filebeat 配置

发布于:2024-03-20 ⋅ 阅读:(48) ⋅ 点赞:(0)

主要就是证书的配置   

ca_trusted_fingerprint: 产生方式

openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt

产生的结果 SHA256 Fingerprint=

中的冒号 替换掉就是我们想要的结果

ssl:
    enabled: true
    ca_trusted_fingerprint: "C51513EFAA86B5E078095211814D969ECE2FA26031FBA70311BC8F119AD7D108"
 

要正常运行还需要启用gcp

filebeat modules enable gcp

修改配置如下:

# Module: gcp
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.12/filebeat-module-gcp.html

- module: gcp
  vpcflow:
    enabled: true
    var.project_id: my-gcp-project-id
    var.topic: gcp-vpc-flowlogs
    var.subscription_name: filebeat-gcp-vpc-flowlogs-sub
    var.credentials_file: ${path.config}/gcp-service-account-xyz.json

    var.keep_original_message: false

  firewall:
    enabled: true
    var.project_id: my-gcp-project-id

    var.topic: gcp-vpc-firewall

    var.subscription_name: filebeat-gcp-firewall-sub

    var.credentials_file: ${path.config}/gcp-service-account-xyz.json

   var.keep_original_message: false
  audit:
    enabled: true
    var.project_id: my-gcp-project-id
    var.topic: gcp-vpc-audit
    var.subscription_name: filebeat-gcp-audit
    var.credentials_file: ${path.config}/gcp-service-account-xyz.json
    var.keep_original_message: false

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布