Logstash beats SSL file read problem

Hi,
recently installed Logstash 6.0.
Migrating pipelines from 5.x version.

I have secured connection Filebeat -> Logstash

But loading pipeline Logstash cannot read certificates:

[2017-12-05T11:24:58,829][ERROR][logstash.inputs.beats ] Invalid setting for beats input plugin:

input {
beats {
# This setting must be a path
# File does not exist or cannot be opened /etc/logstash/certs.d/vmlogstash.crt
ssl_certificate => "/etc/logstash/certs.d/vmlogstash.crt"
...
}
}
[2017-12-05T11:24:58,830][ERROR][logstash.inputs.beats ] Invalid setting for beats input plugin:

input {
beats {
# This setting must be a path
# File does not exist or cannot be opened /etc/logstash/certs.d/vmlogstash.key
ssl_key => "/etc/logstash/certs.d/vmlogstash.key"
...
}
}

vmlogstash:/etc/logstash # ll certs.d/
drw-r----- 2 logstash logstash 4096 Dec 1 16:37 ca
-rw-r----- 1 logstash logstash 1363 Dec 1 16:30 vmlogstash.crt
-rw-r----- 1 logstash logstash 1675 Dec 1 16:30 vmlogstash.key

input {
beats {
port => "5045"
ssl => true
ssl_certificate_authorities => ["/etc/logstash/certs.d/ca.crt"]
ssl_certificate => "/etc/logstash/certs.d/${HOSTNAME}.crt"
ssl_key => "/etc/logstash/certs.d/${HOSTNAME}.key"
ssl_verify_mode => "peer"
}
}

What can be the problem?

Figured out.
Seems logstash doesn't respect read rights for the group 'logstash'

What are the permissions of /etc/logstash/certs.d? The ca subdirectory has the nonsensical file mode 0640 and if that goes for the certs.d subdirectory too then that would certainly explain what you saw.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.