Configure Filebeat to use X-Pack security
editConfigure Filebeat to use X-Pack security
editIf you want Filebeat to connect to a cluster that has X-Pack security enabled, there are extra configuration steps:
-
Configure authentication credentials.
To send data to a secured cluster through the
elasticsearchoutput, Filebeat needs to authenticate as a user who can manage index templates, monitor the cluster, create indices, read and write to the indices it creates, and manage ingest pipelines. -
Grant users access to Filebeat indices.
To search the indexed Filebeat data and visualize it in Kibana, users need access to the indices Filebeat creates.
-
Configure Filebeat to use encrypted connections.
If encryption is enabled on the cluster, you need to enable HTTPS in the Filebeat configuration.
-
Set the password for the built-in monitoring user.
Filebeat uses the
beats_systemuser to send monitoring data to Elasticsearch. If you plan to monitor Filebeat in Kibana and have not yet set up the password, set it up now.
For more information about X-Pack security, see Securing the Elastic Stack.
Filebeat features that require authorization
editAfter securing Filebeat, make sure your users have the roles (or associated
privileges) required to use these Filebeat features. You must create the
filebeat_writer and
filebeat_reader roles (see Configure authentication credentials and
Grant users access to Filebeat indices). The other roles are
built-in.
| Feature | Role |
|---|---|
Send data to a secured cluster |
|
Run Filebeat modules |
|
Load index templates |
|
Load Filebeat dashboards into Kibana |
|
Load machine learning jobs |
|
Read indices created by Filebeat |
|
View Filebeat dashboards in Kibana |
|
Store and manage configurations in a central location in Kibana |
|