在CentOS上配置Filebeat数据传输加密需使用SSL/TLS,步骤如下:
# 生成CA证书openssl req -x509 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3650 -nodes# 生成Filebeat证书openssl req -newkey rsa:4096 -keyout filebeat.key -out filebeat.csr -nodesopenssl x509 -req -in filebeat.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out filebeat.crt -days 3650/etc/filebeat/filebeat.yml,在output.elasticsearch中启用SSL并指定证书路径。output.elasticsearch:hosts: ["https://elasticsearch_host:9200"]ssl.enabled: truessl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]ssl.certificate: "/etc/filebeat/certs/filebeat.crt"ssl.key: "/etc/filebeat/certs/filebeat.key"/etc/elasticsearch/elasticsearch.yml。xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12sudo systemctl restart filebeatsudo systemctl restart elasticsearchcurl命令测试加密连接是否正常。注意:生产环境建议使用CA签发的证书,避免自签名证书的安全风险。