Filebeat / Metricbeat / Other Elastic Beats 

With older configurations (typically v1.3 or below) you may have specified a certificate_authority and will need to update the intermediate.crt on your system, see below and example:

output.logstash:
  hosts: ["YOUR-LOGSTASH-ENDPOINT:YOUR-BEATS-SSL-PORT"]

  tls:
    certificate_authorities: ['/etc/pki/tls/certs/logit-intermediate.crt']
    enabled: true

Please download the new intermediate certificate and replace the old intermediate.crt.

Newer configurations that do not specify a certificate_authority are unlikely to require configuration changes, however you may need to add our intermediate to your certificate store as per your OS defaults, see below for an example which requires no action:

output.logstash:
  hosts: ["YOUR-LOGSTASH-ENDPOINT:YOUR-BEATS-SSL-PORT"]
  ssl.enabled: true

Rsyslog

If you’re not sending over an encrypted connection no changes are required, but we would urge you to upgrade to a TLS endpoint.

Look for the double @@ before the logstash address to confirm.

Sample configuration snippet:

$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/star.logit.io.crt

$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.logit.io

*.* @@YOUR-LOGSTASH-ENDPOINT:YOUR-SYSLOG-SSL-PORT"]


Rsyslog will only accept a single file name to verify the SSL connection with, but you can have more than one certificate in that file.

Replace the certificate file with a new file containing both our old and new intermediate certificates available from here

Restart rsyslog and confirm it’s reconnected and still sending data and reporting no errors.

Did this answer your question?