Filebeat Client TLS connection failed to ELK Host

(Howard) #1

Target is to use Filebeat Client uses TLS connection failed to ELK Host

telnet shows work as following.

telnet 209.xx.173.45 5044

Trying 209.xx.173.45...
Connected to
Escape character is '^]'.

Certification is there


My filebeat.yml

- /var/log/auth.log
- /var/log/syslog
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry

enabled: true
hosts: [""]
bulk_max_size: 1024
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

after start. then I check
sudo systemctl status filebeat
Error message as following:

Jun 18 14:06:03 Client05 /usr/bin/filebeat[4022]: transport.go:125: SSL client failed to connect with: read tcp> read: connection reset by peer

I do not have https only http, anything wrong? thanks for anyone can help!!

Just in case , HOST ELK is logstash.conf file is needed.

input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/ssl/logstash-forwarder.crt"
ssl_key => "/etc/ssl/logstash-forwarder.key"
congestion_threshold => "40"
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }

date {
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
output {
elasticsearch {
hosts => localhost
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
stdout {

(Adrian Serrano) #2

Can you look at your Logstash logs to see if any error is printed there?

(Howard) #3

thanks for your reply, life saved.

if i check this file.

[2018-06-18T14:37:04,110][INFO ][] Exception:$InvalidFrameProtocolException: Invalid Frame Type, received: 1, from: /
[2018-06-18T14:37:04,110][WARN ][] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException:$InvalidFrameProtocolException: Invalid Frame Type, received: 1
at io.netty.handler.codec.ByteToMessageDecoder.callDecode( ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed( ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed( ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelInactive( ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at$300( ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at$ ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$ [netty-all-4.1.3.Final.jar:4.1.3.Final]
at io.netty.util.concurrent.DefaultThreadFactory$ [netty-all-4.1.3.Final.jar:4.1.3.Final]
at [?:1.8.0_171]
Caused by:$InvalidFrameProtocolException: Invalid Frame Type, received: 1
at ~[logstash-input-beats-3.1.31.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode( ~[netty-all-4.1.3.Final.jar:4.1.3.Final]
... 10 more

Can you help?

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.