How to setup security correctly?

Hello Everyone,
I have a question I currently have logs coming in without security setup between input and sidecar. I created a CA, created a csr, signed the csr using the CA. So I now have a CA, a cert, and a key for the cert. If I want to encrypt the log data between input and sidecar on the input do I do the following?

**Note HTTPS to the web interface is behind a Nginx reverse proxy with a wildcard cert not related to any of these.

With my sidecar config being:

Needed for Graylog

fields_under_root: true
fields.collector_node_id: {sidecar.nodeName} fields.gl2_source_collector: {sidecar.nodeId}

filebeat.inputs:

  • input_type: log
    paths:
    • /var/log/*.log
      type: log
      output.logstash:
      hosts: [“192.168.2.61:5044”]
      ssl.certificate_authorities: ["/etc/ssl/certs/ca.pem"]
      ssl.certificate: “/etc/ssl/certs/machine-cert.pem”
      ssl.key: “/etc/ssl/certs/machine-key.pem”
      path:
      data: /var/lib/graylog-sidecar/collectors/filebeat/data
      logs: /var/lib/graylog-sidecar/collectors/filebeat/log

My /etc/filebeat/filebeat.yml file containing:

output.logstash:
   hosts: ["192.168.2.61:5044"]
   ssl.certificate_authorities: ["/etc/ssl/certs/ca.pem"]
   ssl.certificate: "/etc/ssl/certs/machine-cert.pem"
   ssl.key: "/etc/ssl/certs/machine-key.pem"

When I do this it shows my input and sidecar are both running and I can see the log directories but no data is sent in. I check the sidecar logs and I receive a connection error and a ton of retries. Am I missing something in these conf files or something else wrong? Not sure really where or what to check at this point. The documentation made sense while I was setting this up I think I am skipping something small.

Below are the errors I receive.

2020-05-27T11:03:58.546-0400 ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://log.domain.com:5044)): read tcp 192.168.2.61:58074->192.168.2.61:5044: read: connection reset by peer

2020-05-27T11:03:58.547-0400 INFO pipeline/output.go:93 Attempting to reconnect to backoff(async(tcp://log.domain.com:5044)) with 36 reconnect attempt(s)

I will add that I have found a few forum posts with somewhat similar issues, but not sure how they solved or if they did.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.