[ERROR][org.logstash.beats.BeatsHandler] Exception: not an SSL/TLS record

r1chardp · January 11, 2017, 11:16pm

my logstash config:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

My filebeat config
Logstash as output
logstash:
# The Logstash hosts
hosts: ["logstash_node:5044"]

  # List of root certificates for HTTPS server verifications
  certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

r1chardp · January 11, 2017, 11:17pm

List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

magnusbaeck · January 12, 2017, 6:25pm

Judging by the Logstash log Filebeat isn't using SSL when sending. The documentation indicates that you need to set ssl.enabled: true in addition to ssl.certificate_authorities.

r1chardp · January 12, 2017, 6:50pm

SSL is enable in the configure file, my mistake it was not included in the
post.

jakommo · January 12, 2017, 8:03pm

Can you post your filebeat config?
I had the same issue and was using the old tls. settings (migrated from 1.3) and after changing everything to ssl. the error seems to be gone.

r1chardp · January 12, 2017, 8:13pm

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- input_type: log
  document_type: syslog 

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/*.log
    - /var/log/messages
    #- c:\programdata\elasticsearch\logs\*
  output.logstash:
  # The Logstash hosts
  hosts: ["LOGSTASH-IP:5044"]
  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

I want nodes A, B and C sending syslog's files to one Logstash server.

r1chardp · January 12, 2017, 8:17pm

List of root certificates for HTTPS server verifications

ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

magnusbaeck · January 12, 2017, 8:35pm

But all your SSL settings are commented out.

robertchen117 · February 3, 2017, 10:47pm

anyone has a full step by step setup SSL between filebeat 5.1 to logstash 5.1, same the above way was for 4.x version which does not work anymore for 5.1.

I got the same issue for 5.1, please help.

system · March 3, 2017, 10:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.