7.2.4. Procedure – Elasticsearch X-Pack (Shield) and syslog-ng PE
Version 5.6 and later supports Elasticsearch X-Pack security (Shield) to encrypt and authenticate your connections to from syslog-ng PE to Elasticsearch 2 and newer. In this mode, syslog-ng PE uses the transport client API of Elasticsearch, and uses the
cluster() options from the syslog-ng PE configuration file, but with Shield (X-Pack security) support. To configure syslog-ng PE to send messages to an Elasticsearch cluster that uses Shield, complete the following steps.
Add the Shield .jar file (shield-x.x.x.jar) to the same directory where your Elasticsearch .jar files are located. You can download the Shield distribution and extract the .jar file manually, or you can get it from the Elasticsearch Maven repository.
Shield mode inherits the Transport mode options, but the Shield-related options must be configured in the .yml file (see the Section resource()). For example:
shield.user: es_admin:******** shield.transport.ssl: true shield.ssl.keystore.path: /usr/share/elasticsearch/node.jks shield.ssl.keystore.password: mypassword
For more details about the possible options, see: https://www.elastic.co/guide/en/shield/current/reference.html#ref-ssl-tls-settings.
Configure an Elasticsearch destination in syslog-ng PE that uses the