filebeat 配置

主要就是证书的配置   

ca_trusted_fingerprint: 产生方式

openssl x509 -fingerprint -sha256 -in /etc/elasticsearch/certs/http_ca.crt

产生的结果 SHA256 Fingerprint=

中的冒号 替换掉就是我们想要的结果

ssl:
    enabled: true
    ca_trusted_fingerprint: "C51513EFAA86B5E078095211814D969ECE2FA26031FBA70311BC8F119AD7D108"
 

要正常运行还需要启用gcp

filebeat modules enable gcp

修改配置如下：

# Module: gcp
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.12/filebeat-module-gcp.html- module: gcpvpcflow:enabled: truevar.project_id: my-gcp-project-idvar.topic: gcp-vpc-flowlogsvar.subscription_name: filebeat-gcp-vpc-flowlogs-subvar.credentials_file: ${path.config}/gcp-service-account-xyz.jsonvar.keep_original_message: falsefirewall:enabled: truevar.project_id: my-gcp-project-idvar.topic: gcp-vpc-firewallvar.subscription_name: filebeat-gcp-firewall-subvar.credentials_file: ${path.config}/gcp-service-account-xyz.jsonvar.keep_original_message: falseaudit:enabled: truevar.project_id: my-gcp-project-idvar.topic: gcp-vpc-auditvar.subscription_name: filebeat-gcp-auditvar.credentials_file: ${path.config}/gcp-service-account-xyz.jsonvar.keep_original_message: false