I am trying to setup a securized ELK stack with redis as a buffer :
filebeat -> redis -> logstash -> elastic
I installed redis with TLS configuration, filebeat can communicate with redis over TLS without any issue.
But i don't understand how to configure logstash. There is a boolean option ssl, but where can i provide the redis certificate ?
filebeat.yml
output.redis:
hosts: ["redishost:6379"]
password: "password"
key: "filebeat"
db: 0
timeout: 5
ssl:
enabled: true
certificate_authorities: ["/etc/filebeat/cert/ca.crt"]
insecure: true
supported_protocols: [TLSv1.2]
verification_mode: none
redis.conf in logstash
redis {
host => "redishost"
password => "password"
db => 0
key => "filebeat"
data_type => "list"
ssl => true
}
Thanks in advance
You cannot configure logstash to trust the redis certificate, or the authority that signed it. The certificate has to be trusted by the JRE or JDK that runs logstash.