Hi all.
I'm trying to setup the SSL authentication between beats agents(Metricbeat, Filebeat etc) but I'm stuck!
I'm using the free/community edition of ELK stack, v6.8.2.
Logstash configuration file(logstash.yml):
path.data: /var/lib/logstash
config.reload.automatic: true
config.reload.interval: 10s
path.logs: /var/log/logstash
xpack.monitoring.elasticsearch.username: logstash_user
xpack.monitoring.elasticsearch.password: "logstash_password"
xpack.monitoring.elasticsearch.hosts: ["http://ES_IP:9200"]
Logstash input configuration:
input {
beats {
port => 5044
ssl => false
ssl_certificate => "/etc/logstash/ssl/logstash-remote.crt"
ssl_key => "/etc/logstash/ssl/logstash-remote.p8"
tls_min_version => '1' (added recently as I thought this was the issue)
cipher_suites => ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256- GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-CHACHA20-POLY1305', 'ECDHE-RSA-CHACHA20-POLY1305', 'E CDHE-PSK-CHACHA20-POLY1305', 'ECDHE-ECDSA-AES128-SHA', 'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA', 'E CDHE-RSA-AES128-SHA256', 'ECDHE-PSK-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-SHA', 'ECDHE-ECDSA-AES256-SHA384', 'E CDHE-RSA-AES256-SHA', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-PSK-AES256-CBC-SHA', 'AES128-GCM-SHA256', 'AES256-GCM- SHA384', 'AES128-SHA', 'AES128-SHA256', 'PSK-AES128-CBC-SHA', 'AES256-SHA', 'AES256-SHA256', 'PSK-AES256-CBC-S HA', 'DES-CBC3-SHA'] (added recently to remove any misunderstandings in the communication between the beat agent and logstash)
}
syslog {
}
}
Filebeat configuration(filebeat.yml):
filebeat.inputs:
- type: log
enabled: false
paths:- /var/log/.log
fields:
level: debug
filebeat.config.modules:
path: ${path.config}/modules.d/.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
- /var/log/.log
output.logstash:
hosts: ["localhost:5044"]
tls:
ssl.certificate_authorities: ["/etc/logstash/ssl/logstash-remote.crt"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
Altough I think I did everything right(according to elastic documentation), Logstash outputs this error message:
Caused by: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
Any thoughts on this?
Thank you for any help!