I set up the filebeat to ingest logs and pass to Logstash using SSL
however when I try to test the connection to between filebeat and logstash using curl the following error shows:
* SSL read: errno -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (56) NSS: client certificate not found (nickname not specified)
and here is the log recorded by logstash
Handling exception: org.logstash.beats.BeatsParser$InvalidFrameProt[2019-03-13T20:02:08,864][INFO ][org.logstash.beats.BeatsHandler] [local: IP:5044, remote: IP:58544] ocolException: Invalid Frame Type, received: 69
[2019-03-13T20:02:08,866][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
here is the command I used:
curl -v --cacert ./ca.crt https://logstash:5044
When I tried to start the filebeat, it shows another error from logstash
[2019-03-13T20:10:56,111][INFO ][org.logstash.beats.BeatsHandler] [local: IP:5044, remote: IP:58570] Handling exception: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICAT
Here is the output configuration of filebeat:
output.logstash:
hosts: ["logstash_ip:5044"]
ssl.certificate_authorities: ["/etc/ca.crt"]
ssl.certificate: "/etc/filebeat_ip.crt"
ssl.key: "/etc/filbeat_ip.key"
ssl.key_passphrase: "passphrase"
And the configuration of logstash:
input{
beats{
port => 5044
ssl => true
ssl_certificate_authorities => ["/etc/ca.crt"]
ssl_certificate => "/etc/ca.crt"
ssl_key => "/etc/ca-pkcs8.key"
ssl_key_passphrase => "passphrase"
ssl_verify_mode => "peer"
}
}
The ca cert is created in the logstash and signed the filebeat's cert.
Both ca cert and filebeat cert CN name are correct.
Any ideas about which part I did wrong? Thanks