2

I was trying to configure ELK in docker containers in my private network and A Linux box with beats in another private network. I was trying to generate SSL cert for Filebeat to verify the identity of ELK Server. I tried using the public IP of the container host by forwarding the container port, but it didn't worked. Could any one please help me in verifying the ELK server identity in file beat node.

What I Did?

On Network A: 1) Used sebp/elk image to start a ELK container 2) Did port forwarding for port 5601, 9200, 5044 3) Verified if kibana is loading in web and it was success 4) Generated SSL cert in the ELK container with the public IP of the host where docker was installed. 5) copied this SSL cert on to the beats host /etc/pki/tls/certs/

On Network B: 1) Installed beats in the machine (Not a container) 2) configured filebeat.yml with the public IP of the Docker host with the port (Say x.x.x.x:8001)and added ssl cert path 3) Restarted logstash in Network A and filebeat in Network B and received the following error Error: .514762 transport.go:125: ERR SSL client failed to connect with: x509: cannot validate certificate for because it doesn’t contain any IP SANs.

Thanks much in advance

krishna chandu
  • 33
  • 4

1 Answers1

0

You can check and verify for below points -

  1. Expose elasticsearch,logstash and kibana port of container to host, If using default ports check using below command -
  docker port elk_stack
  5044/tcp -> 0.0.0.0:5044
  5601/tcp -> 0.0.0.0:5601
  9200/tcp -> 0.0.0.0:9200

  1. Check filebeat logs if it shows connection request to correct elasticsearch/kibana host which in above case will be your host IP and exposed container port.

  2. Check if elasticsearch and kibana is accessible using curl command from remote host where filebeat is running -

curl ${elasticsearch_host}:9200
curl ${kibana_host}:5601
Mishi.Srivastava
  • 350
  • 1
  • 8
  • Hi Srivastava, Thanks much for looking into this. I have already configured port forwarding. The request is going to the container but it is getting timed out. I have did a work around for the issue. Also I have added more details of what I did in my question now. Work Around: I have disabled SSL certs in logstash.yml and discovered the ELK server through public IP on the port which was forwarded. It is now Succesfully connected to logstash and can see logs in kibana dashboard. – krishna chandu Jul 02 '18 at 09:55
  • I have found the issue. It was due to the ssl cert path in my logstash.yml file. I have changed the cert path and could establish connection successfully to the elk container. – krishna chandu Jul 11 '18 at 06:59