Logstash beats SSL file read problem

bodi4 · December 5, 2017, 8:33am

Hi,
recently installed Logstash 6.0.
Migrating pipelines from 5.x version.

I have secured connection Filebeat -> Logstash

But loading pipeline Logstash cannot read certificates:

[2017-12-05T11:24:58,829][ERROR][logstash.inputs.beats ] Invalid setting for beats input plugin:

input {
beats {
# This setting must be a path
# File does not exist or cannot be opened /etc/logstash/certs.d/vmlogstash.crt
ssl_certificate => "/etc/logstash/certs.d/vmlogstash.crt"
...
}
}
[2017-12-05T11:24:58,830][ERROR][logstash.inputs.beats ] Invalid setting for beats input plugin:

input {
beats {
# This setting must be a path
# File does not exist or cannot be opened /etc/logstash/certs.d/vmlogstash.key
ssl_key => "/etc/logstash/certs.d/vmlogstash.key"
...
}
}

vmlogstash:/etc/logstash # ll certs.d/
drw-r----- 2 logstash logstash 4096 Dec 1 16:37 ca
-rw-r----- 1 logstash logstash 1363 Dec 1 16:30 vmlogstash.crt
-rw-r----- 1 logstash logstash 1675 Dec 1 16:30 vmlogstash.key

input {
beats {
port => "5045"
ssl => true
ssl_certificate_authorities => ["/etc/logstash/certs.d/ca.crt"]
ssl_certificate => "/etc/logstash/certs.d/${HOSTNAME}.crt"
ssl_key => "/etc/logstash/certs.d/${HOSTNAME}.key"
ssl_verify_mode => "peer"
}
}

What can be the problem?

bodi4 · December 5, 2017, 9:07am

Figured out.
Seems logstash doesn't respect read rights for the group 'logstash'

magnusbaeck · December 5, 2017, 9:42am

What are the permissions of /etc/logstash/certs.d? The ca subdirectory has the nonsensical file mode 0640 and if that goes for the certs.d subdirectory too then that would certainly explain what you saw.

system · January 2, 2018, 9:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.