CentOS中Filebeat怎样进行数据传输加密
作者:袖梨
2026-06-19
在CentOS中,Filebeat支持通过TLS/SSL进行数据传输加密。以下是如何配置Filebeat以进行数据传输加密的步骤:
1. 安装Filebeat
首先,确保你已经安装了Filebeat。如果没有安装,可以使用以下命令进行安装:
sudo yum install filebeat2. 配置Filebeat
编辑Filebeat的配置文件/etc/filebeat/filebeat.yml,添加或修改以下配置项以启用TLS/SSL加密。
2.1 生成证书和密钥
你需要为Filebeat和Elasticsearch生成证书和密钥。可以使用OpenSSL来生成这些文件。
生成Elasticsearch证书和密钥
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/elasticsearch-key.pem -out /etc/pki/tls/certs/elasticsearch-cert.pem -subj "/CN=elasticsearch"生成Filebeat证书和密钥
sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/filebeat-key.pem -out /etc/pki/tls/certs/filebeat-cert.pem -subj "/CN=filebeat"生成CA证书
sudo openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout /etc/pki/tls/private/ca-key.pem -out /etc/pki/tls/certs/ca-cert.pem -subj "/CN=ca"2.2 配置Elasticsearch
将生成的证书和密钥文件复制到Elasticsearch的配置目录中,并修改elasticsearch.yml文件以启用TLS/SSL。
sudo cp /etc/pki/tls/certs/elasticsearch-cert.pem /etc/elasticsearch/config/sudo cp /etc/pki/tls/private/elasticsearch-key.pem /etc/elasticsearch/config/sudo cp /etc/pki/tls/certs/ca-cert.pem /etc/elasticsearch/config/# 编辑elasticsearch.ymlsudo vi /etc/elasticsearch/config/elasticsearch.yml在elasticsearch.yml中添加以下配置:
xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12xpack.security.http.ssl.enabled: truexpack.security.http.ssl.keystore.path: elastic-certificates.p12xpack.security.http.ssl.truststore.path: elastic-certificates.p122.3 配置Filebeat
将生成的证书和密钥文件复制到Filebeat的配置目录中,并修改filebeat.yml文件以启用TLS/SSL。
sudo cp /etc/pki/tls/certs/filebeat-cert.pem /etc/filebeat/config/sudo cp /etc/pki/tls/private/filebeat-key.pem /etc/filebeat/config/sudo cp /etc/pki/tls/certs/ca-cert.pem /etc/filebeat/config/# 编辑filebeat.ymlsudo vi /etc/filebeat/filebeat.yml在filebeat.yml中添加以下配置:
filebeat.inputs:- type: logenabled: truepaths:- /var/log/*.logfields:ssl.enabled: truessl.certificate_authorities: ["/etc/filebeat/config/ca-cert.pem"]ssl.certificate: "/etc/filebeat/config/filebeat-cert.pem"ssl.key: "/etc/filebeat/config/filebeat-key.pem"output.elasticsearch:hosts: ["https://localhost:9200"]ssl.verification_mode: certificatessl.certificate_authorities: ["/etc/filebeat/config/ca-cert.pem"]ssl.certificate: "/etc/filebeat/config/filebeat-cert.pem"ssl.key: "/etc/filebeat/config/filebeat-key.pem"3. 重启服务
完成配置后,重启Filebeat和Elasticsearch服务以应用更改。
sudo systemctl restart filebeatsudo systemctl restart elasticsearch4. 验证配置
确保Filebeat能够成功连接到Elasticsearch,并且数据传输是加密的。你可以使用以下命令检查Filebeat的日志:
sudo journalctl -u filebeat -f通过以上步骤,你应该能够在CentOS中成功配置Filebeat以进行数据传输加密。
