Dears,
When I created the certs for Filebeat:
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --pem --ca-cert /etc/elasticsearch/certs/ca.crt --ca-key /etc/elasticsearch/certs/ca.key --in /tmp/filebeats.yml --out /tmp/certs/filebeats.zip
Then filebeat cannot connect to Logstash:
ERROR [publisher_pipeline_output] pipeline/output.go:155 Failed to connect to backoff(async(tcp://elk-node-01:5044)): dial tcp 10.0.10.11:5044: connect: connection refused
filebeat.yml:
output.logstash:
hosts: ["elk-node-01:5044", "elk-node-02:5044", "elk-node-03:5044"]
loadbalance: true
ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]
ssl.certificate: "/etc/filebeat/certs/client.crt"
ssl.key: "/etc/filebeat/certs/client.key"
In Logstash configuration there are certs used for communication between ELK nodes.
Logstash conf looks like:
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/etc/logstash/certs/ca.crt"]
ssl_certificate => "/etc/logstash/certs/elk-node-01.crt"
ssl_key => "/etc/logstash/certs/elk-node-01.key"
ssl_verify_mode => "force_peer"
}
}
Logstash show error:
elk-node-01 logstash: [2020-07-17T12:26:27,320][ERROR][logstash.javapipeline ][main] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>java.lang.IllegalArgumentException:
File does not contain valid private key: /etc/logstash/certs/elk-node-01.key, :backtrace=>["io.netty.handler.ssl.SslContextBuilder.keyManager(io/netty/handler/ssl/SslContextBuilder.java:270)", "io.netty.handler.ssl.SslContextBuilder.forServer(io/netty/handler/ssl/SslContextBuilder.java:90)", "org.logstash.netty.SslContextBuilder.buildContext(org/logstash/netty/SslContextBuilder.java:104)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)
Do you have any idea what is wrong?
Many Thanks.
Regards,
Dan