[2022-09-17T19:18:01,567][WARN ][io.netty.channel.DefaultChannelPipeline][main][8a9c9f2dc6465fb8ed9835549cd253f9a62380bfff99a3dcf3bd608f17490322] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 22
Fleet server is in Elastic Cloud
The agent lives in the same machine than Logstash, and the Logstash Output is set to localhost:5044 in the Fleet UI
Tried with certificates with no success (bad certificate error from Logstash) now, disabling ssl I get this error what I read is when the elasticsearch output is trying to send data to Logstash.
@Gustavo_Llermaly - this error io.netty.handler.codec.DecoderException: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 22 indicates that there is a mismatch in protocol in the data received by the elastic_agent input plugin.
Can you clarify the following:
Which Elastic Agent version are you using?
Which Logstash version are you using?
Which version of the elastic_agent input plugin are you using?
The connection between Logstash -> Integration Server (ESS) is encrypted - Elasticsearch Service uses standard publicly trusted certificates, so there’s no need specify other SSL settings in the Logstash pipeline.
Thanks for your explanation. I'm clear the elasticsearch output doesnt need any certs.
My concern is the agent input, I need to do the simplest configuration. Which looks like it is a single cert with the logstash dns on it and shared between logstash and Fleet as disabling ssl is not possible.
That's my understanding as well - you will need to create the relevant certificates and use them in the configuration of the Logstash output for the Elastic Agent as well as the Logstash pipeline configuration.
I will summarize my weekend here, let me know If I'm making any imprecision.
TLS (ssl => true) is mandatory, if you set ssl to false you will receive bad protocol errors
You can create one certificate and use the same in Fleet, and in Logstash. The docs suggest to create 2: one for client (Fleet), one for server (Logstash). The Logstash one must have --ip or --dns set. The client one can omit those.
The logstash hostname (what you set in Fleet hosts) must match with what you configure under --dns or --ip in the certificate or you will receive "bad certificate" error <= this is the root cause of the error, I wasnt setting --dns