I'm struggling a bit getting certs in place for just logstash and filebeat. My goal is to secure log trasnport between VPS instances and my logstash server. Although I'm testing with everything on the same server at the moment. Things were working fine before attempting to configure SSL, now I get this error message from Logstash:
Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
My Logstash pipeline configuration is as follows:
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/certs/ca/ca.crt"]
ssl_verify_mode => "force_peer"
}
}
this cert is copied in via docker and I can confirm they are in the correct location in the container prior to it crashing. I doubt its related but I do map another docker container readonly to the same cert.
My filebeat configuration is as follows:
output.logstash:
enabled: true
hosts: ["logstash:5044"]
ssl.certificate_authorities: ["/certs/ca/ca.crt"]
ssl.certificate: "/certs/instance/instance.crt"
ssl.key: "/certs/instance/instance.key"
I'm not entirely sure I setup my keys correctly, what I did for that was:
bin/elasticsearch-certutil cert --keep-ca-key --pem --out /temp/certs.zip
This generates the above refrenced certs in the same naming and folder structure. Any idea what Im' doing wrong here or why logstash crashes?