Winlogbeat is not accpeting .crt and .key

Rahul_Dankhara · September 5, 2020, 3:01pm

I am using .crt and .key for authentication of filebeat with logstash. Which is working perfectly fine.

I am using the same certificates for winlogbeat and it is not working as expected.

Followed this doc to create .ca and .crt. It is working fine for the complete cluster encryption but the only winlogbeat is the issue. https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash

output.logstash:
  enabled: true
  hosts: ["aws-elb:5042"]
  ssl.certificate_authorities: C:\Program Files\winlogbeat\SSL\ca.crt
  ssl.certificate: C:\Program Files\winlogbeat\SSL\ca.crt
  ssl.key: C:\Program Files\winlogbeat\SSL\ca.key`

PFB Error:
`PS C:\Program Files\winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e                                                                                                                                                          2020-09-05T20:26:06.928+0530    INFO    instance/beat.go:647    Home path: [C:\Program Files\winlogbeat] Config path: [C:\Program Files\winlogbeat] Data path: [C:\Program Files\winlogbeat\data] Logs path: [C:\Program Files\winlogbeat\logs]
2020-09-05T20:26:06.929+0530    INFO    instance/beat.go:655    Beat ID: 645486f7-e240-41bf-afb7-b6e498cfbb51
2020-09-05T20:26:06.980+0530    INFO    [add_cloud_metadata]    add_cloud_metadata/add_cloud_metadata.go:89     add_cloud_metadata: hosting provider type not detected.
2020-09-05T20:26:06.974+0530    INFO    [beat]  instance/beat.go:983    Beat info       {"system_info": {"beat": {"path": {"config": "C:\\Program Files\\winlogbeat", "data": "C:\\Program Files\\winlogbeat\\data", "home": "C:\\Program Files\\winlogbeat", "logs": "C:\\Program Files\\winlogbeat\\logs"}, "type": "winlogbeat", "uuid": "645486f7-e240-41bf-afb7-b6e498cfbb51"}}}
2020-09-05T20:26:06.980+0530    INFO    [beat]  instance/beat.go:992    Build info      {"system_info": {"build": {"commit": "94f7632be5d56a7928595da79f4b829ffe123744", "libbeat": "7.8.1", "time": "2020-07-21T15:24:38.000Z", "version": "7.8.1"}}}
2020-09-05T20:26:06.980+0530    INFO    [beat]  instance/beat.go:995    Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":8,"version":"go1.13.10"}}}
2020-09-05T20:26:07.005+0530    INFO    [beat]  instance/beat.go:999    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-09-04T10:07:44.23+05:30","name":"Rahul-Laptop","ip":["fe80::85fc:6009:4c07:653/64","169.254.6.83/16","fe80::8c33:f8c:9a59:28a8/64","169.254.40.168/16","fe80::b44f:1690:20fe:93ea/64","169.254.147.234/16","fe80::61:4ee7:64b4:87fb/64","192.168.239.1/24","fe80::3d99:9b16:e7f6:5495/64","192.168.13.1/24","2405:201:200c:983b:7d21:50b0:560:b187/64","2405:201:200c:983b:b8df:3113:b588:783b/128","fe80::7d21:50b0:560:b187/64","192.168.29.108/24","::1/128","127.0.0.1/8"],"kernel_version":"10.0.18362.1016 (WinBuild.160101.0800)","mac":["8c:ec:4b:26:9f:ec","9e:30:5b:74:30:85","ae:30:5b:74:30:85","00:50:56:c0:00:01","00:50:56:c0:00:08","9c:30:5b:74:30:85"],"os":{"family":"windows","platform":"windows","name":"Windows 10 Home Single Language","version":"10.0","major":10,"minor":0,"patch":0,"build":"18363.1016"},"timezone":"IST","timezone_offset_sec":19800,"id":"0d277410-8e8c-4a5e-ba5c-5dff5a31e7f0"}}}
2020-09-05T20:26:07.006+0530    INFO    [beat]  instance/beat.go:1028   Process info    {"system_info": {"process": {"cwd": "C:\\Program Files\\winlogbeat", "exe": "C:\\Program Files\\winlogbeat\\winlogbeat.exe", "name": "winlogbeat.exe", "pid": 11148, "ppid": 16208, "start_time": "2020-09-05T20:26:06.842+0530"}}}
2020-09-05T20:26:07.007+0530    INFO    instance/beat.go:310    Setup Beat: winlogbeat; Version: 7.8.1
2020-09-05T20:26:07.007+0530    ERROR   [tls]   tlscommon/tls.go:55     Failed reading certificate file C:\Program Files\winlogbeat\SSL\ca.crt: no pem file
2020-09-05T20:26:07.007+0530    ERROR   [tls]   tlscommon/tls.go:156    Failed to add CA to the cert pool, CA is not a valid PEM file
2020-09-05T20:26:07.007+0530    ERROR   instance/beat.go:958    Exiting: error initializing publisher: 2 errors: no pem file C:\Program Files\winlogbeat\SSL\ca.crt; file is not a certificate adding C:\Program Files\winlogbeat\SSL\ca.crt to the list of known CAs
Exiting: error initializing publisher: 2 errors: no pem file C:\Program Files\winlogbeat\SSL\ca.crt; file is not a certificate adding C:\Program Files\winlogbeat\SSL\ca.crt to the list of known CAs

system · October 3, 2020, 5:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeats not working with SSL configuration to Logstash Beats winlogbeat	18	6320	May 2, 2018
Winlogbeat not working after enabling SSL but other beats work Beats	7	901	December 5, 2018
Beats stopped working after enabled TLS/SSL on Elasticsearch and Kibana Beats packetbeat , winlogbeat , auditbeat	7	675	October 20, 2020
Windows beats and Logstash Beats winlogbeat	2	883	April 3, 2018
Can't figure out how to use certificates correctly Beats filebeat	15	1812	July 5, 2017

Winlogbeat is not accpeting .crt and .key

Related topics