Configure custom SSL for Logstash#

If using Logstash with on-premises Elasticsearch cluster, or if Elasticsearch is secured with a custom certificate, you must separately and explicitly configure Logstash to use the same CA certificate as your Elasticsearch cluster.

For comprehensive instructions, see Elasticsearch: Configuring Logstash to use TLS Encryption

  1. The CA certificate must be accessible on the Logstash host’s filesystem.

    E.g. /etc/logstash/config/certs/ca.crt

  2. Edit Logstash .conf. On EclecticIQ Intelligence Center installations, this is usually /etc/logstash/conf.d/eclecticiq.conf

  3. Locate the output.elasticsearch block.

  4. Edit it to set ssl and cacert attributes:

    output {
      elasticsearch {
        ...
        ssl => true
        cacert => '/etc/logstash/config/certs/ca.crt' 
      }
    }
    
  5. Restart the Logstash service. Run as root:

    systemctl restart logstash