Logstash Error after setting up TLS on Elastic

Craig2188 · November 11, 2020, 12:24pm

I have enabled security on Elastic and setup HTTP/TLS for communication between Elastic and Kibana. Elastic and Kibana are now up and working fine with those new changes.
I have just setup the following for Logstash for these new changes in the conf file:

ssl => true
cacert => "D:\Logstash\logstash-7.9.2\config\certs\elasticsearch-ca.pem"

However, after restarting the service I am still getting the following error in the Elastic logs:

`[2020-11-11T12:04:21,632][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [SV-MSE-ELTC-001] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/10.103.186.210:9200, remoteAddress=/10.103.186.203:57493}

`

BBQigniter · November 11, 2020, 12:30pm

make sure that you also use https in your output section e.g.

output {
    elasticsearch {
            id => "elasticsearch_logstash_filebeat_ilm_dlq"
            manage_template => false
            codec => json_lines
            cacert => "/etc/logstash/certs/elasticsearch-ca.pem"
            user => "logstash_internal"
            password => "supersecure"
            ssl => true
           index => "some-nice-index"
            # the elasticsearch ouptut plugin will loadbalance :D - IPs obfuscated
            hosts => [ "https://123.123.123.123:9200", "https://123.123.123.124:9200" ]
        }
}

I hope i didn't miss something - just copy&pasted it and removed a few lines

Craig2188 · November 11, 2020, 1:14pm

Hiya, thanks, I forgot to change host from HTTP to HTTPS, however still seem to be getting the same error as before. The output I have is:

output {
  elasticsearch {
    hosts => "https://10.10.10.10:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
	user => "${ES_USER}"
    password => "${ES_PWD}"
	ssl => true
	cacert => "D:\Logstash\logstash-7.9.2\config\certs\elasticsearch-ca.pem"
  }
}

Craig2188 · November 12, 2020, 9:09am

OK, looks like I got Logstash setup to go to Elasticsearch now:

[2020-11-12T09:05:57,230][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"https://logstash_internal:xxxxxx@10.10.10.10:9200/"}

system · December 10, 2020, 9:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.