Logstash 2.0 plugin input-relp option ssl

alicia · October 30, 2015, 4:00pm

in logstash.log
message=>"SSL Error", :exception=>#<OpenSSL::SSL::SSLError: Unrecognized SSL message, plaintext connection?>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:262:in accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-openssl-0.9.12-java/lib/jopenssl19/openssl/ssl-internal.rb:106:inaccept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-relp-2.0.3/lib/logstash/util/relp.rb:128:in accept'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-relp-2.0.3/lib/logstash/inputs/relp.rb:123:inrun'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0.rc1-java/lib/logstash/pipeline.rb:180:in inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.0.0.rc1-java/lib/logstash/pipeline.rb:174:instart_input'"], :level=>:error}

I have oepnjdk 7 and logstash 2.0 plugin input-relp option ssl

Thanks

warkolm · October 31, 2015, 11:18pm

It'd help if you provided your config.

alicia · November 2, 2015, 8:14am

in input-relp.conf

input {
        relp {
        port => 10514
        type => "logs"
        ssl_cacert => "/etc/pki/relp/ca.pem"
        ssl_cert => "/etc/pki/relp/server-cert.pem"
        ssl_key => "/etc/pki/relp/server-key.pem"
        ssl_enable => true
        }
}

and in my client

$ModLoad omrelp
$ModLoad imtcp
$ActionQueueFileName fwdRule1     # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g       # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
$ActionQueueType LinkedList       # run asynchronously
$ActionResumeRetryCount -1        # infinite retries if host is down

$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/relp/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/relp/keepeek-test-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/relp/keepeek-test-key.pem

# Provides TCP syslog reception
$InputTCPServerStreamDriverAuthMode x509/name
#$InputTCPServerStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
$ActionSendStreamDriverPermittedPeer kibana-test.test

*.* :omrelp:ip_server:10514

generate certificat with

Thanks

Alicia

pbmsys · November 2, 2015, 10:40am

Seeing the same issue when parsing logs via TCP input from NXLOG.
Logstash throws an SSL Error an exits.

/Peter

alicia · November 3, 2015, 10:48am

may be that the problem from compatibility betwen gnutls and openssl : rsyslog has been written to use the gnuTLS library, and logstash has been written to use the openssl library ???

pbmsys · November 4, 2015, 6:45am

@alicia Strange, that i see the same error parsing logs from NXLog.
I have not figured out a solution though. you?