- Journalbeat Reference for 6.5-7.15:
- Journalbeat overview
- Quick start: installation and configuration
- Set up and run
- Configure
- Inputs
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_csv_fields
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- rate_limit
- registered_domain
- rename
- script
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- Instrumentation
- journalbeat.reference.yml
- How to guides
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get help
- Debug
- Common problems
- Journalbeat uses too much bandwidth
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
Configure Kerberos
editConfigure Kerberos
editYou can specify Kerberos options with any output or input that supports Kerberos, like Elasticsearch.
The following encryption types are supported:
- aes128-cts-hmac-sha1-96
- aes128-cts-hmac-sha256-128
- aes256-cts-hmac-sha1-96
- aes256-cts-hmac-sha384-192
- des3-cbc-sha1-kd
- rc4-hmac
Example output config with Kerberos password based authentication:
output.elasticsearch.hosts: ["http://my-elasticsearch.elastic.co:9200"] output.elasticsearch.kerberos.auth_type: password output.elasticsearch.kerberos.username: "elastic" output.elasticsearch.kerberos.password: "changeme" output.elasticsearch.kerberos.config_path: "/etc/krb5.conf" output.elasticsearch.kerberos.realm: "ELASTIC.CO"
The service principal name for the Elasticsearch instance is contructed from these options. Based on this configuration
it is going to be HTTP/my-elasticsearch.elastic.co@ELASTIC.CO
.
Configuration options
editYou can specify the following options in the kerberos
section of the journalbeat.yml
config file:
enabled
editThe enabled
setting can be used to enable the kerberos configuration by setting
it to false
. The default value is true
.
Kerberos settings are disabled if either enabled
is set to false
or the
kerberos
section is missing.
auth_type
editThere are two options to authenticate with Kerberos KDC: password
and keytab
.
password
expects the principal name and its password. When choosing keytab
, you
have to specify a princial name and a path to a keytab. The keytab must contain
the keys of the selected principal. Otherwise, authentication will fail.
config_path
editYou need to set the path to the krb5.conf
, so Journalbeat can find the Kerberos KDC to
retrieve a ticket.
username
editName of the principal used to connect to the output.
password
editIf you configured password
for auth_type
, you have to provide a password
for the selected principal.
keytab
editIf you configured keytab
for auth_type
, you have to provide the path to the
keytab of the selected principal.
service_name
editThis option can only be configured for Kafka. It is the name of the Kafka service, usually kafka
.
realm
editName of the realm where the output resides.
enable_krb5_fast
editEnable Kerberos FAST authentication. This may conflict with some Active Directory installations. The default is false
.
On this page
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now