使用SSL从NXlog运送到Logstash
我让NXLog将Windows事件传送到另一台Logstash机器上,而该机器只能在TCP中正常工作.但是我想使用自签名证书对流量进行加密.我认为我对SSL有基本的了解,但被NXLog文档弄糊涂了. NXLog om_ssl文档显示:
I have NXLog shipping my Windows Events to another Logstash machine working fine in just TCP. But I want to encrypt the traffic using a self signed certificate. I think I have a basic understanding of SSL but confused by the NXLog docs. The NXLog om_ssl docs shows:
<Output sslout>
Module om_ssl
Host localhost
Port 23456
CAFile %CERTDIR%/ca.pem
CertFile %CERTDIR%/client-cert.pem
CertKeyFile %CERTDIR%/client-key.pem
KeyPass secret
AllowUntrusted TRUE
OutputType Binary
</Output>
CertKeyFile是否意味着NXLog客户端"需要用于生成CAFile的私钥?我以为Logstash服务器"将拥有并保护私钥,而NXLog客户端"将使用CertFile进行加密.然后,将针对CAFile对CertFile进行验证.
Does the CertKeyFile mean that the NXLog "client" need the Private key used to generate the CAFile? I thought the Logstash "server" would have and protect the private key, and the NXLog "client" would encrypt with the CertFile. And the CertFile would be validated against the CAFile.
CertFile 和 CertKeyFile 可用于基于客户端证书的身份验证,即,如果您想要受信任的ssl连接.这些是可选的,如果您只想要加密的流量,则将其排除在外.
CertFile and CertKeyFile can be used for client side cert based authentication, i.e. if you want trusted ssl connections. These are optional, if you want only encrypted traffic then leave these out.
CAFile 是用于验证远程端(服务器)的证书.
CAFile is the certificate used to verify the remote end (server).