Hi everyone,
I'm trying to configure the SSL connection between Logstash and Filebeat. Filebeat is working fine, but Logstash is not starting.
Logstash.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/root/ca/certs/ca.cert.pem"]
ssl_certificate => "/root/ca/intermediate/certs/elasticStackServer.cert.pem"
ssl_key => "/root/ca/intermediate/private/elasticStackServer.key.pem"
ssl_verify_mode => "force_peer"
}
}
output {
elasticsearch {
hosts => "10.56.80.20:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
filebeat.yml
filebeat.prospectors:
- type: log
enabled: true
paths:
- /var/log/*.log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
output.logstash:
hosts: ["10.56.80.20:5044"]
ssl.certificate_authorities: ["/root/ca/certs/ca.cert.pem"]
ssl.certificate: "/root/ca/intermediate/certs/elasticStackClient.cert.pem"
ssl.key: "/root/ca/intermediate/private/elasticStackClient.key.pem"
logging.level: debug
Logstash Logfile:
[2018-02-09T15:09:03,756][ERROR][logstash.inputs.beats ] Invalid setting for beats input plugin:
input {
beats {
# This setting must be a path
# File does not exist or cannot be opened /root/ca/intermediate/certs/elasticStackServer.cert.pem
ssl_certificate => "/root/ca/intermediate/certs/elasticStackServer.cert.pem"
...
}
}
[2018-02-09T15:09:03,758][ERROR][logstash.inputs.beats ] Invalid setting for beats input plugin:
input {
beats {
# This setting must be a path
# File does not exist or cannot be opened /root/ca/intermediate/private/elasticStackServer.key.pem
ssl_key => "/root/ca/intermediate/private/elasticStackServer.key.pem"
...
}
}
I created the key and certificate according to following instructions:
Create SSL key
Here the command to create the cert and change of permission
openssl ca -config intermediate/openssl.cnf \
-extensions server_cert -days 375 -notext -md sha256 \
-in intermediate/csr/elasticStackServer.csr.pem \
-out intermediate/certs/elasticStackServer.cert.pem
chmod 444 intermediate/certs/elasticStackServer.cert.pem
Thank you in advance.
Best regards
Simon