Hello, so I use two listeners on my logstash setup.
Beats and TCP (using the plugin).
Beats works fine over TLS
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: logstash01.xx:5044
> User-Agent: curl/7.47.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host logstash01.xx left intact
However TCP fails?
ubuntu@gnt1-syslog01:/etc/rsyslog.d$ curl -v --cacert /etc/ssl/certs/globalsign_xxx.crt https://logstash01.xxx:10514
* Rebuilt URL to: https://xxx:10514/
* Trying xxx...
* Connected to logstash01.xxx (52.51.14.173) port 10514 (#0)
* found 3 certificates in /etc/ssl/certs/globalsign_xxx.crt
* found 695 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: The TLS connection was non-properly terminated.
* Closing connection 0
curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
Here is the logstash output for both:
input {
tcp {
port => 10514
type => "rsyslog"
ssl_enable => true
ssl_cert => "/etc/pki/logstash/globalsign_xxx.crt"
ssl_key => "/etc/pki/logstash/globalsign_xxx.key"
}
}
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/logstash/xxx.crt"
ssl_key => "/etc/pki/logstash/xxx.key"
}
}
The error I see from rsyslog is the same terminating error.