从 packetbeat 安全地连接到 open distro elastic
securely connect to open distro elastic from packetbeat
我可以使用 curl 连接到弹性服务器,如下所示。
# curl --user "root:xxxxx" https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com/_aliases
我得到了预期的响应,这意味着凭据是正确的。
{".kibana_3506402_root":{"aliases":{}},".opendistro_security":{"aliases":{}},".kibana_1":{"aliases":{".kibana":{}}}}
但相同的凭据在 packetbeat 中不起作用
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:80"]
# Optional protocol and basic auth credentials.
protocol: "https"
username: "root"
password: "xxxxx"
根据日志,即使配置文件中提到了端口 80,它也会尝试连接到端口 9200。
# tail /var/log/packetbeat/packetbeat
2020-03-01T13:56:03.234Z ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:9200)): Get https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:9200: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
2020-03-01T13:56:03.234Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:9200)) with 10 reconnect attempt(s)
如何通过 packetbeat 使用 open distro 连接到 AWS elastic?
如果我使用 AWS 托管的弹性云,类似的配置工作没有任何问题。
有两点要记住:
1) 您需要 "oss"(开源版本)的 packetbeat 才能工作。
2) 连接到443端口
可在此处找到详细说明...
http://oksoft.blogspot.com/2020/03/packetbeat-to-elastic-server-hosted-by.html
我可以使用 curl 连接到弹性服务器,如下所示。
# curl --user "root:xxxxx" https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com/_aliases
我得到了预期的响应,这意味着凭据是正确的。
{".kibana_3506402_root":{"aliases":{}},".opendistro_security":{"aliases":{}},".kibana_1":{"aliases":{".kibana":{}}}}
但相同的凭据在 packetbeat 中不起作用
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:80"]
# Optional protocol and basic auth credentials.
protocol: "https"
username: "root"
password: "xxxxx"
根据日志,即使配置文件中提到了端口 80,它也会尝试连接到端口 9200。
# tail /var/log/packetbeat/packetbeat
2020-03-01T13:56:03.234Z ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:9200)): Get https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:9200: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
2020-03-01T13:56:03.234Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(https://search-testme-gvzxezayzzc4pcw2xcyvndb6jq.us-east-1.es.amazonaws.com:9200)) with 10 reconnect attempt(s)
如何通过 packetbeat 使用 open distro 连接到 AWS elastic? 如果我使用 AWS 托管的弹性云,类似的配置工作没有任何问题。
有两点要记住:
1) 您需要 "oss"(开源版本)的 packetbeat 才能工作。
2) 连接到443端口
可在此处找到详细说明...
http://oksoft.blogspot.com/2020/03/packetbeat-to-elastic-server-hosted-by.html