Verifying SAF Beat Manager
SAF Beat Manager manages configurations for SAF Beat applications - specifically the running configurations of Elastic Beats (Filebeat, Metricbeat, Auditbeat, etc.) that collect logs, metrics, and security events, sending them to Logstash or OpenSearch.
SAF Beat Manager Configuration Verification
The configuration file is located at: ${SBM_HOME}/etc/config.yml (or ${SBM_HOME}/etc/SAFBeatManager.yml for older versions)
Verify the authorization and SSL parameters are correctly configured:
authorization:
opensearch:
host: https://OS_HOST:9200
ca_cert: ca-cert.pem
ssl:
enabled: true
SAFBeatTLSLevel: 4
certPath: cert.pem
keyPath: key.pem
When using an alternative CA, ensure the client certificate chain was properly added during setup. If the chain wasn't added, you'll need to:
- create the certificate chain
- generate new
cert.pemandkey.pemfiles
Verify all SAF Beat Manager application configurations: Confirm correct certificate paths in the config file Ensure up-to-date CA certificates are being used.
SAF Beat Configuration Verification
Configuration file locations:
Unix: ${SB_HOME}/config/config.yml
Windows: C:/Program Files/SAFBeat/config/config.yml
Example Unix configuration:
ssl:
cert_ca: ./cert/ca-cert.pem
enable: true
node_cert: ./cert/cert.pem
node_key: ./cert/key.pem
verify: true
Example Windows configuration:
ssl:
cert_ca: C:/Program Files/SAFBeat/cert/ca-cert.pem
enable: true
node_cert: C:/Program Files/SAFBeat/cert/node-cert.pem
node_key: C:/Program Files/SAFBeat/cert/node-key.pem
verify: true
When using an alternative CA, you need to make sure that the client certificate chain was added at the configuration stage. If the chain has not been added, it must be formed and the files cert.pem and key.pem must be generated.
Check the SAF Beat application configurations, make sure that the correct certificate paths are specified in the configuration file, and that the current CA certificates are used.