I have a small setup. Filebeat was able to successfully send logs to logstash. I was then asked to encrypt communication between filebeat to logstash.
On logstash I've added to the following to the input{ }
block:
ssl_certificate => "/usr/share/elasticsearch/elk.crt"
ssl_key => "/usr/share/elasticsearch/elk.key"
I've copied the elk.crt
and elk.key
to one of the servers that ship logs with filebeat under /etc/elk/certs
, and then, in filebeat.yml, under output.logstash:
, I've added the following:
hosts: ["91.239.19.210:5044"] # this line was there before. also not the real ip
ssl.certificate: "/etc/elk/certs/elk.crt"
ssl.key: "/etc/elk/certs/elk.key"
When I start filebeat, I endlessly get the following message:
2020-07-28T16:36:19.644Z ERROR [publisher_pipeline_output] pipeline/output.go:155 Failed to connect to backoff(async(tcp://91.239.19.210:5044)): x509: cannot validate certificate for 91.239.19.210 because it doesn't contain any IP SANs
I thought that maybe it wanted to have a hostname instead of IP, so I added to /etc/hosts:
91.239.19.210 elk.com
And in filebeat.yml replace the IP with:
hosts: ["elk.com:5044"]
Which results this error:
2020-07-28T16:42:12.174Z ERROR [publisher_pipeline_output] pipeline/output.go:155 Failed to connect to backoff(async(tcp://elk.com:5044)): x509: certificate is not valid for any names, but wanted to match elk.com
I'm sitting on this forever and I can't seem to crack it. Does anyone know what's wrong? I feel like I'm missing something. Thanks ahead.