Beats insecure TLS

Hello GL community,

I have a little sandbox GL3.0 instance which is successfully ingesting events from a sidecar (1.0) using beats.

I can enable TLS on the beats input, and it assigns the autoconfigured self-signed cert which I verified using curl, but I can’t figure out the beats output lines to set in the sidecar-pushed config…

I’ve read http://docs.graylog.org/en/3.0/pages/sidecar.html#secure-sidecar-communication, but I cannot for the life of me figure out how to "just mark Enable TLS Support and Insecure TLS connection". I’ve tried various snippets from elastic’s website with no luck. I would appreciate any guidance or clarification on the matter. Thanks again GL community!

Respectfully,

/nadmin

My blank sidecar config:
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
hosts: ["logserver.fqdn:5044"]

path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:
- name: Microsoft-Windows-Sysmon/Operational
- name: Security

what about this settings mentioned in the docs?

https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#_configuration_options_14

Jan,

had skimmed this article in search of answers but got distracted by the logstash server TLS implementation. I’m still getting used to the config syntax so it was lost on me until you reaffirmed that the answers I sought were in that article. Thanks to you; I’m shipping encrypted to my sandbox now, and have a better understanding of logstash configs.

Thanks again for the guidance! I’m sure I’ll be back for more.

Respectfully,

/nadmin

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.