Enabling SSL on Logstash

Elastic Stack Logstash
1

Good afternoon,
Over the past few days, i recently enabled SSO\SAML authentication on my staging environment. By doing so, Logstash will no longer send data over to ES given the ES yml updates with the addition of the http.transport.ssl settings. I wanted to test this out by updating a single conf.d with respect to making the SSL changes to ensure that this would work. I copied the same certs over from my ES clutser to logstash and made the change in the conf.d file. My changes are below-(please note I have masked IPs for security reasons and have NOT made the broader changes within the logstash.yml file. I first wanted to ensure I could get it working properly before making changes systematically)

I am running logstash 6.6 and also wanted to know if there was a way to send data to ES without it using SSL (this is just for testing)

My conf.d file-

input {
  file {
    path => "/var/log/logstash/xx/server.log"
    codec => "json"
  }
}

filter {}

output {
    elasticsearch {
      hosts => [ "https://xx.xx.xxx.xx:9200" ]
      ssl => true
      ssl_certificate_verification => true
      cacert => "/etc/logstash/config/certs/elastic-certificates.p12"
      user => "elastic"
      password => "${es_password}"
#       document_type => "doc"
      index => "servers"
   }
 }
2

Here is the error-

[2019-06-18T10:02:46,598][ERROR][logstash.pipeline        ] Error registering plugin {:pipeline_id=>"main", :plugin=>"#<LogStash::OutputDelegator:0x29e2810>", :error=>"signed fields invalid", :thread=>"#<Thread:0x5525228b run>"}
[2019-06-18T10:02:46,603][ERROR][logstash.pipeline        ] .gems.manticore_minus_0_dot_6_dot_4_minus_java.lib.manticore.client.RUBY$method$pool_builder$0$__VARARGS__(usr/share/logstash/vendor/bundle/jruby/$2_dot_3_dot_0/gems/manticore_minus_0_dot_6_dot_4_minus_java/lib/manticore//usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/manticore-0.6.4-java/lib/manticore/client.rb)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.manticore_minus_0_dot_6_dot_4_minus_java.lib.manticore.client.pool(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:405)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.manticore_minus_0_dot_6_dot_4_minus_java.lib.manticore.client.initialize(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:209)", "org.jruby.RubyClass.newInstance(org/jruby/RubyClass.java:1022)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(org/jruby/RubyClass$INVOKER$i$newInstance.gen)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_3_dot_0.gems.logstash_minus_output_minus_elasticsearch_minus_9_dot_3_dot_2_minus_java.lib.logstash.outputs.elasticsearch.http_client.manticore_adapter.initialize(/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.3.2-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:26)", "org.jruby.RubyClass.newInstance(org/jruby/RubyClass.java:1022)",
3

I went ahead and made a few updates after this post-converted my pcks12 to PEM and then updated my java version from OpenJDK to OracleJDK. Getting a new error now.

[logstash.pipeline        ] Error registering plugin {:pipeline_id=>"main", :plugin=>"#<LogStash::OutputDelegator:0x270dd15a>", :error=>"Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty", :thread=>"#<Thread:0x38e5dfc4 run>"}
[2019-06-18T15:08:16,301][ERROR][logstash.pipeline        ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::UnknownException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty>
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.