Packetbeat will not GET Kibana HTTPS

Hello everyone,
I need help to figure-out the following problem to be fixed where the packetbeat won't start! :tired_face:

' ' '
packetbeat[523584]: Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to fails: fail to execute
' ' '
Where the
1- packetbeat test as follow:
' ' '
[root@centos8 ~]# packetbeat test config
Config OK
[root@centos8 ~]#
[root@mycentos8 ~]# packetbeat test output
parse url... OK
parse host... OK
dns lookup... OK
dial up... OK
security... WARN server's certificate chain verification is disabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.11.2
[root@mycentos8 ~]#
[root@mycentos8 ~]#
' ' '

Access the link
' ' '
' ' '

2- Packetbeat config

' ' '
host: ""
protocol: "https"
ssl.enabled: true
username: "kibanauser"
password: "password1"
server.ssl.enabled: true
server.ssl.certificate: /ca/packetbeatca/ca/ca.crt
server.ssl.key: /ca/packetbeatca/ca/ca.key
server.ssl.verification_mode: none
ssl.certificate_authorities: ["/ca/packetbeatca/ca/elastic-certificate-tool-autogenerated-ca.pem"]
' ' '

3- Kibana.yml
' ' '
server.port: 5601 ""
' ' '

From the machine that is running Packetbeat, can you try making a curl request to the Kibana Status API?

curl -s -v -u kibanauser:password1 ""

What does this return?


[quote="shaunak, post:2, topic:267210"]
`curl -s -v -u kibanauser:password1 ""`

Thank Shaunak
The return output is the following:

    # curl -s -v -u kibanauser:password1 ""
    *   Trying
    * TCP_NODELAY set
    * Connected to ( port 5601 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.3 (IN), TLS handshake, [no content] (0):
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    * TLSv1.3 (IN), TLS handshake, [no content] (0):
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    * TLSv1.3 (OUT), TLS alert, unknown CA (560):
    * SSL certificate problem: self signed certificate
    * Closing connection 0

Any luck?
if not, do you know best documents describe step-by-step installing certificates (not the online manual) for
1- Elastic - Kibana SSL
2- Packetbeat - Kibana SSL
Would shed the light on the certificate difference for each one?

Maybe this blog post can help? Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash | Elastic Blog



The problem is resolved.
The cause of the problem is the "kibana" user. The user privilege's can not run

packetbeat setup

To solve the problem: either use a different user i.e., "kibana_system" or add admin index privilege to the user.
All worked no error in getting Kibana version and dashboard created successfully

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.