Enable the FileBeat Checkpoint module to read encrypted messages

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash

https://www.elastic.co/products/beats

Other

12.17k stars 4.92k forks source link

Enable the FileBeat Checkpoint module to read encrypted messages #29481

Closed martha-vargas closed 1 year ago

martha-vargas commented 2 years ago

Describe the enhancement: Enable the FileBeat Checkpoint module to read encrypted messages

Describe a specific use case for the enhancement or feature: We need to send encrypted log messages from a CheckPoint firewall over the network to the CheckPoint module.

This is the configuration done:

filebeat.modules:

module: checkpoint
firewall:
enabled: true
var.syslog_host: 0.0.0.0
var.syslog_port: 9001
var.ssl:
enabled: true
certificate_authorities: ["/data/certs/my-ca.pem"]
certificate: "/data/certs/filebeat-cert.pem"
key: "/data/certs/filebeat-key.pem"
client_authentication: "required"

This is how the message appears in Kibana:

message
�/�+�'�#�� �=5�</��

elasticmachine commented 2 years ago

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

legoguy1000 commented 2 years ago

Are u asking about TLS encrypted TCP (syslog) messages or is the message itself encrypted? Looking at the module config, it already supports TLS syslog.

elasticmachine commented 2 years ago

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

botelastic[bot] commented 1 year ago

Hi! We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

jamiehynds commented 1 year ago

Closing as the Check Point module and integration both support TLS syslog.