Regarding the logstash cacerts issue

Hi,
I am new to ELK. As i am using beats to send logs to logstash and then to elasticsearch but the issue is when i run the logstash as service then the status is running but when i went to logs of logstash it shows..

elasticsearch {
      # This setting must be a path
      # File does not exist or cannot be opened /etc/elasticsearch/certs/http_ca.crt
      cacert => "/etc/elasticsearch/certs/http_ca.crt"
      ...
    }
  }
[2024-03-22T12:24:05,276][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration.", 

But when i run the configration directly by using

sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/production_csv_config.conf 

it worked and logs are send to elasticsearch and every thing works fine.

So my main issue is to send the logs continually and i think it can only be done by service only.

I have also given the permission to certs.

This means that the user running logstash can not access this file.

When you run logstash as a service it runs using the logstash user, so the logstash user must have permissions on the path and the file, you need to fix your permissions, they are not correct.

This works because you are using sudo, so permissions will not be an issue, but you should avoid running logstash as the root user or with sudo, this can change the permissions of some files and make logstash to not work as a service until the permissions are fixed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.