Hello,
When I am setting up the SSL connection between FIlebeat and Logstash, I got the following error:
2017-04-18T16:44:07,811][ERROR][logstash.inputs.beats ] Looks like you either have an invalid key or your private key was not in PKCS8 format. {:exception=>java.lang.IllegalArgumentException: File does not contain valid private key: /opt/app/logstash/ca/blth053.bhdc.att.com.key}
Here is the filebeat yaml file:
$ cat filebeat.yml
filebeat.prospectors:
- input_type: log
paths:- /var/log/httpd/access_log
output.logstash:
enabled: true
hosts: ["logstash host:5044"]
ssl.certificate_authorities: ["/opt/app/beats/filebeat/instances/instance name/etc/rootca.cer"]
ssl.certificate: "/opt/app/beats/filebeat/instances/instance name/etc/filebeat host.cer"
ssl.key: "/opt/app/beats/filebeat/instances/instance name/etc/filebeat host.key.nopass"
min_version: '1.2'
logging:
files:
path: /opt/app/beats/filebeat/instances/instance name/logs
name: instance.log
to_files: true
to_syslog: false
level: info
- /var/log/httpd/access_log
Here is the logstash conf file:
$ cat first.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/opt/app/logstash/ca/rootca.cer"]
ssl_certificate => "/opt/app/logstash/ca/logstash host.cer"
ssl_key => "/opt/app/logstash/ca/logstash host.key"
ssl_key_passphrase => "keypass"
tls_min_version => "1.2"
}
}
output {
elasticsearch {
hosts => [ "Eslaticsearch host:9200" ]
ssl => "true"
cacert => "/opt/app/logstash/ca/rootca.cer"
user => "admin"
password => "xxxxxxx"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
I wonder if anyone else has encountered this error.
Thanks!