Configuring security in Logstash 7.1 - Path to cacert giving exception "Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Errno::EISDIR: Is a directory"

Hello,

I am working on configuring security in ELK stack.

I am using a trial license of Logstash 7.1, Kibana 7.1 and Elasticsearch 7.1

As per the instructions on configuring security in ELK, I have configured security in elasticsearch and kibana successfully.

I am able to access both kibana and elasticsearch using "https://hostname:<port_no" in browser.

I have configured security in Logstash also by following the instructions given in the elasticsearch documentation.

When I run Logstash to insert sample json data in elasticsearch, I am getting error related to cacert path configured in Logstash.

Here is my Logstash config file:

input
{
elasticsearch
{
hosts => ["https://inpusclp06419:9200"]
index => "ticket-*"
user => logstash_internal
password => "XXXXXXXXX"

}		
file 
	{
		path => "D:/Automation-10-Jan-18/SmartInsight_Deployment_25_March_19/ticket_data/TicketData.json"
		start_position => "beginning"
		sincedb_path => "NUL"
		codec => "json"
	}

}
filter
{
elasticsearch
{
hosts => ["https://inpusclp06419:9200"]
index => "ticket-*"

	user => logstash_internal
	password => "XXXXXXXXX"	
}				

}

output
{
elasticsearch
{
hosts => ["https://inpusclp06419:9200"]
index => "ticket-*"

	manage_template => false
			
	user => logstash_internal
	password => "XXXXXXXXX"
	
	ssl => true
	ssl_certificate_verification => true
		
	cacert => "D:\elasticsearch-7.1.1_one\config\certs"
}
stdout 
{ 
	codec => rubydebug 
}

}

Here are the logs from Logstash:

[2019-06-28T14:50:12,949][ERROR][logstash.javapipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Errno::EISDIR: Is a directory - D:\elasticsearch-7.1.1_one\config\certs>, :backtrace=>["org/jruby/RubyIO.java:1236:in sysopen'", "org/jruby/RubyFile.java:367:ininitialize'", "org/jruby/RubyIO.java:1155:in open'", "org/jruby/RubyKernel.java:320:inopen'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:633:in setup_trust_store'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:621:inssl_socket_factory_from_options'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:397:in pool_builder'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:405:inpool'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:209:in initialize'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:26:ininitialize'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:282:in build_adapter'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:286:inbuild_pool'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in initialize'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:increate_http_client'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:in build'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch.rb:238:inbuild_client'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:25:in register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:106:inregister'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:48:in register'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:191:inblock in register_plugins'", "org/jruby/RubyArray.java:1792:in each'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:190:inregister_plugins'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:445:in maybe_setup_out_plugins'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:203:instart_workers'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:145:in run'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:104:inblock in start'"], :thread=>"#<Thread:0x456fdafc run>"}

Blockquote

Why Logstash is throwing the exception:

"Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Errno::EISDIR: Is a directory - D:\elasticsearch-7.1.1_one\config\certs>"

Can you please check the logs and suggest if I am doing anything wrong here.

Regards
Yogesh Mishra

Please take the time to correctly format your post, either by using the </> button or triple backquotes (```) , this is really hard to read as is.

Logstash is throwing that exception, because - as the exception clearly states - that path is a directory when it should be a file. See our documentation

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.