I have a problem with the beat input in logstash.
When i starting logstash, the beat input has an error with the cipher.
This is the error in log : Pipeline aborted due to error {:exception=>#LogStash::ConfigurationError: Cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is not available>, ...
This my Logstash and java version :
logstash 5.0.2
jruby 1.7.25 (1.9.3p551) 2016-04-13 867cb81 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_77-b02 +jit [linux-amd64]
java 1.8.0_77 (Oracle Corporation)
jvm Java HotSpot(TM) 64-Bit Server VM / 25.77-b02
Running logstash in debug mode, I get the following:
[DEBUG][io.netty.handler.ssl.OpenSsl] Failed to load netty-tcnative; OpenSslEngine will be unavailable, unless the application has already loaded the symbols by some other means. See http://netty.io/wiki/forked-tomcat-native.html for more information.
java.lang.IllegalArgumentException: Failed to load any of the given libraries: [netty-tcnative-linux-x86_64, netty-tcnative-linux-x86_64-fedora, netty-tcnative]
I can't seem to find any of those libraries for CentOS 7
Had this issue with a system, and found the problem was /tmp was mounted with noexec option.
Removing the noexec option and rebooting fixed the issue on my system.
It looks like logstash puts a copy of the libnetty-tcnative dynamic library so in /tmp and tries to load it from there which the noexec option blocks. Loading code from /tmp seems like a security risks.
EDIT: the code putting the library in TMP is in netty which is used by logstash.
EDIT 2: maybe the tmp path can be made more sane in logstash's jvm.options file by adding a line
-Dio.netty.native.workdir=some path
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.