./filebeat setup
./filebeat setup -e
./filebeat setup enable kibana
./filebeat setup enable elasticsearch
module elasticsearch is configured but has no enabled filesets
https://www.elastic.co/downloads/elasticsearch
elastic
ptCdqQ+I7OhIRvNe3t-_
curl --cacert config/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
"name" : "MBP-C02F5ASXMD6M",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "jEmM_gG1Sl2_Z8qpTqmuaw",
"version" : {
"number" : "8.6.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "f67ef2df40237445caa70e2fef79471cc608d70d",
"build_date" : "2023-01-04T09:35:21.782467981Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
bin/elasticsearch-create-enrollment-token --scope kibana
eyJ2ZXIiOiI4LjYuMCIsImFkciI6WyIxOTIuMTY4LjI5LjQ2OjkyMDAiXSwiZmdyIjoiOWI0YTBlYzFlNTU1NzVkOWQyYzBhN2ZmMDkxMTJhMjRkMjY1MWIxNWI5M2RjZjhlMjAzOTkyNTFiNGNmMzAyMiIsImtleSI6Inh2TXo0SVVCSnppdTdKdXJSSGsxOmRCMVZXWW9MUUk2NlhHVGZYaFVFOUEifQ==
./elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: tEkqcmVSrkgi*I8ciS6+
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
ptCdqQ+I7OhIRvNe3t-_
ℹ️ HTTP CA certificate SHA-256 fingerprint:
7c4b7a190c7e3ccaec121d44058b0b367a7aa99c4a1a6ccd5432436e8beba4e6
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjYuMCIsImFkciI6WyIxOTIuMTY4LjM0LjE5Mjo5MjAwIl0sImZnciI6IjdjNGI3YTE5MGM3ZTNjY2FlYzEyMWQ0NDA1OGIwYjM2N2E3YWE5OWM0YTFhNmNjZDU0MzI0MzZlOGJlYmE0ZTYiLCJrZXkiOiJNZHFsN1lVQllxRkprcDF3c0FZVDpJb2ExV0RKZFNiV0tzdkNLcHd0NGtRIn0=
ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html https://www.elastic.co/downloads/elasticsearch
bin/elasticsearch-create-enrollment-token -s kibana
eyJ2ZXIiOiI4LjYuMCIsImFkciI6WyIxMjcuMC4wLjE6OTIwMCIsIls6OjFdOjkyMDAiXSwiZmdyIjoiN2M0YjdhMTkwYzdlM2NjYWVjMTIxZDQ0MDU4YjBiMzY3YTdhYTk5YzRhMWE2Y2NkNTQzMjQzNmU4YmViYTRlNiIsImtleSI6ImJ1X3I3WVVCYS1mTmU2bGdpVWF3OkhNME9WNDlGUU9hNGlObFB2VDdBemcifQ==