While setting Up Archsight
./logstash --modules arcsight --setup
-M "arcsight.var.input.smartconnector.port=5602"
-M "arcsight.var.elasticsearch.hosts=10.1.20.96:9200"
-M "arcsight.var.kibana.host=10.1.20.96:5601"
Thrown following error. , need help.
```
last_updated:}
```
[INFO ] 2019-03-01 15:20:36.359 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulelicensechecker - The arcsight module License OK
[INFO ] 2019-03-01 15:20:36.403 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulescommon - Setting up the arcsight module
[ERROR] 2019-03-01 15:20:36.636 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2019-03-01 15:20:36.739 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}Have you tried adding authentication parameters to the command?
For example:
Blockquote
-M "arcsight.var.elasticsearch.hosts=10.1.20.96:9200" -M "arcsight.var.elasticsearch.username=elastic" -M "arcsight.var.elasticsearch.password=changeme" -M "arcsight.var.kibana.host=10.1.20.96:5601" -M "arcsight.var.kibana.username=elastic" -M "arcsight.var.kibana.password=changeme"
[quote="jbur, post:2, topic:170659"]
"arcsight.var.kibana.password=changeme"
[/quotUnfotunately same problem after running following code
./logstash --modules arcsight --setup
-M "arcsight.var.input.eventbroker.bootstrap_servers=event_broker_host:5000"
-M "arcsight.var.elasticsearch.hosts=***:9200"
-M "arcsight.var.kibana.host=***6:5601"
-M "arcsight.var.kibana.username=elastic"
-M "arcsight.var.kibana.password=changeme"
[root@rootlm03 bin]#
[root@rootlm03 bin]#
[root@rootlm03 bin]#Error.
root@rootlm03 bin]# vi t1.sh
[root@rootlm03 bin]# sh t1.sh
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-03-08 10:53:01.731 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-03-08 10:53:01.747 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.6.0"}
[INFO ] 2019-03-08 10:53:03.573 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://10.1.20.96:9200/]}}
[WARN ] 2019-03-08 10:53:03.852 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Restored connection to ES instance {:url=>"http://10.1.20.96:9200/"}
[INFO ] 2019-03-08 10:53:04.095 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - ES Output version determined {:es_version=>6}
[WARN ] 2019-03-08 10:53:04.098 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[INFO ] 2019-03-08 10:53:04.265 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulelicensechecker - The arcsight module License OK
[INFO ] 2019-03-08 10:53:04.297 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulescommon - Setting up the arcsight module
[ERROR] 2019-03-08 10:53:04.597 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2019-03-08 10:53:04.685 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2019-03-08 10:53:04.829 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] sourceloader - Could not fetch all the sources {:exception=>LogStash::ConfigLoadingError, :message=>"Failed to import module configurations to Elasticsearch and/or Kibana. Module: arcsight has Elasticsearch hosts: ["10.1.20.96:9200"] and Kibana hosts: ["10.1.20.96:5601"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:108:in block in pipeline_configs'", "org/jruby/RubyArray.java:1734:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:54:in pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source/modules.rb:14:inpipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:61:in block in fetch'", "org/jruby/RubyArray.java:2481:incollect'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:60:in fetch'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:150:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:101:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in block in initialize'"]} [ERROR] 2019-03-08 10:53:04.837 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: Failed to import module configurations to Elasticsearch and/or Kibana. Module: arcsight has Elasticsearch hosts: [\"10.1.20.96:9200\"] and Kibana hosts: [\"10.1.20.96:5601\"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/agent.rb:157:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:101:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
[INFO ] 2019-03-08 10:53:05.071 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[root@rootlm03 bin]# cat t1.sh
./logstash --modules arcsight --setup
-M "arcsight.var.input.eventbroker.bootstrap_servers=event_broker_host:5000"
-M "arcsight.var.elasticsearch.hosts=10.1.20.96:9200"
-M "arcsight.var.kibana.host=10.1.20.96:5601"
-M "arcsight.var.kibana.username=elastic"
-M "arcsight.var.kibana.password=changeme"
Even I tried following code
-M "arcsight.var.input.eventbroker.bootstrap_servers=event_broker_host:5000"
-M "arcsight.var.elasticsearch.hosts=10.1.20.96:9200"
-M "arcsight.var.elasticsearch.username=elastic"
-M "arcsight.var.elasticsearch.password=changeme"
-M "arcsight.var.kibana.host=10.1.20.96:5601"
-M "arcsight.var.kibana.username=elastic"
-M "arcsight.var.kibana.password=changeme"
It looks like you're running Kibana, Logstash, and Elasticsearch on a single node. Is that correct?
Are you installing v6.6 from RPMs?
-Joe
> Mate you are right. ,it worked after adding following.
>
> [root@rootlm03 bin]# cat raj.sh
> ./logstash --modules arcsight --setup \
> -M "arcsight.var.input.smartconnector.port=5000" \
> -M "arcsight.var.elasticsearch.hosts=10.1.20.96:9200" \
> -M "arcsight.var.kibana.host=10.1.20.96:5601" \
> -M "arcsight.var.kibana.ssl.enabled=false"
>
>
> [root@rootlm03 bin]#I'm assuming arcsight.var.kibana.ssl.enabled was the issue. Thanks for sharing!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.