Logstash tcp input with tls stops responding

I have fluentd 1.0 sending events to logstash 6.2.3 containers using tls.
After a while (could be a few minutes or hours) logstash stops responding to some requests on tcp port 4000 then it stops responding completely.

Theres ssl errors like these in the log (log.level trace):

[2018-10-02T15:58:50,069][DEBUG][logstash.inputs.tcp ] SSL Error {:exception=>#<OpenSSL::SSL::SSLError: Socket closed>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:283:in accept'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/jopenssl23/openssl/ssl.rb:405:in accept'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.0.3-java/lib/logstash/inputs/tcp.rb:203:in run_ssl_server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-tcp-5.0.3-java/lib/logstash/inputs/tcp.rb:152:in run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:516:in inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:509:in block in start_input'"]}

tcp input:

input {
  tcp {
    port => 4000
    codec => fluent
    ssl_enable => true
    ssl_cert => "/etc/server.crt"
    ssl_key => "/etc/server.key"
    ssl_verify => false
    tags => [ "fluentd" ]

output {

  stdout {
    codec => rubydebug {
      metadata => true

  elasticsearch {
    user => logstash
    password => logstash
    hosts => "elasticsearch:9200"
    manage_template => false
    index => "logstash-test"


I found a workaround for this by disabling ssl in logstash and using nginx as ssl termination.
Seems like logstash tcp input has some problem with tls (the same certs worked great with the filebeat input).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.