使用SSL从NXlog运送到Logstash [英] Using SSL to ship from NXlog to Logstash

问题描述

我让NXLog将Windows事件传送到另一台Logstash机器上，而该机器只能在TCP中正常工作.但是我想使用自签名证书对流量进行加密.我认为我对SSL有基本的了解，但被NXLog文档弄糊涂了. NXLog om_ssl文档显示:

I have NXLog shipping my Windows Events to another Logstash machine working fine in just TCP. But I want to encrypt the traffic using a self signed certificate. I think I have a basic understanding of SSL but confused by the NXLog docs. The NXLog om_ssl docs shows:

<Output sslout>
    Module  om_ssl
    Host    localhost
    Port    23456
    CAFile  %CERTDIR%/ca.pem
    CertFile    %CERTDIR%/client-cert.pem
    CertKeyFile %CERTDIR%/client-key.pem
    KeyPass secret
    AllowUntrusted TRUE
    OutputType  Binary
</Output>

CertKeyFile是否意味着NXLog客户端"需要用于生成CAFile的私钥?我以为Logstash服务器"将拥有并保护私钥，而NXLog客户端"将使用CertFile进行加密.然后，将针对CAFile对CertFile进行验证.

Does the CertKeyFile mean that the NXLog "client" need the Private key used to generate the CAFile? I thought the Logstash "server" would have and protect the private key, and the NXLog "client" would encrypt with the CertFile. And the CertFile would be validated against the CAFile.

推荐答案

CertFile 和 CertKeyFile 可用于基于客户端证书的身份验证，即，如果您想要受信任的ssl连接.这些是可选的，如果您只想要加密的流量，则将其排除在外.

CertFile and CertKeyFile can be used for client side cert based authentication, i.e. if you want trusted ssl connections. These are optional, if you want only encrypted traffic then leave these out.

CAFile 是用于验证远程端(服务器)的证书.

CAFile is the certificate used to verify the remote end (server).

这篇关于使用SSL从NXlog运送到Logstash的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！