Logstash to Elasticsearch over SSL Configuration

(Conor M) #1

Hi, I am trying to achieve what is described in the title. I believe I have taken all steps for proper configuration but am receiving an error that seems like a connection is not being initiated through https.

Logstash output configuration:

output {
elasticsearch {
hosts => ["https://X.X.X.X:9200"]
ssl => true
cacert => '/etc/logstash/ca.pem'
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"

Logstash config:

xpack.ssl.key: /etc/elasticsearch/x-pack/key.key
xpack.ssl.certificate: /etc/elasticsearch/x-pack/cert.crt
xpack.ssl.certificate_authorities: [ "/etc/elasticsearch/x-pack/ca/ca.crt" ]
xpack.security.http.ssl.enabled: true

Keys being used are generated by x-pack certgen.

Error is:
@output_class=LogStash::Outputs::ElasticSearch>", :error=>"Unrecognized SSL message, plaintext connection?"

Is there some URL configuration I have to change somewhere that I missed? Any ideas why I am getting this error? Its probably simple but I am fairly new to ELK so I appreciate any help!


(Magnus B├Ąck) #2

You have configured Logstash to use SSL when connecting, but have you configured ES to use SSL on port 9200?

(Conor M) #3

I believe so. I followed instructions here: https://www.elastic.co/guide/en/x-pack/current/ssl-tls.html, just forgot to post elasticsearch.yml sorry. Do both transport and http ssl have to be enabled? I didnt enable transport since for now I am just testing this with one machine.

Could it be "elasticsearch.url" parameter in kibana.yml? I figured it was fine to leave this as http since the error is in logstash not kibana (although I suppose it should be https because it will probably lead to issues with kibana down the road).

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.