I have a couple of questions regarding securing communication between Sidecars and Graylog, if someone has a moment. I ran in to an issue with the documentation and am looking for clarification and a possible workaround.
Background on my environment. I have one Graylog node that has been configured for SSL/TLS using a self-signed certificate(configured for HTTPS when accessing the web interface). As of now, I only have a Sidecar installed and configured on one client(a Windows DC).
The documentation says specifically “The Communication between Sidecar and Graylog will be secured if your API uses SSL”. The section following that details how to secure communication between the Collector and Graylog. Does this mean that if you have configured your Graylog server for encryption, in terms of accessing the web interface and API, that the traffic between the Sidecar(client) and Graylog will automatically be encrypted?
Second question/issue is with the following instructions in the documentation:
To secure the communication between the Collector and Graylog you just need to mark
Enable TLS in your Beats Input. Without giving additional Information, Graylog will now create a self-signed certificate for this Input. Now in the Sidecar Beats Output Configuration you just mark
Enable TLS Support and
Insecure TLS connection . After this is saved, the communication between Beats and Graylog will use TLS.
I have attempted to make these changes in my configuration. I checked “Enable TLS” in my Beats Input’s config and did not enter any further information. However, I was unable to find any section or configuration file that covers “Sidecar Beats Output Configuration” to “Enable TLS Support” or check “Insecure TLS connection”. Looking through previous posts in the forum, others have encountered this issue as well, and the general response has been “Yeah, the documentation is referring to config for an older version”. That’s been about it. I haven’t been able to find any further information about this topic. When I check “Enable TLS” in my Beats Input, my sidecar is no longer able to communicate with Graylog, leading me to conclude that I’m missing configuration somewhere else that’s required. I have been unable to find information on the process I need to follow to complete secure setup.
In summary, I’m trying to get as simple and compact a configuration as I can. I’ve used a self-signed cert to configure my Graylog node with SSL/TLS, and would like to secure communication between Sidecars and Graylog, preferably without the need to create any further certificates. Trying to get more information that isn’t covered in documentation.
Any help or suggestions are greatly appreciated. Thanks!