Logstash + SSL

Elastic Stack Logstash
1

Hey guys,
As soon as I add below three SSL* lines to the input section of logstash.conf, service gives me below error;

*[2020-09-28T12:19:05,245][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}*

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/certs/ca.crt"
    ssl_key => "/etc/logstash/certs/ca.key"
  }
}
output {
  elasticsearch {
    hosts => ["https://elk01:9200"]
    index => "%{[fields][environment_name]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    cacert => '/etc/logstash/certs/ca.crt'
    user => "elastic"
    password => ""
  }
}
2

If you enable log.level debug is there a message that says what the problem is? You may be hitting this issue.

3

Debug logs showing the private key issue. I have tried pkcs8.key but no luck.

openssl pkcs8 -in elk01.key -topk8 -out elk01-pkcs8.key -nocrypt

[2020-09-29T07:28:35,918][DEBUG][logstash.javapipeline    ][main] Pipeline terminated by worker error {:pipeline_id=>"main", :exception=>java.lang.IllegalArgumentException: File does not contain valid private key: /etc/logstash/certs/elk01.key,

:backtrace=>"io.netty.handler.ssl.SslContextBuilder.keyManager(io/netty/handler/ssl/SslContextBuilder.java:350)",

4

That is not elk01-pkcs8.key :smiley:

5

That log is before the pkcs file. Couldn't capture logs after I generated the pkcs file. It just won't generate debug logs at all. not sure why. The only thing I changed from yesterday is, password unprotected keystore to keep the passwords for logstash. I will try out in my other instance.

Is there any other way to configure beats to submit logs with authentication? Don't want anonymous injection.