Filebeat: Error on Windows* with SSL Certificates


(Simon Says4223) #1

Hello @all,

I'm trying to configure filebeat on a Win7 and Win10 machine with SSL-Certificates. After configuring it as described:

   output.logstash
     hosts: ["mylogstaship:myport"]
     ssl.certificate_authorities: ["C:\filebeat-6.2.4-windows-x86_64\myrootca.crt"]
     ssl.certificate: "C:\filebeat-6.2.4-windows-x86_64\myclientcert.crt"
     ssl.key: "C:\filebeat-6.2.4-windows-x86_64\myclientkey.key"

I'm getting the following error:

The service filebeat cannot be startetd. Error 1053 ...

It always appears if I have a config mistake. When commenting the ssl-lines out, it works.

Seems to be the same issue as:
https://discuss.elastic.co/t/filebeat-on-windows-ssl-certificates/125333/2

Since it has not been solved yet, I think the bug still exists. Unfortunately there is no logentry in the filebeat logging mechanism (event on debug) that could indicate why the config cannot be parsed.

PS: The same config on a CentOS6 and CentOS7 host just works fine.


(Jaime Soriano) #2

Hi @SimonSays4223,

Welcome to the discuss forum :slight_smile:

The configuration looks good. Could you check the filebeat logs to see if it is reporting any error there?


(Jaime Soriano) #3

Could you try to scape the path separators? Like this:

   output.logstash
     hosts: ["mylogstaship:myport"]
     ssl.certificate_authorities: ["C:\\filebeat-6.2.4-windows-x86_64\\myrootca.crt"]
     ssl.certificate: "C:\\filebeat-6.2.4-windows-x86_64\\myclientcert.crt"
     ssl.key: "C:\\filebeat-6.2.4-windows-x86_64\\myclientkey.key"

You can also use single quoutes instead:

   output.logstash
     hosts: ['mylogstaship:myport']
     ssl.certificate_authorities: ['C:\filebeat-6.2.4-windows-x86_64\myrootca.crt']
     ssl.certificate: 'C:\filebeat-6.2.4-windows-x86_64\myclientcert.crt'
     ssl.key: 'C:\filebeat-6.2.4-windows-x86_64\myclientkey.key'

(Simon Says4223) #4

Nice. that worked... now filebeat is starting.

Thanks a lot!


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.