Logstash https plugin not working

rajkumar.m · July 23, 2020, 6:28pm

Hi Team,

I am unable to send data with logstash plugin https, someone please help me.
I can send data with http without security successfully, but when try to enable ssl, it is failing,

please find the below command syntax and configuration and advise

curl -v -H 'content-type: application/json' --cacert /path/to/cert.pem -XPUT 'https://logstashnode:XXXX/_bulk' -d @/path/to/test.json

About to connect() to logstashnode port XXXX (#0)
Trying XX.XX.XX.XX ... connected
Connected to logstashnode (XX.XX.XX.XX) port XXXX (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /path/to/cert/abc.pem
CApath: none
NSS error -5961
Closing connection #0
SSL connect error
curl: (35) SSL connect error

Below is my plugin configuration:

input {
       http {
             port => XXXX
             user => XXXXX
             password => "XXXXXX"
             codec => json
             ssl => true
             keystore => "/path/XXXXXXXX.jks" 
             keystore_password => "XXXXX"
       }
}
`````````````````````

Badger · July 23, 2020, 6:46pm

-5961L is "TCP connection reset by peer". It is unclear why the http input would do that.

rajkumar.m · July 23, 2020, 7:00pm

If I use http without ssl, it is working fine.
but it is failing only if i use https with ssl. Please advise

Badger · July 23, 2020, 7:09pm

Does logstash log anything when it drops the connection?

rajkumar.m · July 23, 2020, 7:20pm

No messages found in logstash log file.

I have removed user section and updated like below, but still it is not working.
working only when i disable ssl.

input {
http {
port => XXXX
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}

Badger · July 23, 2020, 7:34pm

Can you try replacing keystore/keystore_password with ssl_certificate (.crt format) and ssl_key (PKCS8 format)?

rajkumar.m · July 23, 2020, 7:42pm

I found the below error in logstash and not able to start it.

[ERROR][logstash.inputs.http ] Unknown setting 'ssl_certificate' for http
[ERROR][logstash.inputs.http ] Unknown setting 'ssl_key' for http

But the below configuration is working for filebeat.

input {
        beats {
                port=> XXXX
                ssl => true
                ssl_certificate => "/path/to/xxx.crt"
                ssl_key => "/path/to.xxx.pkcs8"
        }
}

Badger · July 23, 2020, 8:05pm

Which version of logstash are you using?

Can you confirm the keystore includes the private key and not just the certificate?

Sreekanth_Ragi · July 24, 2020, 3:35pm

Yes please confirm the logstash version and looking at the documentation here
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html

You should be replacing beats with http.

rajkumar.m · July 24, 2020, 5:45pm

Issue got resolved after fixing the jks file passwd,
I am using logstash 5.6 Version and below is the config that worked,

Thanks Badger & Sreekanth for your help !!

input {
http {
port => XXXX
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}

system · August 21, 2020, 5:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.