honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 18:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Add PKI auth support for Logstash http protocol

Browse Source 
Closes elastic/elasticsearch#328

Original commit: elastic/x-pack-elasticsearch@04235e714a
This commit is contained in:
Suyog Rao 2015-07-23 14:45:54 -07:00
parent 4e9b7581b2
commit 63a04169a2
1 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
shield/docs/public/configuring-clients-integrations/logstash.asciidoc
View File

@ -43,15 +43,19 @@ Once you've created the user, you are ready to configure Logstash.
[[ls-http]] [[ls-http]]
==== Connecting with HTTP/HTTPS ==== Connecting with HTTP/HTTPS
All three input, filter and output plugins support HTTP Basic Authentication as well as SSL/TLS. When you set the `protocol` option to `http`, Logstash communicates with the Elasticsearch cluster through the REST APIs over HTTP.
The sections below demonstrate the output plugin's configuration parameters, but input and filter are the same.
[float] [float]
[[ls-http-auth]] [[ls-http-auth]]
===== Authentication for HTTP protocol
HTTP protocol supports both basic auth and client-certificate authentication through the use of Public Key Infrastructure (PKI).
[float]
[[ls-http-auth-basic]]
===== Basic Authentication ===== Basic Authentication
To connect to an instance of Elasticsearch with Shield, set up the username and password credentials with the following The input, filter, and output plugins all support HTTP Basic Authentication. To use basic authentication when connecting to an instance of Elasticsearch with Shield, you configure the plugins to include username and password credentials with each request. For example, the following snippet configures credentials for the output plugin. The credentials are configured the same way for each plugin type.
configuration parameters:
[source, shell] [source, shell]
-------------------------------------------------- --------------------------------------------------
@ -66,6 +70,25 @@ output {
} }
-------------------------------------------------- --------------------------------------------------
[float]
[[ls-http-auth-pki]]
===== PKI Authentication
Elasticsearch Output version 1.0.1 onwards supports the use of X.509 client-certificate to authenticate Logstash requests. To enable this you need to set up the following configuration parameters:
[source, shell]
--------------------------------------------------
input { ... }
output {
elasticsearch {
protocol => "http"
...
keystore => ... # string
keystore_password => ... # string
}
}
--------------------------------------------------
[float] [float]
[[ls-http-ssl]] [[ls-http-ssl]]
===== SSL/TLS Configuration for HTTPS ===== SSL/TLS Configuration for HTTPS
@ -90,7 +113,7 @@ output {
[[ls-transport]] [[ls-transport]]
==== Connecting with Transport protocol ==== Connecting with Transport protocol
By setting the "protocol" option to "transport", Logstash communicates with the Elasticsearch cluster through the same When you set the `protocol` option to `transport`, Logstash communicates with the Elasticsearch cluster through the same
protocol nodes use between each other. This avoids JSON un/marshalling and is therefore more efficient. protocol nodes use between each other. This avoids JSON un/marshalling and is therefore more efficient.
In order to unlock this option, it's necessary to install an additional plugin in Logstash using the following command: In order to unlock this option, it's necessary to install an additional plugin in Logstash using the following command: