Hi,
Please help to identify the configuration issue of Logstash, the Stack version is 7.4.0
Logstash stopped working after enabling xpack.
It is three node cluster and it is up.
Logstash Debug shows following error, there are two errors
-
[2019-11-06T17:52:48,070][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Use either "cacert" or "truststore" when configuring the CA certificate"}
-
[2019-11-06T17:53:04,877][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://115.110.89.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://115.110.89.12:9200/][Manticore::ClientProtocolException] 115.110.89.12:9200 failed to respond"}
Here is output section of logstash.conf file.
output {
if [type] == "esxisyslog" {
elasticsearch {
hosts => ["115.110.89.12:9200"]
ssl => true
cacert => '/etc/logstash/elastic-certificates.p12'
user => "elastic"
password => "xxxx"
index => "prod-esxi-syslogs-%{+YYYY.MM}"
}
else if [type] == "unixsyslog" {
elasticsearch {
hosts => ["115.110.89.12:9200"]
ssl => true
cacert => '/etc/logstash/elastic-certificates.p12'
user => "elastic"
password => "xxxxx"
index => "prod-linux-syslogs-%{+YYYY.MM}"
}
}
stdout {codec => rubydebug}
}
- Here is logstash.yml file configuration for xpack monitoring
###########################################################
X-Pack Monitoring
https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: Pass@123
xpack.monitoring.elasticsearch.hosts: ["http://115.110.89.12:9200"]
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
xpack.monitoring.elasticsearch.ssl.certificate_authority: /etc/logstash/elastic-certificates.p12
xpack.monitoring.elasticsearch.ssl.truststore.path: /etc/logstash/elastic-stack-ca.p12
#xpack.monitoring.elasticsearch.ssl.truststore.password: password
#xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.monitoring.elasticsearch.ssl.keystore.password: password
#xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
#xpack.monitoring.elasticsearch.sniffing: false
#xpack.monitoring.collection.interval: 10s
#xpack.monitoring.collection.pipeline.details.enabled: true
X-Pack Management
https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html
#xpack.management.enabled: false
#xpack.management.pipeline.id: ["main", "apache_logs"]
#xpack.management.elasticsearch.username: logstash_admin_user
#xpack.management.elasticsearch.password: P@ssword
#xpack.management.elasticsearch.hosts: ["https://115.110.89.12:9200", "https://115.110.89.18:9200", "https://115.110.89.51"]
#xpack.management.elasticsearch.ssl.certificate_authority: [ "/path/to/ca.crt" ]
#xpack.management.elasticsearch.ssl.truststore.path: /path/to/file
#xpack.management.elasticsearch.ssl.truststore.password: password
#xpack.management.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.management.elasticsearch.ssl.keystore.password: password
#xpack.management.elasticsearch.ssl.verification_mode: certificate
#xpack.management.elasticsearch.sniffing: false
#xpack.management.logstash.poll_interval: 5s
- xpack configuration in elasticsearch.yml file
###########################################################
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
############################################################