Secure Filebeat¶
For security reasons, we strongly recommend configuring the TLS encryption.
Configure the TLS Encryption¶
The connection to Filebeat is secured by the TLS certificate located in the /opt/seal/etc/tls
directory. That means that after you have replaced the self-signed certificate enclosed in delivery by your own certificate in Secure the PLOSSYS 5 Services the connection to Filebeat has already been secured.
Specify the CA Certificate (If Available)¶
This step is only required if your certificate contains a CA certificate. If the certificate exists, it is checked for validity when the connection is established. The CA certificate is saved in /opt/seal/etc/tls/ca.pem
.
-
Open the Filebeat configuration file on the PLOSSYS 5 server:
/opt/seal/etc/filebeat.yml
-
Search for the following line:
insecure: true
-
Replace the line by:
certificate_authorities: ["/opt/seal/etc/tls/ca.pem"]
-
Save the configuration file.
-
Restart the following service:
seal-filebeat
Configure the TLS Encryption in a Cluster¶
If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.