Logstash output to https

elitzur_e · August 24, 2015, 12:39pm

Hi. been looking a while for some answer about this.
is there support for output to https?
this is my output:
}
http{
url => "https://****/service.svc/log"
http_method =>"post"
}

im running logstash on windows.
i keep getting this error:

1da3024133a" @version=1.1 @port=443 @protocol="https" >, :response=>nil, :excep**
ion=>OpenSSL::SSL::SSLError: An existing connection was forcibly closed by th
remote host>, :stacktrace=>["org/jruby/ext/openssl/SSLSocket.java:195:in conn** **ct_nonblock'", "C:/logstash/install/vendor/bundle/jruby/1.9/gems/ftw-0.0.44/lib** **ftw/connection.rb:413:indo_secure'"

is there an official support for https? what am i doing worng?

thanks

warkolm · August 24, 2015, 10:33pm

We do support HTTPS, can you provide the full error you are seeing?

What version are you on?

elitzur_e · August 25, 2015, 8:52am

here is my full log (sorry for the format is from console:

←[33mUnhandled exception {:request=><FTW::Request(@13468) @headers=FTW::HTTP::He
aders <{"host"=>"taasukaesb.ewavetest.co.il", "connection"=>"keep-alive", "conte
nt-type"=>"application/json", "content-length"=>517}> @method="POST" @body="{\"A
ctivityTime\":\"2015-08-25T08:48:11.691Z\",\"LogType\":\"Info\",\"ServiceName\":
\"Portal.Nlog2Esbtest\",\"Context\":\"Portal\",\"UserId\":\"8664e362-f63d-4d10-8
a23-3b86b9f22cc7\",\"LogSubType\":\"Info\",\"TransactionCode\":\"5d14a403-a566-4
9ab-b8bc-a40c999eebe5\",\"Servers\":\"SlavaNili\",\"ServiceId\":\"8664e362-f63d-
4d10-8a23-3b86b9f22cc7\",\"RequestIPs\":\"172.19.5.8\",\"EntityClass\":\" \",\"M
ethods\":\"Button2_Click\",\"SourceFilePath\":\" \",\"SourceLineNum\":34,\"Title
\":\"TEST INFO\",\"Details\":\"this is a test to tell that something happend, bu
t its cool..\"}" @logger=#<Cabin::Channel:0xd0816b0 @metrics=#<Cabin::Metrics:0x
192e6ba1 @metrics_lock=#<Mutex:0x306a119a>, @metrics={}, @channel=#<Cabin::Chann
el:0xd0816b0 ...>>, @subscriber_lock=#<Mutex:0x7fd74c77>, @level=:info, @subscri
bers={}, @data={}> @request_uri="/TaasukaService.svc/TransactionLog/CreateJson?C
ontext=Portal&UserToken=a441b37f-3403-43fd-8f58-d1da3024133a" @version=1.1 @port
=443 @protocol="https" >, :response=>nil, :exception=>#<OpenSSL::SSL::SSLError:
An existing connection was forcibly closed by the remote host>, :stacktrace=>["o
rg/jruby/ext/openssl/SSLSocket.java:195:in `connect_nonblock'", "C:/logstash/ins
tall/vendor/bundle/jruby/1.9/gems/ftw-0.0.44/lib/ftw/connection.rb:413:in `do_se
cure'", "C:/logstash/install/vendor/bundle/jruby/1.9/gems/ftw-0.0.44/lib/ftw/con
nection.rb:393:in `secure'", "C:/logstash/install/vendor/bundle/jruby/1.9/gems/f
tw-0.0.44/lib/ftw/agent.rb:449:in `connect'", "C:/logstash/install/vendor/bundle
/jruby/1.9/gems/ftw-0.0.44/lib/ftw/agent.rb:283:in `execute'", "C:/logstash/inst
all/vendor/bundle/jruby/1.9/gems/logstash-output-http-1.0.0/lib/logstash/outputs
/http.rb:126:in `receive'", "C:/logstash/install/vendor/bundle/jruby/1.9/gems/lo
gstash-core-1.5.3-java/lib/logstash/outputs/base.rb:88:in `handle'", "(eval):83:
in `output_func'", "C:/logstash/install/vendor/bundle/jruby/1.9/gems/logstash-co
re-1.5.3-java/lib/logstash/pipeline.rb:244:in `outputworker'", "C:/logstash/inst
all/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.3-java/lib/logstash/pipeline.
rb:166:in `start_outputs'"], :level=>:warn}←[0m

im using logstash 1.5.3

elitzur_e · August 26, 2015, 10:07am

sorry for bumping. but we could realy use some help on this topic. any new ideas. did the logs i posed give a hint?

Joshua_Rich · August 27, 2015, 2:54am

Are you able to connect to the remote host/port outside of Logstash? For example does the following command work:

openssl s_client -connect host:port

elitzur_e · August 27, 2015, 8:57am

this is from the openssl:
SSL handshake has read 3465 bytes and written 499 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 403E000061C1DC3A047826246F9CF58E0E9012AE4F11D6DCF8A6D84993EE0487

Session-ID-ctx:
Master-Key: 56469360AD27C5C5C2B2EFCBF75C24EB6B26B66D05A347E2B89CBC715F97B3FB
6C9432774900D152509CCC32A7147A74
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1440667749
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)

at the destenation server i new see in the event viewer (windows server)
this error:
An TLS 1.1 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Joshua_Rich · August 28, 2015, 3:36am

Is your server expecting a client certificate?

elitzur_e · August 30, 2015, 9:12am

nope. it does not.

elitzur_e · September 6, 2015, 12:05pm

any1?

Topic		Replies	Views
Logstash to Splunk Logstash	1	384	November 24, 2021
SSL Error when using SSL with TCP output plugin Logstash	2	1115	June 18, 2019
Logstash Output Websocket with SSL Logstash	1	557	February 5, 2018
Logstash (http output plugin) to logstash (http inout plugin) Logstash	1	407	August 28, 2018
Need help to configure http output plugin for https Logstash	2	275	July 7, 2022

Logstash output to https

6C9432774900D152509CCC32A7147A74 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1440667749 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)

Related topics

6C9432774900D152509CCC32A7147A74
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1440667749
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)