主要就是证书的配置
ca_trusted_fingerprint: 产生方式
openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt
产生的结果 SHA256 Fingerprint=
中的冒号 替换掉就是我们想要的结果
ssl:
enabled: true
ca_trusted_fingerprint: "C51513EFAA86B5E078095211814D969ECE2FA26031FBA70311BC8F119AD7D108"
要正常运行还需要启用gcp
filebeat modules enable gcp
修改配置如下:
# Module: gcp
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.12/filebeat-module-gcp.html
- module: gcp
vpcflow:
enabled: true
var.project_id: my-gcp-project-id
var.topic: gcp-vpc-flowlogs
var.subscription_name: filebeat-gcp-vpc-flowlogs-sub
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
var.keep_original_message: false
firewall:
enabled: true
var.project_id: my-gcp-project-id
var.topic: gcp-vpc-firewall
var.subscription_name: filebeat-gcp-firewall-sub
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
var.keep_original_message: false
audit:
enabled: true
var.project_id: my-gcp-project-id
var.topic: gcp-vpc-audit
var.subscription_name: filebeat-gcp-audit
var.credentials_file: ${path.config}/gcp-service-account-xyz.json
var.keep_original_message: false