Hi, i'm trying to secure my stack to enable alerts. Elasticsearch and Kibana is up and running but when i'm trying to enable https to the elasticsearch from logstash i get crash.
The output config looks like this:
output {
if [type] == "firewall" {
elasticsearch {
id => "pfelk"
hosts => ["https://localhost:9200"]
index => "pfelk-%{+YYYY.MM.dd}"
manage_template => true
template => "/etc/logstash/conf.d/templates/pf-geoip.json"
template_name => "pf-geoip"
template_overwrite => false
cacert => "/etc/logstash/va.ca"
user => "yyy"
password => "xxx"
}
}
tailing the log i get this output:
[2020-08-31T16:41:42,589][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[https://yyyyyy:xxxxxx@localhost:9200/]}}
[2020-08-31T16:41:42,967][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
I see nothing the in Elasticsearch log.