To secure the communication between Topbeat and Elasticsearch, you can use HTTPS and basic authentication. Here is a sample configuration:
The username to use for authenticating to Elasticsearch.
The password to use for authenticating to Elasticsearch.
This setting enables the HTTPS protocol.
The IP and port of the Elasticsearch nodes.
Elasticsearch doesn’t have built-in basic authentication, but you can achieve it either by using a web proxy or by using the Shield commercial plugin.
Topbeat verifies the validity of the server certificates and only accepts trusted certificates. Creating a correct SSL/TLS infrastructure is outside the scope of this document, but a good guide to follow is the Setting Up a Certificate Authority appendix from the Shield guide.
By default Topbeat uses the list of trusted certificate authorities from the operating system where Topbeat is running. You can configure Topbeat to use a specific list of CA certificates instead of the list from the OS. You can also configure it to use client authentication by specifying the certificate and key to use when the server requires the Beat to authenticate. Here is an example configuration:
The list of CA certificates to trust
The path to the certificate for TLS client authentication
The client certificate key
For any given connection, the SSL/TLS certificates must have a subject
that matches the value specified for
hosts, or the TLS handshake fails.
For example, if you specify
hosts: ["foobar:9200"], the certificate MUST
foobar in the subject (
CN=foobar) or as a subject alternative name
(SAN). Make sure the hostname resolves to the correct IP address. If no DNS is available, then
you can associate the IP address with your hostname in
(on Unix) or
C:\Windows\System32\drivers\etc\hosts (on Windows).