Secure Filebeat¶
For security reasons, we strongly recommend configuring the TLS encryption.
Configure the TLS Encryption¶
The connection to Filebeat is secured by the TLS certificate located in the C:\ProgramData\SEAL Systems\config\tls
directory. That means that after you have replaced the self-signed certificate enclosed in delivery by your own certificate in Secure the PLOSSYS 5 Services the connection to Filebeat has already been secured.
Configure the TLS Encryption in a Cluster¶
If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.
Specify a CA Certificate (Unnecessary in Most Cases)¶
If a CA certificate has been specified, Filebeat requires a client certificate from each client. This would require corresponding properties of the certificate and would be a high effort. A complete explanation of how to use client certificates is beyond the scope of this documentation.
For the rare other cases, this is how you configure a CA certificate with Filebeat:
-
Open the Filebeat configuration file on the PLOSSYS 5 server:
C:\ProgramData\SEAL Systems\config\filebeat.yml
-
Search for the following line:
insecure: true
-
Replace the line by:
certificate_authorities: ["C:\ProgramData\SEAL Systems\config\tls\ca.pem"]
-
Save the configuration file.
-
Restart the following service:
seal-filebeat