Packetbeat error connecting to elasticsearch

hi everyone,

my elasticsearch server receives IPs dynamically from a DHCP server. my elastic server had an address of 192.168.100.116 when I installed it, the next day the address was changed to 192.168.100.126 and when I installed packetbeat on another server.
the problem started when I ran the command "./packetbeat.exe setup -e" and it showed me this error
error: [error connecting to elasticsearch at https: // 192.168. 100.126: 9200: Get "https:// 192. 168. 100. 126: 9200" x509: certificate is valid fr 192.168.100.116 ****not 192.168.100.126]

Hi @Syphax, Welcome to the community

The error is pretty clear .. .the cert for elasticsearch no longer matches its IP.

Whoever changed the elasticsearch IP address should have updated the certificate to match the IP.

A workaround in the packetbeat.yml in the elasticsearch.output section set the verification_mode

elasticsearch.output:
  ssl.verification_mode: none

This is a temp / slightly less secure the right thing to do is have your admin fix the elasticsearcbh cert, the mismatching IP is probably going to break other things as well.

Thank you @stephenb for your answer ,
the problem with the address is resolved but I do not receive information on the kibana dashboards, the dashboards are empty, yet the command below works without error.

I don't know if it's because of the config of the packetbeat.yml file :

packetbeat.interfaces.device: default_route

Hi,
Finally, I forgot to launch the service, that's why I don't get any results from Kibana.
the problem is solved,

thank you very much

1 Like