top - 09:18:06 up 7 min, 1 user, load average: 10.19, 8.81, 4.51
Tasks: 124 total, 3 running, 58 sleeping, 0 stopped, 1 zombie
%Cpu(s): 82.0 us, 7.7 sy, 0.0 ni, 10.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 1490700 total, 59020 free, 492076 used, 939604 buff/cache
KiB Swap: 3145724 total, 3142628 free, 3096 used. 916644 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1533 root 20 0 1415588 151740 78360 R 91.0 10.2 6:49.63 metricbeat
1542 root 20 0 1305404 118344 59992 S 91.0 7.9 6:44.16 filebeat
1569 root 20 0 1349988 141756 78336 S 90.4 9.5 6:44.70 metricbeat
1560 root 20 0 1297208 115584 59272 R 85.0 7.8 6:37.57 filebeat
The log files in directory “/opt/Elastic/Agent/data/elastic-agent-b9a28a/logs/default” rotates quickly, there are lot of logs show transport authentication handshake failed x509.
log file: /opt/Elastic/Agent/data/elastic-agent-b9a28a/logs/default/filebeat-20220615-909.ndjson
{"log.level":"error","@timestamp":"2022-06-15T09:19:25.026+0800","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":250},"message":"elastic-agent-client got error: rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate has expired or is not yet valid: current time 2022-06-15T09:19:20+08:00 is before 2022-06-15T09:10:18Z\"","service.name":"filebeat","ecs.version":"1.6.0"}
log file: /opt/Elastic/Agent/data/elastic-agent-b9a28a/logs/default/metricbeat-20220615-887.ndjson
{"log.level":"error","@timestamp":"2022-06-15T09:19:24.184+0800","log.logger":"centralmgmt.fleet","log.origin":{"file.name":"management/manager.go","file.line":250},"message":"elastic-agent-client got error: rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: x509: certificate has expired or is not yet valid: current time 2022-06-15T09:19:19+08:00 is before 2022-06-15T09:10:18Z\"","service.name":"metricbeat","ecs.version":"1.6.0"}
[root@apm-server-nginx-nodejs ~]# ps -ef | grep agent
root 1649 1 1 09:21 ? 00:00:14 /opt/Elastic/Agent/elastic-agent
root 1658 1649 0 09:21 ? 00:00:00 [elastic-agent] <defunct>
root 1666 1649 1 09:21 ? 00:00:11 /opt/Elastic/Agent/data/elastic-agent-b9a28a/install/metricbeat-8.2.0-linux-arm64/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E logging.level=debug -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E logging.level=warning -E http.enabled=true -E http.host=unix:///opt/Elastic/Agent/data/tmp/default/metricbeat/metricbeat.sock -E logging.files.path=/opt/Elastic/Agent/data/elastic-agent-b9a28a/logs/default -E logging.files.name=metricbeat -E logging.files.keepfiles=7 -E logging.files.permission=0640 -E logging.files.interval=1h -E path.data=/opt/Elastic/Agent/data/elastic-agent-b9a28a/run/default/metricbeat--8.2.0
root 1675 1649 0 09:21 ? 00:00:02 /opt/Elastic/Agent/data/elastic-agent-b9a28a/install/apm-server-8.2.0-linux-arm64/apm-server -E management.enabled=true -E gc_percent=${APMSERVER_GOGC:100} -E logging.level=warning -E http.enabled=true -E http.host=unix:///opt/Elastic/Agent/data/tmp/default/apm-server/apm-server.sock -E logging.files.path=/opt/Elastic/Agent/data/elastic-agent-b9a28a/logs/default -E logging.files.name=apm-server -E logging.files.keepfiles=7 -E logging.files.permission=0640 -E logging.files.interval=1h -E path.data=/opt/Elastic/Agent/data/elastic-agent-b9a28a/run/default/apm-server--8.2.0
root 1684 1649 0 09:21 ? 00:00:04 /opt/Elastic/Agent/data/elastic-agent-b9a28a/install/filebeat-8.2.0-linux-arm64/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E logging.level=debug -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E logging.level=warning -E http.enabled=true -E http.host=unix:///opt/Elastic/Agent/data/tmp/default/filebeat/filebeat.sock -E logging.files.path=/opt/Elastic/Agent/data/elastic-agent-b9a28a/logs/default -E logging.files.name=filebeat -E logging.files.keepfiles=7 -E logging.files.permission=0640 -E logging.files.interval=1h -E path.data=/opt/Elastic/Agent/data/elastic-agent-b9a28a/run/default/filebeat--8.2.0
root 1695 1649 2 09:21 ? 00:00:27 /opt/Elastic/Agent/data/elastic-agent-b9a28a/install/filebeat-8.2.0-linux-arm64/filebeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E logging.level=debug -E gc_percent=${FILEBEAT_GOGC:100} -E filebeat.config.modules.enabled=false -E logging.level=warning -E path.data=/opt/Elastic/Agent/data/elastic-agent-b9a28a/run/default/filebeat--8.2.0--36643631373035623733363936343635
root 1703 1649 0 09:21 ? 00:00:03 /opt/Elastic/Agent/data/elastic-agent-b9a28a/install/metricbeat-8.2.0-linux-arm64/metricbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E logging.level=debug -E gc_percent=${METRICBEAT_GOGC:100} -E metricbeat.config.modules.enabled=false -E logging.level=warning -E path.data=/opt/Elastic/Agent/data/elastic-agent-b9a28a/run/default/metricbeat--8.2.0--36643631373035623733363936343635
I have set the ssl config for Elasticsearch, but the issue still happen. I don't know which service authenticate failed with Filebeat and Metricbeat, could you take a look at this issue? Thanks so much!