Logstash 2.0.0 SSLError: Socket closed


(Peter Bøndum) #1

I am receiving an SSL socket error when using the new Logstash 2.0.0.

My configuration:

NXLog conf:

<Input network>
        Module      im_tcp
        Host        0.0.0.0
        Port        1514
        Exec 	    parse_json();		
</Input>

<Output ssllogstash>
    Module          om_ssl
    Host            ourlogstashhost
    Port            3515
    CAFile          %ROOT%/cert/someca.crt 
    CertFile        %ROOT%/cert/somecert.crt
    OutputType      LineBased
</Output>

<Route 66>
    Path        network => buffer => ssllogstash
</Route>

Logstash configuration:

input {
  tcp {
    codec => json { charset => "CP1252" }
    port => 3515
    type => "nxlog"
    ssl_cacert => "someca.crt"
    ssl_cert => "somecert.crt"
    ssl_key => "somekey.key"
    ssl_enable => true
  }
}
output {
  elasticsearch {
        hosts => ["host1:9200", "host2:9200", "host3:9200"]
}

Logstash log:

{:timestamp=>"2015-11-04T14:28:16.185000+0100", :message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: Socket closed>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:262:in `accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-openssl-0.9.12-java/lib/jopenssl19/openssl/ssl-internal.rb:106:in `accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-2.0.4/lib/logstash/inputs/tcp.rb:108:in `run_server'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-tcp-2.0.4/lib/logstash/inputs/tcp.rb:80:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0-java/lib/logstash/pipeline.rb:180:in `inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0-java/lib/logstash/pipeline.rb:174:in `start_input'"], :level=>:error}

Eventually logstash crashes and stops the log flow.
Any insight?


(Magnus Bäck) #2

Perhaps s_client would be useful for debugging this?

I recommend you to use absolute paths to the certificate files. Do not rely on Logstash's current directory.


(Peter Bøndum) #3

Hi Magnus, I can connect to the logstash using the s_client, the still throws errors, but connection is held until logstash crashes.
I am using full path in the real conf, just sanitized it a bit for the forum :slight_smile:

Any insight??


(Peter Bøndum) #4

Any insight?


(system) #5