ES 6.1.1
Kibana 6.1.1
Beats 6.1.2
All on Ubuntu 16.0.4 LTS
When upgrading Logstash from 5.6 to 6.1, I am unable to use SSL when defining the beats plugin, it complains that the cipher is not available, and Logstash will not start.
I found and tried the solution in topic https://discuss.elastic.co/t/problem-with-cipher-in-beat-input/67841, which did not help.
- mkdir /usr/share/logstash/tmp
- chown logstash /usr/share/logstash/tmp
- chgrp logstash /usr/share/logstash/tmp
- chmod 0775 /usr/share/logstash/tmp
- modifying jvm.options and specifying -Dio.netty.native.workdir=/usr/share/logstash/tmp
I am using the Oracle JVM, and I found the solution in topic Logstash TLS with x-pack error registering plugin (Cipher is not available) 6.x, which does not seem to be applicable - Logstash 5.6 has no problem with AES_256 ciphers - I actually removed all ciphers but AES_256 to test this.
All other inputs (non-SSL) instantiate fine, outputs to logstash
Beats input stanza, (working fine in 5.6):
beats { port => 5044 ssl => true ssl_certificate_authorities => ["/etc/ssl/xxx.pem"] ssl_certificate => "/etc/ssl/xxx.xxx.xxx.pem" ssl_key => "/etc/ssl/xxx.xxx.xxx.key" ssl_verify_mode => "force_peer" cipher_suites => ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"] }
Error on Logstash 6.1.3:
[2018-01-30T18:45:23,753][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::Beats port=>5044, ssl=>true, ssl_certificate_authorities=>["/etc/ssl/xxx.pem"], ssl_certificate=>"/etc/ssl/xxx.xxx.xxx.pem", ssl_key=>"/etc/ssl/xxx.xxx.xxx.key", ssl_verify_mode=>"force_peer", id=>"a32f008bdfc78d72769ea669266b45cc0f21c19f4e18f292cf4b43882bca4436", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_fbd31f65-e1b7-47f1-86c2-7a3782720bd0", enable_metric=>true, charset=>"UTF-8">, host=>"0.0.0.0", include_codec_tag=>true, ssl_handshake_timeout=>10000, tls_min_version=>1, tls_max_version=>1.2, cipher_suites=>["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"], client_inactivity_timeout=>60, executor_threads=>32>", :error=>"Cipher
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
is not available", :thread=>"#<Thread:0x56c6d23b@/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:245 run>"}
[2018-01-30T18:45:32,661][WARN ][logstash.runner ] SIGTERM received. Shutting down the agent.
[2018-01-30T18:45:33,634][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<LogStash::ConfigurationError: CipherTLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
is not available>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.6-java/lib/logstash/inputs/beats.rb:170:increate_server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.6-java/lib/logstash/inputs/beats.rb:158:in
register'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:343:inregister_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:354:in
block in register_plugins'", "org/jruby/RubyArray.java:1734:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:354:in
register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:510:instart_inputs'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:401:in
start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:288:inrun'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:248:in
block in start'"], :thread=>"#<Thread:0x56c6d23b@/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:245 run>"}
[2018-01-30T18:45:33,639][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: LogStash::PipelineAction::Create/pipeline_id:main, action_result: false", :backtrace=>nil}
Many thanks in advance for any assistance!