Lumberjack fails afeter updating to 7.5.2


After updating ELK stack from 7.4.2 to 7.5.2 lumberjack communication stopped working appropriately. Other kind of communications still works (i.e syslog). A simplified overview of my architecture:

subsidiary_beat’s à subsidiary_logstash à Internet à holding_logstash à holding_elasticsearch

Other kind of communications still works appropriately. For instance, on subsidiary_logstash I deployed an agent that fetches events from a cloud provider and forwards it through syslog to honding_logstash.

Some information:

  • First I updated Elasticsearch, then Kibana, finally Logstash;
  • Before the update I did not have any issues with lumberjack or any kind of event/communication;
  • Subsidiary_logstash OS is Ubuntu server 18.04
  • Holding_logstash OS is Oracle Linux 7.7
  • All logstash OS are updated;
  • Those logstash do not run over/on docker
  • I did an fresh installation of holding_logstash and still no success;

The annoying and disturbing error message displayed in holding_logstash is:

"[2020-01-28T16:04:40,847][INFO ][] [local:, remote:] Handling exception: error:100000b8:SSL routines:OPENSSL_internal:NO_SHARED_CIPHER"

I solved it.


input {
beats {
id => "siem-tvg-winlogbeat-01"
codec => json
port => 8043
ssl => true
ssl_certificate => "/etc/logstash/conf.d/lumberjack.cert"
ssl_key => "/etc/logstash/conf.d/lumberjack.key"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.