Logstash + SSL

Hey guys,
As soon as I add below three SSL* lines to the input section of logstash.conf, service gives me below error;

*[2020-09-28T12:19:05,245][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}*

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/certs/ca.crt"
    ssl_key => "/etc/logstash/certs/ca.key"
  }
}
output {
  elasticsearch {
    hosts => ["https://elk01:9200"]
    index => "%{[fields][environment_name]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    cacert => '/etc/logstash/certs/ca.crt'
    user => "elastic"
    password => ""
  }
}

If you enable log.level debug is there a message that says what the problem is? You may be hitting this issue.

Debug logs showing the private key issue. I have tried pkcs8.key but no luck.

openssl pkcs8 -in elk01.key -topk8 -out elk01-pkcs8.key -nocrypt

[2020-09-29T07:28:35,918][DEBUG][logstash.javapipeline    ][main] Pipeline terminated by worker error {:pipeline_id=>"main", :exception=>java.lang.IllegalArgumentException: File does not contain valid private key: /etc/logstash/certs/elk01.key, 

:backtrace=>"io.netty.handler.ssl.SslContextBuilder.keyManager(io/netty/handler/ssl/SslContextBuilder.java:350)",

That is not elk01-pkcs8.key

That log is before the pkcs file. Couldn't capture logs after I generated the pkcs file. It just won't generate debug logs at all. not sure why. The only thing I changed from yesterday is, password unprotected keystore to keep the passwords for logstash. I will try out in my other instance.

Is there any other way to configure beats to submit logs with authentication? Don't want anonymous injection.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.