elk7.11.2版本开启告警和操作流程
elk使用的是7.11.2版本,结构是filebeat——kafka(3台组成集群)——logstash(3台组成集群)——es(6台组成集群),es集群开启了集群内证书加密,也配置了账号密码,现在需要开启告警和操作功能
已做的操作
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
配置账号的操作
bin/elasticsearch-setup-passwords interactive
kibana已做的操作
kibana-encryption-keys generate
xpack.encryptedSavedObjects.encryptionKey: encryptedSavedObjects12345678909876543210
xpack.security.encryptionKey: encryptionKeysecurity12345678909876543210
xpack.reporting.encryptionKey: encryptionKeyreporting12345678909876543210
开启告警后,kibana上出现了很多告警日志,集群倒是正常运行
error [16:45:21.863] [error][client][connection] Error: 139900212533120:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46