Ssl connection between Filebeat and Logstash


#1

Hello,

When I am setting up the SSL connection between FIlebeat and Logstash, I got the following error:

2017-04-18T16:44:07,811][ERROR][logstash.inputs.beats ] Looks like you either have an invalid key or your private key was not in PKCS8 format. {:exception=>java.lang.IllegalArgumentException: File does not contain valid private key: /opt/app/logstash/ca/blth053.bhdc.att.com.key}

Here is the filebeat yaml file:
$ cat filebeat.yml
filebeat.prospectors:

  • input_type: log
    paths:
    • /var/log/httpd/access_log
      output.logstash:
      enabled: true
      hosts: ["logstash host:5044"]
      ssl.certificate_authorities: ["/opt/app/beats/filebeat/instances/instance name/etc/rootca.cer"]
      ssl.certificate: "/opt/app/beats/filebeat/instances/instance name/etc/filebeat host.cer"
      ssl.key: "/opt/app/beats/filebeat/instances/instance name/etc/filebeat host.key.nopass"
      min_version: '1.2'
      logging:
      files:
      path: /opt/app/beats/filebeat/instances/instance name/logs
      name: instance.log
      to_files: true
      to_syslog: false
      level: info

Here is the logstash conf file:

$ cat first.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/opt/app/logstash/ca/rootca.cer"]
ssl_certificate => "/opt/app/logstash/ca/logstash host.cer"
ssl_key => "/opt/app/logstash/ca/logstash host.key"
ssl_key_passphrase => "keypass"
tls_min_version => "1.2"
}
}
output {
elasticsearch {
hosts => [ "Eslaticsearch host:9200" ]
ssl => "true"
cacert => "/opt/app/logstash/ca/rootca.cer"
user => "admin"
password => "xxxxxxx"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

I wonder if anyone else has encountered this error.

Thanks!


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.