Hi Team,
I am unable to send data with logstash plugin https, someone please help me.
I can send data with http without security successfully, but when try to enable ssl, it is failing,
please find the below command syntax and configuration and advise
curl -v -H 'content-type: application/json' --cacert /path/to/cert.pem -XPUT 'https://logstashnode :XXXX/_bulk' -d @/path/to/test.json
About to connect() to logstashnode port XXXX (#0 )
Trying XX.XX.XX.XX ... connected
Connected to logstashnode (XX.XX.XX.XX) port XXXX (#0 )
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /path/to/cert/abc.pem
CApath: none
NSS error -5961
Closing connection #0
SSL connect error
curl: (35) SSL connect error
Below is my plugin configuration:
input {
http {
port => XXXX
user => XXXXX
password => "XXXXXX"
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}
`````````````````````
Badger
July 23, 2020, 6:46pm
2
-5961L is "TCP connection reset by peer". It is unclear why the http input would do that.
If I use http without ssl, it is working fine.
but it is failing only if i use https with ssl. Please advise
Badger
July 23, 2020, 7:09pm
4
Does logstash log anything when it drops the connection?
No messages found in logstash log file.
I have removed user section and updated like below, but still it is not working.
working only when i disable ssl.
input {
http {
port => XXXX
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}
Badger
July 23, 2020, 7:34pm
6
Can you try replacing keystore/keystore_password with ssl_certificate (.crt format) and ssl_key (PKCS8 format)?
I found the below error in logstash and not able to start it.
[ERROR][logstash.inputs.http ] Unknown setting 'ssl_certificate' for http
[ERROR][logstash.inputs.http ] Unknown setting 'ssl_key' for http
But the below configuration is working for filebeat.
input {
beats {
port=> XXXX
ssl => true
ssl_certificate => "/path/to/xxx.crt"
ssl_key => "/path/to.xxx.pkcs8"
}
}
Badger
July 23, 2020, 8:05pm
8
Which version of logstash are you using?
Can you confirm the keystore includes the private key and not just the certificate?
Yes please confirm the logstash version and looking at the documentation here
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html
You should be replacing beats with http.
Issue got resolved after fixing the jks file passwd,
I am using logstash 5.6 Version and below is the config that worked,
Thanks Badger & Sreekanth for your help !!
input {
http {
port => XXXX
codec => json
ssl => true
keystore => "/path/XXXXXXXX.jks"
keystore_password => "XXXXX"
}
}
system
(system)
Closed
August 21, 2020, 5:48pm
11
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.