Hello,
Set up LS w/ x-pack on a 2 node TLS ES/Kibana windows cluster. ES and Kibana are running fine at this point.
logstash.yml file:
node.name: logstash.local
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 'changeme'
xpack.monitoring.elasticsearch.url: https://node1.local:9200
xpack.monitoring.elasticsearch.ssl.ca: config\certs\ca.crt
example.conf file:
input {
beats {
port => 5044
ssl => true
ssl_key => 'config\certs\logstash.pkcs8.key'
ssl_certificate => 'config\certs\logstash.crt'
}
}
output {
elasticsearch {
hosts => ["https://node1.local:9200","https://node2.local:9201"]
cacert => 'config\certs\ca.crt'
user => 'logstash_writer'
password => 'hK6U3$#4fw$3iDBcQizU'
index => 'logstash-%{+YYYY.MM.dd}'
}
}
command executed:
λ bin\logstash -f config\example.conf
Results from that command:
"Cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
is not available"
Full error:
[2018-01-30T06:57:03,455][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::Beats port=>5044, ssl=>true, ssl_key=>"config\\certs\\logstash.pkcs8.key", ssl_certificate=>"config\\certs\\logstash.crt", cipher_suites=>["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"], id=>"82d74e72b2779eaa4f85569a601be13265f67f71250ea261137809ec87e4053d", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_d9986fb7-5ae0-45ce-a914-ff94d0e1e669", enable_metric=>true, charset=>"UTF-8">, host=>"0.0.0.0", ssl_verify_mode=>"none", include_codec_tag=>true, ssl_handshake_timeout=>10000, tls_min_version=>1, tls_max_version=>1.2, client_inactivity_timeout=>60, executor_threads=>32>", :error=>"Cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
is not available", :thread=>"#<Thread:0x1763854 run>"}
[2018-01-30T06:57:04,252][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<LogStash::ConfigurationError: Cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
is not available>, :backtrace=>["C:/tmp/cert_blog/logstash-6.1.2/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.6-java/lib/logstash/inputs/beats.rb:170:in create_server'", "C:/tmp/cert_blog/logstash-6.1.2/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.6-java/lib/logstash/inputs/beats.rb:158:in
register'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:343:in register_plugin'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:354:in
block in register_plugins'", "org/jruby/RubyArray.java:1734:in each'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:354:in
register_plugins'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:510:in start_inputs'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:401:in
start_workers'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:288:in run'", "C:/tmp/cert_blog/logstash-6.1.2/logstash-core/lib/logstash/pipeline.rb:248:in
block in start'"], :thread=>"#<Thread:0x1763854 run>"}
[2018-01-30T06:57:04,268][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: LogStash::PipelineAction::Create/pipeline_id:main, action_result: false", :backtrace=>nil}
I tried adding the cipher to the conf file but that didn't work either.
More googling ahead I suppose.
Thank you,
Stephen