. {"log.level":"info","@timestamp":"2023-06-26T00:22:02.174Z","log.origin":{"file.name":"application/application.go","file.line":61},"message":"Determined allowed capabilities","log":{"source":"elastic-agent"},"ecs.version":"1.6.0"}
我们可以在 Logstash 运行的界面中看到如下的信息:
它表明我们的配置是成功的。
我们可以在 Kibana 中查看所收集到的数据:
这样我们就完成了从 Elastic Agent 到 Logstash 的安全连接。
© 版权声明
文章版权归作者所有,未经允许请勿转载,侵权请联系 admin@trc20.tw 删除。
THE END
