Judging by the Logstash log Filebeat isn't using SSL when sending. The documentation indicates that you need to set ssl.enabled: true in addition to ssl.certificate_authorities.
Can you post your filebeat config?
I had the same issue and was using the old tls. settings (migrated from 1.3) and after changing everything to ssl. the error seems to be gone.
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- input_type: log
document_type: syslog
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/*.log
- /var/log/messages
#- c:\programdata\elasticsearch\logs\*
output.logstash:
# The Logstash hosts
hosts: ["LOGSTASH-IP:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
I want nodes A, B and C sending syslog's files to one Logstash server.
anyone has a full step by step setup SSL between filebeat 5.1 to logstash 5.1, same the above way was for 4.x version which does not work anymore for 5.1.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.