在CentOS上使用Filebeat实现日志加密传输,可以通过以下步骤来完成:

首先,确保你已经在CentOS上安装了Filebeat。你可以从Elastic官方网站下载并安装最新版本的Filebeat。
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.0-amd64.debsudo dpkg -i filebeat-7.10.0-amd64.deb编辑Filebeat的配置文件/etc/filebeat/filebeat.yml,添加或修改以下配置以实现日志加密传输。
在filebeat.yml中,找到或添加以下配置:
output.elasticsearch:hosts: ["https://your_elasticsearch_host:9200"]ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]ssl.certificate: "/etc/filebeat/certs/filebeat.crt"ssl.key: "/etc/filebeat/certs/filebeat.key"你需要生成SSL证书和密钥,并将它们放置在指定的目录中。
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/filebeat/certs/ca.key -out /etc/filebeat/certs/ca.crt -subj "/C=US/ST=YourState/L=YourCity/O=YourOrganization/CN=YourCA"sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/filebeat/certs/filebeat.key -out /etc/filebeat/certs/filebeat.csr -subj "/C=US/ST=YourState/L=YourCity/O=YourOrganization/CN=your_elasticsearch_host"sudo openssl x509 -req -in /etc/filebeat/certs/filebeat.csr -CA /etc/filebeat/certs/ca.crt -CAkey /etc/filebeat/certs/ca.key -CAcreateserial -out /etc/filebeat/certs/filebeat.crt -days 365确保Elasticsearch已经配置为接受TLS连接。编辑/etc/elasticsearch/elasticsearch.yml文件,添加或修改以下配置:
xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12然后,使用Elasticsearch的elasticsearch-certutil工具生成证书和密钥:
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil ca --pem --out /etc/elasticsearch/certs/ca.crtsudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --pem -in /etc/elasticsearch/certs/ca.crt -out /etc/elasticsearch/certs/elastic-certificates.p12 -pass ""完成配置后,重启Filebeat和Elasticsearch服务以应用更改。
sudo systemctl restart filebeatsudo systemctl restart elasticsearch确保Filebeat能够成功连接到Elasticsearch,并且日志数据是通过TLS加密传输的。你可以通过查看Elasticsearch的日志文件来验证这一点。
sudo tail -f /var/log/elasticsearch/filebeat.log通过以上步骤,你可以在CentOS上使用Filebeat实现日志的加密传输。确保在生产环境中使用强密码和证书,并定期更新它们以保持安全性。