From bc608ad21dd8da509059de6a10ff2c3e5f91eb18 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Fri, 25 Oct 2019 16:24:59 -0700 Subject: [PATCH] Adding section for monitoring with PKI authentication (#14227) * Adding section for monitoring with PKI auth * Apply suggestions from code review Co-Authored-By: DeDe Morton * Fixing comment about username --- .../monitoring-internal-collection.asciidoc | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc b/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc index 3b819c4cc6fc..8d56eb129044 100644 --- a/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc +++ b/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc @@ -70,6 +70,28 @@ Stack Monitoring UI. To get a cluster's `cluster_uuid`, call the `GET /` API against that cluster. <2> This setting identifies the hosts and port numbers of {es} nodes that are part of the monitoring cluster. ++ +If you want to use PKI authentication to send monitoring events to +{es}, you must specify a different set of configuration options. For +example: ++ +[source,yaml] +-------------------- +monitoring: + enabled: true + cluster_uuid: PRODUCTION_ES_CLUSTER_UUID + elasticsearch: + hosts: ["https://example.com:9200", "https://example2.com:9200"] + username: "" + ssl: + ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + ssl.certificate: "/etc/pki/client/cert.pem" + ssl.key: "/etc/pki/client/cert.key" +-------------------- ++ +You must specify the `username` as `""` explicitly so that +the username from the client certificate (`CN`) is used. See +<> for more information about SSL settings. ifndef::serverless[] . Start {beatname_uc}.