Http input on different pipeline breaks beats pipeline

I have two pipelines for logstash:

  • beats
  • http

When I only use beats, everything works fine, data comes in as it should. However, when I turn on the http pipeline, http starts fine, but beats throws this error:
:exception=>#<LogStash::ConfigurationError: Cipher TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 is not available>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/lib/logstash/inputs/beats.rb:174:in create_server'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/lib/logstash/inputs/beats.rb:162:in register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:200:in block in register_plugins'", "org/jruby/RubyArray.java:1800:in each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:199:in register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:304:in start_inputs'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:260:in start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:154:in run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:109:in `block in start'"], "pipeline.sources"=>["/etc/logstash/conf.d/beats.conf"], :thread=>"#<Thread:0x6f92e866 run>"}

http doesn't use SSL. Beats does.

Okay, figured this out so posting here for posterity:

For some reason, when running both of those inputs (separate pipelines, same logstash instance), the default cypher defaults to TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 and errors out.

For me, only beats was erroring out, so I proactively set:
cipher_suites => "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
as part of the input config for beats and it resolved itself without bare metal rebuilds or anything like that.

Hope it helps

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.