Logstash.service unable to access Keystore

marmai16 · February 19, 2024, 5:20pm

Hello everyone,

while trying to setup a test Logstash instance, i struggle to get it running.
The following error appears, viewable via journalctl:

ERROR: Failed to load settings file from "path.settings". Aborting... path.setting=/etc/logstash, exception=Java::OrgLogstashSecretStore::SecretStoreException::AccessException, message=>Can not access Logstash keystore at /etc/logstash/logstash.keystore. Please verify correct file permissions and keystore password.

I already went through the available topics here and other resources dealing with the same issue, which unfortunately did not help to resolve the issue.

The interesting aspect is that even when the keystore is password-less and with most open permissions, the error remains.

SSL communication to elasticsearch is intended, certs are in the correct place, relevant passwords are in the keystore and the logstash.yml is adjusted accordingly.

Maybe someone can help out. Thank you all!

intrepid1 · February 19, 2024, 6:08pm

Hi there,

In the past I have had issues with keystores and the reason for this was that I wasn't specifying the path.settings when it was created.

Did you specify this when you created the keystore?

Rios · February 20, 2024, 5:49am

The user doesn't have permissions to path.setting=/etc/logstash
How do you run LS, as a process or as a systemctl service?

marmai16 · February 20, 2024, 8:30am

I provided the path.settings while creating the keystore.
The keystore was generated with the following command:

sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create

Still, thank you!

marmai16 · February 20, 2024, 8:36am

I'm running LS as a systemctl service which is launched via sudo.

intrepid1 · February 20, 2024, 9:00am

Hi there,

One other point. When adding passwords, remember to add the path to settings to the command.

Rios · February 20, 2024, 11:46am

The most likely your OS and user accounts have restrictions.
The /etc/logstash/ is normally owned by root:root. Additionally, systemctl run LS as the "logstash" user which reads config path -> /etc/logstash/.

Check permissions on the config directory and logstash.keystore
If 1. doesn't work, test purpose set different user in: /usr/lib/systemd/system/logstash.service and run the service again.

leandrojmp · February 20, 2024, 11:48am

Are you running logstash as a service?

The logstash service runs with the logstash user, you need to make share that this user can read the permissions of the logstash.keystore file.

What are the permissions for this file?

system · March 19, 2024, 11:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.