Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate Logstash output to a secure Elasticsearch URL (version 5.6.5)

Tags:

authentication

https

elasticsearch

logstash

logstash-configuration

I am using Logstash and Elasticsearch versions 5.6.5. So far used elasticsearch output with HTTP protocol and no authentication. Now Elasticsearch is being secured using basic authentication (user/password) and CA certified HTTPS URL. I don't have any control over the elasticsearch server. I just use it to output from Logstash.

Now when I try to configure the HTTPS URL of elasticsearch with basic authentication, it fails to create the pipeline.

Output Configuration

output { 
 elasticsearch {
   hosts => ["https://myeslasticsearch.server.io"]
   user => "esusername"
   password => "espassword"
   ssl => true
 }
}

Errors

 1. Error registering plugin {:plugin=>"#<LogStash::OutputDelegator:0x50aa9200
 2. Pipeline aborted due to error {:exception=>#<URI::InvalidComponentError: bad component(expected user component):

How to fix this? I notice that there is a field called cacert which requires some PEM file. But I am not sure what to put there since the Elasticsearch server is using a CA certified SSL not a self-signed one.

Addtional question: I don't have any xpack installed. Is 'xpack' required to be purchased for HTTPS output to Elasticsearch from Logstash?

like image 732
Loganathan Avatar asked Mar 05 '18 11:03

Loganathan

1 Answers

I found the root cause of the issue. There were three things to fix:

  1. The logstash version I tested with was wrong 5.5.0. I downloaded the correct version to match with Elasticsearch Version 5.6.5.

  2. The host I used was running on 443 port. When I didn't specify the port as below logstash appended 9200 with it, due to which the connection failed.

    hosts => ['https://my.es.server.com']

    Below configuration corrected the port used by logstash.

    hosts => ['https://my.es.server.com:443']

  3. I was missing proxy connection settings.

    proxy => 'http://my.proxy.com:80'

Overall settings that worked.

output {
    elasticsearch {
       hosts => ['https://my.es.server.com:443']
       user => 'esusername'
       password => 'espassword'
       proxy => 'http://my.proxy:80'
       index => "my-index-%{+YYYY.MM.dd}"
    }
}

No need for 'ssl' field.

Also NO need for 'xpack' installation for this requirement.

like image 83
Loganathan Avatar answered Sep 19 '22 10:09

Loganathan
Sign in to Comment

Related questions

How signin-google in asp.net core authentication is linked to the google handler?
How to add AzureAD AND AzureADBearer to asp.net core 2.2 web api
Blazor @attribute [Authorize] tag is not working
User authentication without Session state in ASP.NET
IIS7/Win7 - Make sure that the application pool identity has Read access to the physical path
How should I securely store passwords and use http auth in a chrome extension
Should I verify HTTP Referer in OAuth 2 Callback?
How to inject the in-memory user provider into a service?
Yii, best way to implement "user change of password"
Override Django authentication with middleware
Authentication using Facebook with Passportjs: what is accessToken for, what should I store after registration?
A member of the System.Security.Claims namespace is not available?
Testing Django 1-5 Reset Password Form - how to generate the token for the test?
Authentication with Azure Active Directory - how to accept user credentials programmatically
DropWizard Auth Realms
django-rest-framework Token Auth and logout
401 Unauthorised due to CORS when sending request to get user token
Add custom validation to JWT token for ASP.NET Core?
CouchDB Proxy Authentication Doesn't work
Web Socket connection with Basic Access Authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!