How Search Guard works with Beat (without Logstash) ?

Elasticsearch and Search Guard version : 6.3.2

Entreprise Module : Disabled

JVM Version : 1.8.0_111

Operating System : Debian 9

I have a question because i didn’t find any documentation about Beat in Search Guard main page.

Actually we are using Kibana and Elasticsearch without Logstash.

We don’t need it because we only use Winlogbeat for the moment.

So, does we have to use Logstash to make Search Guard works with Beat or it can funtionnate without it ?

If yes is there any documentation to make Elasticsearch, Kibana, Searchguard and Beat work without Logstash ?

Thanks for help !

Search Guard works perfectly with beats although we no dedicated docs for it. You don't need logstash for it.
Beats are just client which communicate over HTTP/S and the most important config properties are:

output.elasticsearch:
  username: filebeat
  password: verysecret
  protocol: https
  hosts: ["localhost:9200"]
  ssl.certificate_authorities:
    - /etc/pki/my_root_ca.pem

If you like to use client certificate based authentication then it looks like

output.elasticsearch:
  protocol: https
  hosts: ["elasticsearch.example.com:9200"]
  ssl.certificate_authorities:
    - /etc/pki/my_root_ca.pem
  ssl.certificate: "/etc/pki/client.pem"
  ssl.key: "/etc/pki/key.pem"

See:

···

Am 18.01.2019 um 17:37 schrieb Voortexx <ekham93@gmail.com>:

Elasticsearch and Search Guard version : 6.3.2

Entreprise Module : Disabled

JVM Version : 1.8.0_111

Operating System : Debian 9

I have a question because i didn't find any documentation about Beat in Search Guard main page.

Actually we are using Kibana and Elasticsearch without Logstash.

We don't need it because we only use Winlogbeat for the moment.

So, does we have to use Logstash to make Search Guard works with Beat or it can funtionnate without it ?

If yes is there any documentation to make Elasticsearch, Kibana, Searchguard and Beat work without Logstash ?

Thanks for help !

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/308ef842-1bde-4c7e-bd65-3adb79898d67%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

Thanks for your reply, all is clear now !