Logstash 2.0.0 SSLError: Socket closed

pbmsys · November 4, 2015, 2:19pm

I am receiving an SSL socket error when using the new Logstash 2.0.0.

My configuration:

NXLog conf:

<Input network>
        Module      im_tcp
        Host        0.0.0.0
        Port        1514
        Exec 	    parse_json();		
</Input>

<Output ssllogstash>
    Module          om_ssl
    Host            ourlogstashhost
    Port            3515
    CAFile          %ROOT%/cert/someca.crt 
    CertFile        %ROOT%/cert/somecert.crt
    OutputType      LineBased
</Output>

<Route 66>
    Path        network => buffer => ssllogstash
</Route>

Logstash configuration:

input {
  tcp {
    codec => json { charset => "CP1252" }
    port => 3515
    type => "nxlog"
    ssl_cacert => "someca.crt"
    ssl_cert => "somecert.crt"
    ssl_key => "somekey.key"
    ssl_enable => true
  }
}
output {
  elasticsearch {
        hosts => ["host1:9200", "host2:9200", "host3:9200"]
}

Logstash log:

{:timestamp=>"2015-11-04T14:28:16.185000+0100", :message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: Socket closed>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:262:in `accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-openssl-0.9.12-java/lib/jopenssl19/openssl/ssl-internal.rb:106:in `accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-2.0.4/lib/logstash/inputs/tcp.rb:108:in `run_server'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-2.0.4/lib/logstash/inputs/tcp.rb:80:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0-java/lib/logstash/pipeline.rb:180:in `inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0-java/lib/logstash/pipeline.rb:174:in `start_input'"], :level=>:error}

Eventually logstash crashes and stops the log flow.
Any insight?

magnusbaeck · November 4, 2015, 7:05pm

Perhaps s_client would be useful for debugging this?

I recommend you to use absolute paths to the certificate files. Do not rely on Logstash's current directory.

pbmsys · November 4, 2015, 8:43pm

Hi Magnus, I can connect to the logstash using the s_client, the still throws errors, but connection is held until logstash crashes.
I am using full path in the real conf, just sanitized it a bit for the forum

Any insight??

pbmsys · November 10, 2015, 12:42pm

Any insight?

Topic		Replies	Views
SSL Error when using SSL with TCP output plugin Logstash	2	1115	June 18, 2019
Logstash TCP/SSL \| General OpenSslEngine problem Logstash	2	1483	January 9, 2019
Logstash ssl error es input --> output csv Logstash	1	577	September 2, 2019
Logstash Lumberjack SSL Error Logstash	2	1880	August 30, 2017
Logstash 2.0 plugin input-relp option ssl Logstash	6	1452	July 6, 2017

Logstash 2.0.0 SSLError: Socket closed

Related topics