SSL Authentication between beat agent and Logstash

radw · August 26, 2019, 9:55am

Hi all.
I'm trying to setup the SSL authentication between beats agents(Metricbeat, Filebeat etc) but I'm stuck!
I'm using the free/community edition of ELK stack, v6.8.2.

Logstash configuration file(logstash.yml):

path.data: /var/lib/logstash
config.reload.automatic: true
config.reload.interval: 10s
path.logs: /var/log/logstash
xpack.monitoring.elasticsearch.username: logstash_user
xpack.monitoring.elasticsearch.password: "logstash_password"
xpack.monitoring.elasticsearch.hosts: ["http://ES_IP:9200"]

Logstash input configuration:

input {
beats {
port => 5044
ssl => false
ssl_certificate => "/etc/logstash/ssl/logstash-remote.crt"
ssl_key => "/etc/logstash/ssl/logstash-remote.p8"
tls_min_version => '1' (added recently as I thought this was the issue)
cipher_suites => ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256- GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-CHACHA20-POLY1305', 'ECDHE-RSA-CHACHA20-POLY1305', 'E CDHE-PSK-CHACHA20-POLY1305', 'ECDHE-ECDSA-AES128-SHA', 'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA', 'E CDHE-RSA-AES128-SHA256', 'ECDHE-PSK-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-SHA', 'ECDHE-ECDSA-AES256-SHA384', 'E CDHE-RSA-AES256-SHA', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-PSK-AES256-CBC-SHA', 'AES128-GCM-SHA256', 'AES256-GCM- SHA384', 'AES128-SHA', 'AES128-SHA256', 'PSK-AES128-CBC-SHA', 'AES256-SHA', 'AES256-SHA256', 'PSK-AES256-CBC-S HA', 'DES-CBC3-SHA'] (added recently to remove any misunderstandings in the communication between the beat agent and logstash)
}
syslog {
}
}

Filebeat configuration(filebeat.yml):

filebeat.inputs:

type: log
enabled: false
paths:
- /var/log/.log
  fields:
  level: debug
  filebeat.config.modules:
  path: ${path.config}/modules.d/.yml
  reload.enabled: false
  setup.template.settings:
  index.number_of_shards: 3
  setup.kibana:

output.logstash:
hosts: ["localhost:5044"]
tls:
ssl.certificate_authorities: ["/etc/logstash/ssl/logstash-remote.crt"]
processors:

add_host_metadata: ~
add_cloud_metadata: ~

Altough I think I did everything right(according to elastic documentation), Logstash outputs this error message:

Caused by: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER

Any thoughts on this?
Thank you for any help!

system · September 23, 2019, 9:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat could not connect to logstash on SSL Beats filebeat	6	3854	November 30, 2018
Is it possible Mutual authentication between Logstash and Beats Beats	7	1864	January 5, 2020
How to set up mutual SSL authentication between an ELK server (Logstash) and a remote Filebeat server? Logstash	13	1380	June 11, 2019
How to configure SSL connection between Logstash and Filebeat Logstash	3	1474	March 9, 2018
Secure Communication Between Filebeat and Logstash Logstash	1	997	October 31, 2017

SSL Authentication between beat agent and Logstash

Related topics