SSL Authentication between beat agent and Logstash

Elastic Stack Logstash
1

Hi all.
I'm trying to setup the SSL authentication between beats agents(Metricbeat, Filebeat etc) but I'm stuck!
I'm using the free/community edition of ELK stack, v6.8.2.

Logstash configuration file(logstash.yml):

path.data: /var/lib/logstash
config.reload.automatic: true
config.reload.interval: 10s
path.logs: /var/log/logstash
xpack.monitoring.elasticsearch.username: logstash_user
xpack.monitoring.elasticsearch.password: "logstash_password"
xpack.monitoring.elasticsearch.hosts: ["http://ES_IP:9200"]

Logstash input configuration:

input {
beats {
port => 5044
ssl => false
ssl_certificate => "/etc/logstash/ssl/logstash-remote.crt"
ssl_key => "/etc/logstash/ssl/logstash-remote.p8"
tls_min_version => '1' (added recently as I thought this was the issue)
cipher_suites => ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256- GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-CHACHA20-POLY1305', 'ECDHE-RSA-CHACHA20-POLY1305', 'E CDHE-PSK-CHACHA20-POLY1305', 'ECDHE-ECDSA-AES128-SHA', 'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA', 'E CDHE-RSA-AES128-SHA256', 'ECDHE-PSK-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-SHA', 'ECDHE-ECDSA-AES256-SHA384', 'E CDHE-RSA-AES256-SHA', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-PSK-AES256-CBC-SHA', 'AES128-GCM-SHA256', 'AES256-GCM- SHA384', 'AES128-SHA', 'AES128-SHA256', 'PSK-AES128-CBC-SHA', 'AES256-SHA', 'AES256-SHA256', 'PSK-AES256-CBC-S HA', 'DES-CBC3-SHA'] (added recently to remove any misunderstandings in the communication between the beat agent and logstash)
}
syslog {
}
}

Filebeat configuration(filebeat.yml):

filebeat.inputs:

  • type: log
    enabled: false
    paths:
    • /var/log/.log
      fields:
      level: debug
      filebeat.config.modules:
      path: ${path.config}/modules.d/      .yml
      reload.enabled: false
      setup.template.settings:
      index.number_of_shards: 3
      setup.kibana:

output.logstash:
hosts: ["localhost:5044"]
tls:
ssl.certificate_authorities: ["/etc/logstash/ssl/logstash-remote.crt"]
processors:

  • add_host_metadata: ~
  • add_cloud_metadata: ~

Altough I think I did everything right(according to elastic documentation), Logstash outputs this error message:

Caused by: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER

Any thoughts on this?
Thank you for any help!

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.