Filebeat and logstash ssl config is correct?

Elastic Stack Logstash
1

filebeat

filebeat.inputs:
- type: filestream
  paths:

        - G:\filebeat-8.4.3-windows-x86_64\logs\*.*
    
output.logstash:
  hosts: ["172.22.10.202:5044"]
  protocol: "http"
  ssl.enabled: true
  ssl.certificate_authorities: ["G:\\logstash-forwarder.crt"]

logstash

input {
    beats {
      host => "172.22.10.202"
      port => 5044
      include_codec_tag => false
      ssl => true
      ssl_certificate => "/etc/ssl/certs/logstash-forwarder.crt"
      ssl_key => "/etc/ssl/private/logstash-forwarder.key"
    }
}

output {

		elasticsearch {
			hosts => ["localhost:9200"]
			index => "fsbroker"
		}
		

		stdout { codec => rubydebug }
}

how verify ssl is enable?

2

i have changed certificate client and in the server have Received fatal alert: bad_certificate
ok very good is perfect

[2022-10-18T09:30:32,193][INFO ][org.logstash.beats.BeatsHandler][terza][8fb7acdb9937ab76f029df327d97c80bd97d6378083c8d86505d094dec5103c2] [local: 172.22.10.202:5044, remote: 172.22.0.1:58304] Handling exception: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate (caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate)
[2022-10-18T09:30:32,195][WARN ][io.netty.channel.DefaultChannelPipeline][terza][8fb7acdb9937ab76f029df327d97c80bd97d6378083c8d86505d094dec5103c2] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
````Preformatted text`
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.