I have a WinLogBeat config file, with the following Logstash output section:
output.logstash:
# The Logstash hosts
enabled: true
hosts: ["host:5044"]
ssl.enabled: true
ssl.certificate_authorities: ["C:/Program Files/winlogbeat/cacert.cer"]
This config appears to work, as I can see log entries showing events being successfully sent, but I don't have access to the ELK stack to see what config is on the server.
I've read the documentation and everything I can find shows the config file with the SSL certificate and key values also set. I understand that the certificate_authority setting allows the client to trust certs signed by the CA, but I don't understand how the client then initiates a connection.
What certificate/key values are used by the client in this scenario? Where would they be specified?
If the certificate/key are not specified then a client certificate is not used to authenticate the client to the server. The server certificate is used to encrypt the connection, and the certificate authorities are used to validate that certificate.