Beats insecure TLS


#1

Hello GL community,

I have a little sandbox GL3.0 instance which is successfully ingesting events from a sidecar (1.0) using beats.

I can enable TLS on the beats input, and it assigns the autoconfigured self-signed cert which I verified using curl, but I can’t figure out the beats output lines to set in the sidecar-pushed config…

I’ve read http://docs.graylog.org/en/3.0/pages/sidecar.html#secure-sidecar-communication, but I cannot for the life of me figure out how to "just mark Enable TLS Support and Insecure TLS connection". I’ve tried various snippets from elastic’s website with no luck. I would appreciate any guidance or clarification on the matter. Thanks again GL community!

Respectfully,

/nadmin

My blank sidecar config:
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
hosts: ["logserver.fqdn:5044"]

path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:
- name: Microsoft-Windows-Sysmon/Operational
- name: Security

(Jan Doberstein) #2

what about this settings mentioned in the docs?

https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#_configuration_options_14


#3

Jan,

had skimmed this article in search of answers but got distracted by the logstash server TLS implementation. I’m still getting used to the config syntax so it was lost on me until you reaffirmed that the answers I sought were in that article. Thanks to you; I’m shipping encrypted to my sandbox now, and have a better understanding of logstash configs.

Thanks again for the guidance! I’m sure I’ll be back for more.

Respectfully,

/nadmin