I'm new here and I have an issue with the configuration of my Windows machines sending logs to a Logstash server through Winlogbeat (for what I understand as I recovered this installation undocumented from a colleague who left the company).
The error I have on the client side is:
|2021-03-17T11:41:22.083+0100|ERROR|pipeline/output.go:100|Failed to connect to backoff(async(tcp://220.127.116.11:5044)): crypto/rsa: verification error| |---|---|---|---| |2021-03-17T11:41:22.083+0100|INFO|pipeline/output.go:93|Attempting to reconnect to backoff(async(tcp://18.104.22.168:5044)) with 20 reconnect attempt(s)|
The error I have on the server (among others):
Mar 17 11:20:32 syslog.domain.tld logstash: [2021-03-17T11:20:32,558][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:5044, remote: 22.214.171.124:64678] Handling exception: javax.net.ssl.SSLProtocolException: Received fatal alert: unexpected_message
My elastic stack is in version 6.6.0 and so does the Winlogbeat client.
I have the
crypto/rsa: verification error on another client that can communicate (badly, but that is another issue [of encoding] I will solve later), I guess it is because of the setting "
ssl.verification_mode: "none". I copied/paste the winlogbeat.yml file and ssl folder from the working client to the non-working one unsuccessfully.
What other informations can be useful for you to help me understand where I did something wrong?
Thanks in advance anyway