Logstash 2.0 plugin input-relp option ssl


#1

in logstash.log
message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: Unrecognized SSL message, plaintext connection?>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:262:in accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-openssl-0.9.12-java/lib/jopenssl19/openssl/ssl-internal.rb:106:inaccept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-relp-2.0.3/lib/logstash/util/relp.rb:128:in accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-relp-2.0.3/lib/logstash/inputs/relp.rb:123:inrun'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0.rc1-java/lib/logstash/pipeline.rb:180:in inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0.rc1-java/lib/logstash/pipeline.rb:174:instart_input'"], :level=>:error}

I have oepnjdk 7 and logstash 2.0 plugin input-relp option ssl

Thanks


(Mark Walkom) #2

It'd help if you provided your config.


#3

in input-relp.conf

input {
        relp {
        port => 10514
        type => "logs"
        ssl_cacert => "/etc/pki/relp/ca.pem"
        ssl_cert => "/etc/pki/relp/server-cert.pem"
        ssl_key => "/etc/pki/relp/server-key.pem"
        ssl_enable => true
        }
}

and in my client

$ModLoad omrelp
$ModLoad imtcp
$ActionQueueFileName fwdRule1     # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g       # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
$ActionQueueType LinkedList       # run asynchronously
$ActionResumeRetryCount -1        # infinite retries if host is down

$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/relp/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/relp/keepeek-test-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/relp/keepeek-test-key.pem

# Provides TCP syslog reception
$InputTCPServerStreamDriverAuthMode x509/name
#$InputTCPServerStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
$ActionSendStreamDriverPermittedPeer kibana-test.test

*.* :omrelp:ip_server:10514

generate certificat with

Thanks

Alicia


(Peter Bøndum) #4

Seeing the same issue when parsing logs via TCP input from NXLOG.
Logstash throws an SSL Error an exits.

/Peter


#5

may be that the problem from compatibility betwen gnutls and openssl : rsyslog has been written to use the gnuTLS library, and logstash has been written to use the openssl library ???


(Peter Bøndum) #6

@alicia Strange, that i see the same error parsing logs from NXLog.
I have not figured out a solution though. you?


(system) #7