How to configure SSL connection between Logstash and Filebeat

Hi everyone,

I'm trying to configure the SSL connection between Logstash and Filebeat. Filebeat is working fine, but Logstash is not starting.

Logstash.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/root/ca/certs/ca.cert.pem"]
    ssl_certificate => "/root/ca/intermediate/certs/elasticStackServer.cert.pem"
    ssl_key => "/root/ca/intermediate/private/elasticStackServer.key.pem"
    ssl_verify_mode => "force_peer"
  }
}

output {
  elasticsearch {
    hosts => "10.56.80.20:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

filebeat.yml

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 3
output.logstash:
  hosts: ["10.56.80.20:5044"]
  ssl.certificate_authorities: ["/root/ca/certs/ca.cert.pem"]
  ssl.certificate: "/root/ca/intermediate/certs/elasticStackClient.cert.pem"
  ssl.key: "/root/ca/intermediate/private/elasticStackClient.key.pem"
logging.level: debug

Logstash Logfile:

[2018-02-09T15:09:03,756][ERROR][logstash.inputs.beats    ] Invalid setting for beats input plugin:

  input {
    beats {
      # This setting must be a path
      # File does not exist or cannot be opened /root/ca/intermediate/certs/elasticStackServer.cert.pem
      ssl_certificate => "/root/ca/intermediate/certs/elasticStackServer.cert.pem"
      ...
    }
  }
[2018-02-09T15:09:03,758][ERROR][logstash.inputs.beats    ] Invalid setting for beats input plugin:

  input {
    beats {
      # This setting must be a path
      # File does not exist or cannot be opened /root/ca/intermediate/private/elasticStackServer.key.pem
      ssl_key => "/root/ca/intermediate/private/elasticStackServer.key.pem"
      ...
    }
  }

I created the key and certificate according to following instructions:
Create SSL key

Here the command to create the cert and change of permission

openssl ca -config intermediate/openssl.cnf \
      -extensions server_cert -days 375 -notext -md sha256 \
      -in intermediate/csr/elasticStackServer.csr.pem \
      -out intermediate/certs/elasticStackServer.cert.pem

chmod 444 intermediate/certs/elasticStackServer.cert.pem

Thank you in advance.

Best regards
Simon

Unless you're running Logstash as root it won't be able to access a file under /root.

1 Like

Magnus, you made my day.
Thank you!

I copied the appropriate files to /etc/logstash/ssl/

Now it works!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.