Winlogbeats andTLS/SSL Confusion

I am hoping someone can clarify something for me. The documentation states the following:

" The Communication between Sidecar and Graylog will be secured if your API uses SSL."

It then goes on to talk about securing communication between the collector and Graylog. It states:
" To secure the communication between the Collector and Graylog you just need to mark Enable TLS in your Beats Input. Without giving additional Information, Graylog will now create a self-signed certificate for this Input. Now in the Sidecar Beats Output Configuration you just mark Enable TLS Support and Insecure TLS connection . After this is saved, the communication between Beats and Graylog will use TLS."

If I set 'Enable TLS in the Beats input the communiction stops occurring. I do not see where to set ‘Enable TLS Support’ and ‘Insecure TLS connection’.

We do not have a self signed cert for the Graylog server. The winlogbeats.yml file is set to use the https:// URL for connection to the API.

Can someone clarify this for me? Thanks.

For those out there searching and were as confused as I was here’s what we did to get it working:

We set ‘EnableTLS’ in the Beats Input as well as provide paths for the certificate and key file. Additionally we provided the password to the file.

In the Winlogbeats configuration file we made the following changes:
output.logstash:
hosts: ["<host_name>:5044"] #We changed this from IP address to the hostname
ssl.enabled: true #We added this line
ssl.verification_mode: full #We added this line

Once these things were completed things started working again. I hope this helps someone else out there that’s trying to get this working.

@jwilson
Thanks for sharing

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.