Hi all,
I'm new here and I have an issue with the configuration of my Windows machines sending logs to a Logstash server through Winlogbeat (for what I understand as I recovered this installation undocumented from a colleague who left the company).
The error I have on the client side is:
|2021-03-17T11:41:22.083+0100|ERROR|pipeline/output.go:100|Failed to connect to backoff(async(tcp://1.2.3.4:5044)): crypto/rsa: verification error|
|---|---|---|---|
|2021-03-17T11:41:22.083+0100|INFO|pipeline/output.go:93|Attempting to reconnect to backoff(async(tcp://1.2.3.4:5044)) with 20 reconnect attempt(s)|
The error I have on the server (among others):
Mar 17 11:20:32 syslog.domain.tld logstash[23278]: [2021-03-17T11:20:32,558][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:5044, remote: 1.2.3.5:64678] Handling exception: javax.net.ssl.SSLProtocolException: Received fatal alert: unexpected_message
My elastic stack is in version 6.6.0 and so does the Winlogbeat client.
I have the crypto/rsa: verification error
on another client that can communicate (badly, but that is another issue [of encoding] I will solve later), I guess it is because of the setting " ssl.verification_mode: "none"
. I copied/paste the winlogbeat.yml file and ssl folder from the working client to the non-working one unsuccessfully.
What other informations can be useful for you to help me understand where I did something wrong?
Thanks in advance anyway