Logstash to Elasticsearch over SSL Configuration

cm47 · October 13, 2017, 7:32pm

Hi, I am trying to achieve what is described in the title. I believe I have taken all steps for proper configuration but am receiving an error that seems like a connection is not being initiated through https.

Logstash output configuration:

output {
elasticsearch {
hosts => ["https://X.X.X.X:9200"]
ssl => true
cacert => '/etc/logstash/ca.pem'
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

Logstash config:

xpack.ssl.key: /etc/elasticsearch/x-pack/key.key
xpack.ssl.certificate: /etc/elasticsearch/x-pack/cert.crt
xpack.ssl.certificate_authorities: [ "/etc/elasticsearch/x-pack/ca/ca.crt" ]
xpack.security.http.ssl.enabled: true

Keys being used are generated by x-pack certgen.

Error is:
@output_class=LogStash::Outputs::ElasticSearch>", :error=>"Unrecognized SSL message, plaintext connection?"

Is there some URL configuration I have to change somewhere that I missed? Any ideas why I am getting this error? Its probably simple but I am fairly new to ELK so I appreciate any help!

Thanks!

magnusbaeck · October 17, 2017, 8:08pm

You have configured Logstash to use SSL when connecting, but have you configured ES to use SSL on port 9200?

cm47 · October 19, 2017, 9:49pm

I believe so. I followed instructions here: https://www.elastic.co/guide/en/x-pack/current/ssl-tls.html, just forgot to post elasticsearch.yml sorry. Do both transport and http ssl have to be enabled? I didnt enable transport since for now I am just testing this with one machine.

Could it be "elasticsearch.url" parameter in kibana.yml? I figured it was fine to leave this as http since the error is in logstash not kibana (although I suppose it should be https because it will probably lead to issues with kibana down the road).

system · November 16, 2017, 9:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.