0
点赞
收藏
分享

微信扫一扫

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES 权限控制

kmoon_b426 2024-11-10 阅读 14

在Elasticsearch中使用TLS(传输层安全性)通常是为了确保数据在网络中安全传输。可以使用Elasticsearch官方自带的证书生成工具elasticsearch-certutil生成证书,TLS配置官方指导文档。

二.ES集群开启认证

1.生成证书

#所有节点
#进入ES安装目录
cd /es/softwares/es7/elasticsearch-7.17.5/

#生成证书 指定文件路径 密码为空  证书有效期3650天
./bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""  --days 3650

#修改证书的所有者和所属组为ES运行用户 这里是es
chown es:es config/elastic-certificates.p12

2.修改ES集群的配置文件

#所有节点
cat >>/es/softwares/es7/elasticsearch-7.17.5/config/elasticsearch.yml<<'EOF'
#开启xpack认证
xpack.security.enabled: true
#开启TLS
xpack.security.transport.ssl.enabled: true
#认证方式 证书
xpack.security.transport.ssl.verification_mode: certificate
#认证文件路径
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
EOF

3.重启ES集群

#所有节点
systemctl restart es7

4.生成随机密码

#进入ES安装目录
cd /es/softwares/es7/elasticsearch-7.17.5/
#自动生成密码
./bin/elasticsearch-setup-passwords auto
#输入y  生成内容如下
Please confirm that you would like to continue [y/N]y

Changed password for user apm_system
PASSWORD apm_system = igHVUo78ZFTfB7CI0o3M

Changed password for user kibana_system
PASSWORD kibana_system = XVdqmeVH0rhHv5mYC3Ur

Changed password for user kibana
PASSWORD kibana = XVdqmeVH0rhHv5mYC3Ur

Changed password for user logstash_system
PASSWORD logstash_system = uASdzDDf2A4AY9qFWNqW

Changed password for user beats_system
PASSWORD beats_system = 4sgwwHJmi3g9tR3NZhvW

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 45DxkEodn6kPoW7T44pE

Changed password for user elastic
PASSWORD elastic = SfSnnfYPzBTMMTyUbuRa

5.验证 需要认证   

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_认证

Authorization---Basic Aurh       ES用户名 elastic  ES口令  SfSnnfYPzBTMMTyUbuRa

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_elasticsearch_02

浏览器验证 http://192.168.77.177:9200/_cat/nodes?pretty   ES用户名 elastic  ES口令  SfSnnfYPzBTMMTyUbuRa

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_认证_03

三.连接ES配置

1.kibana连接ES 配置

#kibana节点
#修改kibana配置文件
cat >>/etc/kibana/kibana.yml<<'EOF'
elasticsearch.username: "kibana_system"
elasticsearch.password: "XVdqmeVH0rhHv5mYC3Ur"
EOF
#重启kibana
systemctl restart kibana

浏览器验证 http://192.168.77.176:5601/     ES用户名 elastic  ES口令  SfSnnfYPzBTMMTyUbuRa

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_ES_04

2.filebeat连接ES 配置

#修改filebeat配置文件
cd /es/softwares/filebeat-7.17.5-linux-x86_64/config

#output.elasticsearch:添加认证信息
cat >01-log-to-es.yaml<<'EOF'
filebeat.inputs:
#指定输入类型是log
- type: log
# 指定文件路径
  paths:
    - /var/log/*.log
    - /var/log/**
 
#指定输出端为ES集群
output.elasticsearch:
  hosts: ["http://192.168.77.176:9200","http://192.168.77.177:9200","http://192.168.77.178:9200"]
  username: "elastic"
  password: "SfSnnfYPzBTMMTyUbuRa"
  index: "linux_log_index-%{+yyyy.MM.dd}"
EOF

#启动filebeat实例
filebeat -e -c 01-log-to-es.yaml

3.logstash连接ES 配置

#修改logstash配置文件
cd /es/softwares/logstash-7.17.5/config

#elasticsearch {} 添加认证信息
cat >01-beats-to-es.conf<<'EOF'
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => ["http://192.168.77.176:9200"]
    index => "nginx-logstash-%{+YYYY.MM.dd}"
    user => "elastic"
    password => "SfSnnfYPzBTMMTyUbuRa"
  }
}
EOF

#启动logstash实例
cd /es/softwares/logstash-7.17.5/config
logstash -rf 01-beats-to-es.conf

4.用户名口令修改和权限控制

elastic口令修改

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_elasticsearch_05

用户及用户权限设置

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_elasticsearch_06

ELK日志收集之ES集群 TLS认证 filebeat logstash kibana连接ES  权限控制_ES_07











举报

相关推荐

0 条评论