Logstash TCP input SSL connection failing without closing due reason

ThorNicolai · October 23, 2025, 3:23pm

Dear members of the forum,

I have been struggling to get a connection working regarding incoming TCP SSL data.
We are running an Ubuntu server with Logstash, we have multiple pipelines running, but this specific one would require a 3rd-Party to send data over the internet.
Therefore we require a SSL Setup, since we don't want unencrypted data over the internet.

Logstash version: 8.13.4
Ubuntu version: 20.04

Currently the pipeline looks like this:

input {
  tcp {
      port => 6514
      ssl_enabled => true
      ssl_certificate => "/etc/logstash/certs/cert.pem"
      ssl_key => "/etc/logstash/certs/cert-key.pem"
      ssl_certificate_authorities => ["/etc/logstash/certs/ca-chain.crt"]
    }
}
filter {
    mutate {
        add_tag => [
            "3rd-PartyName"
        ]
    }
}
output {
    microsoft-sentinel-log-analytics-logstash-output-plugin {
        create_sample_file => true
        sample_file_path => "/tmp"
    }
}

My pipeline starts correctly without any errors.

To ensure that there are no network connectivity issues, prior to trying the logstash pipeline, we have performed a manual TLS handshake using openssl client & server commands, using the exact certificates we are referencing in the pipeline. This connectivity was succesful and to my knowledge guarantees that all requirements are in place?

On our side, we used below command to 'listen' using openssl:

sudo openssl s_server -port 6514 -cert /etc/logstash/certs/secomea.pem -key /etc/logstash/certs/secomea-key.pem -msg

Whenever the 3rd-party is attempting a manual SSL connection once the pipeline has started, all I see on the pipeline journalctl is this error:

Oct 23 12:36:40 vminfsysslp04 logstash[1356717]: [2025-10-23T12:36:40,555][ERROR][logstash.inputs.tcp ][3rd-Party] 38ba3a4bb2e126e127ee03e6f2b6cd7c4a9656533a06f90908323512dd0e19d6] 10.4.100.134:3283 0: closing due:

This does look like there is an error, but there is no reason given.
I assume it is certificate related, but I am unsure.

Tested steps, but no results:

I have seen that there are attempts to connect in tcpdump
I see there are some retries in the journalctl logs
We have ran the pipeline using "ssl_certificate_authorities", but also without this parameter, but this didn't make a difference.

What other information am I missing to make this pipeline function correctly using SSL?

Topic		Replies	Views
Logstash tcp input with tls stops responding Logstash	2	551	November 2, 2018
SSL Error when using SSL with TCP output plugin Logstash	2	1153	June 18, 2019
Logstash TCP SSL Certificate Error Logstash	3	1528	July 6, 2017
Logstash 2.0.0 SSLError: Socket closed Logstash	4	1434	July 6, 2017
Logstash-tcp TLS not terminating correctly Logstash	2	1299	August 11, 2017

Logstash TCP input SSL connection failing without closing due reason

Related topics