[Ingest] Use current Logstash security settings (#4241)

Author: karenzone

manage-data/ingest/ingesting-data-from-applications/ingest-data-from-beats-to-elasticsearch-service-with-logstash-as-proxy.md

@@ -388,7 +388,6 @@ In this section, you configure {{ls}} to send the Metricbeat and Filebeat data t
         ilm_enabled => true
         cloud_id => "<DeploymentName>:<ID>" <1>
         cloud_auth => "elastic:<Password>" <2>
-        ssl => true
         # api_key => "<myAPIid:myAPIkey>"
       }
     }
@@ -455,7 +454,6 @@ In this section, you configure {{ls}} to send the Metricbeat and Filebeat data t
           elasticsearch {
             index => "%{[@metadata][beat]}-%{[@metadata][version]}"
             cloud_id => "<myDeployment>"
-            ssl => true
             ilm_enabled => true
             api_key => "2GBe63fBcxgJAetmgZeh:aB1cdeF-GJI23jble4NOH4"
             # user => "<Username>"

manage-data/ingest/ingesting-data-from-applications/ingest-data-from-relational-database-into-elasticsearch-service.md

@@ -294,7 +294,6 @@ In this section, we configure Logstash to send the MySQL data to Elasticsearch.
         ilm_enabled => false
         cloud_id => "<DeploymentName>:<ID>" <1>
         cloud_auth => "elastic:<Password>" <2>
-        ssl => true
         # api_key => "<myAPIid:myAPIkey>"
       }
     }
@@ -355,7 +354,6 @@ In this section, we configure Logstash to send the MySQL data to Elasticsearch.
           elasticsearch {
             index => "rdbms_idx"
             cloud_id => "<myDeployment>"
-            ssl => true
             ilm_enabled => false
             api_key => "2TBR42gBabmINotmvZjv:tV1dnfF-GHI59ykgv4N0U3"
             # user => "<Username>"

reference/fleet/ls-output-settings.md

@@ -31,7 +31,7 @@ input {
     ssl_certificate_authorities => ["<ca_path>"]
     ssl_certificate => "<server_cert_path>"
     ssl_key => "<server_cert_key_in_pkcs8>"
-    ssl_verify_mode => "force_peer"
+    ssl_client_authentication => "required"
   }
 }
 output {
@@ -41,7 +41,7 @@ output {
     api_key => "<api_key>" <3>
     data_stream => true
     ssl_enabled => true
-    # cacert => "<elasticsearch_ca_path>"
+    ssl_certificate_authorities => "<elasticsearch_ca_path>"
   }
 }
 ```

reference/fleet/secure-logstash-connections.md

@@ -118,14 +118,12 @@ output {
     cloud_id => "xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=" <1>
     api_key => "xxxx:xxxx" <2>
     data_stream => true
-    ssl => true <3>
   }
 }
 ```
 
 1. Use the `cloud_id` shown on your deployment page in {{ecloud}}.
 2. In {{fleet}}, you can generate this API key when you add a {{ls}} output.
-3. {{ech}} uses standard publicly trusted certificates, so there’s no need specify other SSL settings here.
 
 
 Self-managed {{es}} cluster example:
@@ -147,8 +145,7 @@ output {
     hosts => "https://xxxx:9200"
     api_key => "xxxx:xxxx"
     data_stream => true
-    ssl => true
-    cacert => "/path/to/http_ca.crt" <1>
+    ssl_certificate_authorities => "/path/to/http_ca.crt" <1>
   }
 }
 ```

solutions/observability/apm/apm-server/configure-logstash-output.md

@@ -301,19 +301,19 @@ To use SSL mutual authentication:
     * `ssl`: When set to true, enables {{ls}} to use SSL/TLS.
     * `ssl_certificate_authorities`: Configures {{ls}} to trust any certificates signed by the specified CA.
     * `ssl_certificate` and `ssl_key`: Specify the certificate and key that {{ls}} uses to authenticate with the client.
-    * `ssl_verify_mode`: Specifies whether the {{ls}} server verifies the client certificate against the CA. You need to specify either `peer` or `force_peer` to make the server ask for the certificate and validate it. If you specify `force_peer`, and APM Server doesn’t provide a certificate, the {{ls}} connection will be closed. If you choose not to use [`certutil`](elasticsearch://reference/elasticsearch/command-line-tools/certutil.md), the certificates that you obtain must allow for both `clientAuth` and `serverAuth` if the extended key usage extension is present.
+    * `ssl_client_authentication`: Specifies whether the {{ls}} server verifies the client certificate against the CA. If you specify `required` and APM Server doesn’t provide a certificate, the {{ls}} connection will be closed. If you choose not to use [`certutil`](elasticsearch://reference/elasticsearch/command-line-tools/certutil.md), the certificates that you obtain must allow for both `clientAuth` and `serverAuth` if the extended key usage extension is present.
 
         For example:
 
         ```json
         input {
           beats {
             port => 5044
-            ssl => true
+            ssl_enabled => true
             ssl_certificate_authorities => ["/etc/ca.crt"]
             ssl_certificate => "/etc/server.crt"
             ssl_key => "/etc/server.key"
-            ssl_verify_mode => "force_peer"
+            ssl_client_authentication => "required"
           }
         }
         ```