Elasticsearch 8 Security - Filebeat Logstash SSL Mutual Authentication Example

Подписаться 17 тыс.

50% 1

This video provides a step-by-step guide on configuring SSL/TLS mutual authentication between Filebeat and Logstash (Elasticsearch 8). It covers generating SSL certificates, configuring Filebeat to send logs securely, and setting up Logstash to accept connections only from authorized clients. Secure your log pipeline with this practical example. www.javainuse....

Опубликовано:

15 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 4

@raviravi-gg5ck 3 месяца назад

In your spring Boot+swagger+basic auth video, the auth feature is not working for POST request

@JavaInUse 3 месяца назад

I Ravi thanks for pointing this out. In security config we need to disable CSRF. I will be updating the code today. Till then you can you modify the code as follows in SecurityConfig. Hope it helps. http .csrf(csrf -> csrf.disable()) .authorizeHttpRequests( auth -> auth.requestMatchers(WHITE_LIST_URL).permitAll().anyRequest().authenticated());

@raviravi-gg5ck 3 месяца назад

@@JavaInUse thanks for the info

@guillaumepineda4867 Месяц назад

Well, something I do not understand (even after reading the related blog post), ... what is the purpose of sharing a private key (elk.pkcs8) between different hosts ? Is not such multual authentication mechanism supposed to ensure the client is legit ? How about a malicious attacker able to take control of an existing filebeat host and then duplicate elk.pkcs8 he could use to decrypt all communications or even push events with a fake fileebat ? By the way, nice video (and blog post) aggremented with easy to understand illustrations.