We're encountering some issues getting Filebeat to send data to Logstash over SSL. All products are versioned 6.2.2. Filebeat is on a linux machine, and Logstash on Winodws Server. For testing/development purposes, Logstash and Elasticsearch are hosted on the same server.
We are receiving handshake errors when Filebeat attempts to send the data to Logstash: ERROR pipeline/output.go:74 Failed to connect: remote error: tls: handshake failure
Previously, we had Filebeat sending directly to Elasticsearch over SSL with no issues. But when we introduce Logstash into the mix, we have a ton of them.
From the Filebeat server, I try to verify the CA with openssl to Logstash with an error:
@Ben96 Thanks for the response and I appreciate your willingness to help! Yes - we have had MANY issues going full SSL with the ELK stack. This is the last piece we need to have everything SSL across the board.
I tried having both Filebeat and Logstash use the .p8 instead of the .key to no avail - still the same issue with the handshake.
I'm posting this in hopes it helps someone else down the line.
After working with our support, the solution is to NOT specify the CA in the pipeline input and to NOT specify the HTTPS protocol in the Filebeat output. Communication to Logstash is not HTTPS (it's some other protocol leftover from Lumberjack) and there's something weird about specifying the CA in the input when it's not needed to authenticate the client.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.