在Debian系统上配置Filebeat以增强安全性,可以遵循以下步骤:
sudo apt update sudo apt install filebeat /etc/filebeat/filebeat.yml 文件,配置Filebeat的输入和输出。例如:filebeat.inputs: - type: log enabled: true paths: - /var/log/*.log output.elasticsearch: hosts: ["elasticsearch:9200"] username: "elastic" password: "your_password" setup.template.settings: index.number_of_shards: 1 setup.ilm.enabled: false xpack.monitoring.collection.enabled: false xpack.monitoring.enabled: false xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /etc/ssl/certs/filebeat.crt xpack.security.transport.ssl.truststore.path: /etc/ssl/certs/filebeat.crt xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: /etc/ssl/certs/filebeat.crt xpack.security.http.ssl.truststore.path: /etc/ssl/certs/filebeat.crt elasticsearch.yml 文件中添加以下配置:xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.http.ssl.truststore.path: /etc/elasticsearch/config/certs/elastic-certificates.p12 sudo systemctl restart filebeat sudo systemctl restart elasticsearch sudo systemctl status filebeat 通过以上步骤,你可以在Debian系统上成功配置Filebeat的安全设置,包括启用TLS/SSL加密传输。请根据实际需求调整配置文件中的路径和索引名称。
