I have ELK setup in my environment. Logstash and filebeat is running on a single machine. Kibana and elasticsearch is running on another machine.
The flow is working fine. Filebeat is able to harvest the logs and send it to logstash. And logstash is able to parse through the logs and send it to elasticsearch which is displayed and visualised in kibana.
Now i have to secure the communications. I was able to secure the communication between filebeat and logstash with self signed SSL certificates as shown below,
logstash.conf
input {
beats {
port => "5043"
ssl => true
ssl_certificate_authorities => "D:/Softwares/ELK/ELK_SSL_Certificates/testca/cacert.pem"
ssl_certificate => "D:/Softwares/ELK/ELK_SSL_Certificates/server/cert.pem"
ssl_key => "D:/Softwares/ELK/ELK_SSL_Certificates/server/pkcs8.key"
#ssl_key_passphrase => "MySecretPassword"
ssl_verify_mode => "force_peer"
}
}
filebeat.yml
output.logstash:
hosts: ["localhost:5043"]
ssl.enabled: true
ssl.certificate_authorities: ["D:/Softwares/ELK/ELK_SSL_Certificates/testca/cacert.pem"]
ssl.certificate: "D:/Softwares/ELK/ELK_SSL_Certificates/client/cert.pem"
ssl.key: "D:/Softwares/ELK/ELK_SSL_Certificates/client/pkcs8.key"
Now i have to secure logstash to elasticsearch to kibana. I tried using x-pack and later learnt that its not free. So i want to know which other free open source plugins are available
I am planning to go for searchguard.
My Requirements:
- have SSL communication between logstash->elasticsearch and elasticsearch->kibana.
- Have https support to connect to kibana,elasticsearch and logstash.
- Have username/password based login to elasticsearch and kibana.
Can i achieve all these things using searchguard. Please note that i dont have elasticsearch cluster.
