Logstash is complaining about the path of the certificates


(Peter) #1

Hello, I am running the latest version of logstash 2.1 and I have configured the certificates as it:

beats {
    port => 5044
    type => "logs"
    ssl => "true"
    ssl_certificate => "/etc/letsencrypt/live/core.z0z0.tk/cert.pem"
    ssl_key => "/etc/letsencrypt/live/core.z0z0.tk/privkey.pem"
}

I have run the logstash with test-check option and it was all good but when I start the logstash I get the following in the logstash.log

{:timestamp=>"2016-01-09T11:05:31.913000+0000", :message=>"Invalid setting for beats input plugin:\n\n  input {\n    beats {\n      # This setting must be a path\n      # File does not exist or cannot be opened /etc/letsencrypt/live/core.z0z0.tk/cert.pem\n      ssl_certificate => \"/etc/letsencrypt/live/core.z0z0.tk/cert.pem\"\n      ...\n    }\n  }", :level=>:error}
{:timestamp=>"2016-01-09T11:05:31.939000+0000", :message=>"Invalid setting for beats input plugin:\n\n  input {\n    beats {\n      # This setting must be a path\n      # File does not exist or cannot be opened /etc/letsencrypt/live/core.z0z0.tk/privkey.pem\n      ssl_key => \"/etc/letsencrypt/live/core.z0z0.tk/privkey.pem\"\n      ...\n    }\n  }", :level=>:error}
{:timestamp=>"2016-01-09T11:05:32.000000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2016-01-09T11:05:32.007000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}

If I run the startup command as root from cli then logstash starts without any issue.

Anyone can suggest me a solution for this issue?

Regards,
Peter


(Magnus B├Ąck) #2

Apparently the logstash user (or whatever user you normally run Logstash as) doesn't have permissions to read the certificate and key files.


(Peter) #3

Copied the certificate to the logstash config folder and it works. Thanks for the help.


(system) #4