Private key issues connecting beats to logstash & elasticsearch

Hi all, I am writing to you because I am doing an installation of the suite ELK with Logstash elastic kibana et file beat. Only, during my SSL configuration for logstash I end up with this error " Private key cannot be read. Please confirm the user running Logstash has permissions to read: /etc/logstash/config/certs/logstash.pkcs8.key" for which I find no information on the internet and which blocks me in my advanced.
I thank you in advance for your answers and apologize for my English suck

Hi there!

I moved this to the Logstash topic since the configuration problem is in Logstash.

This error should mean that the file you set in Beats input plugin | Logstash Reference [7.15] | Elastic can't be read by logstash. I'd check the permissions on the file (ls -l) and make sure that the user running the logstash process can read the file.

Hi there !!! First thanks a lot for your quick reply. Actually I am stupid not to think of myself to check the access rights to the file via my terminal a simple chmod and the turn was play. However I am now with another mistake. I try to connect my winlogbeat agent present on my physical pc to my logstah server however I always find the same error " ERROR instance/beat.go:989 Exiting: couldn’t connect to any of the configured Elasticsearch hosts. Errors: [error connecting to
Elasticsearch at Get "": x509: certificate signed by unknown authority]". Do I have to import the certificates used for elastic and kibana on my host computer put them in a folder and indicate the path in my winlogbeat.yml? If yes, what are some of these things to take, and if not how? Thank you very much in advance for your answer mi bro
Best regards

That question is now about connecting winlogbeat to Elasticsearch, it has nothing to do with logstash. I suggest you ask in the beats forum.

Agreed. @K5SF , I've moved this to beats topic and updated the title to reflect the new issue.

x509: certificate signed by unknown authority means that winlogbeat doesn't know about the certificate authority that signed the certificate at

If you add the certificate authority to your beats configuration (output.elasticsearch.ssl.certificate_authorities as shown on Configure SSL | Filebeat Reference [7.15] | Elastic) that should allow beats to recognize the certificate.

You shouldn't have to add the CA file to your OS. Just telling beats where to find it on disk should be enough.

and you're quite welcome for the quick reply :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.