elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch
我有一个麋鹿设置(1个主ES,3个工人ES,1个logstash,1个kibana),filebeat是日志收集器/发射器。启用x-pack和TLS后,ES和Kibana工作正常。问题在于logstash。我目前在elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch,elasticsearch,logstash,filebeat,elasticsearch,Logstash,Filebeat,我有一个麋鹿设置(1个主ES,3个工人ES,1个logstash,1个kibana),filebeat是日志收集器/发射器。启用x-pack和TLS后,ES和Kibana工作正常。问题在于logstash。我目前在/var/log/logstash/logstash plain.log中看到这个错误 [ERROR][logstash.javapipeline][filebeat]管道由于以下原因中止 错误{:pipeline_id=>“filebeat”, :exception=>#, :bac
/var/log/logstash/logstash plain.log
中看到这个错误
[ERROR][logstash.javapipeline][filebeat]管道由于以下原因中止
错误{:pipeline_id=>“filebeat”,
:exception=>#,
:backtrace=>[“/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in
`初始化“”中的块
我还可以在elasticsearch主服务器中看到以下日志:
[2020-09-01T07:13:20323]警告
][o.e.x.c.s.t.n.SecurityNetty4Transport][esmasternode1]已收到
加密通道上的明文通信量,正在关闭连接
Netty4TCPCChannel{localAddress=/10.1.1.6:9300,
remoteAddress=/publicipaddress:35166}[2020-09-01T07:13:20865][WARN
][o.e.t.TCPTTransport][esmasternode1]发现异常
传输层[netty4tcpcchannel{localAddress=/10.1.1.6:9300,
remoteAddress=/publicipaddress:35326}],正在关闭连接
下面是我的logstash和filebeat配置。我已经将logstash设置为filebeat中的输出,将filebeat设置为logstash配置中的输入
Logstash.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/logstashcert.crt"
ssl_key => "/etc/logstash/logstashcert.key"
}
}
filter { json { source => "message" remove_field => [ "message" ] } }
output {
elasticsearch {
hosts => ["https://esmasterprivateIP:9200"]
index => "logs-%{+YYYY-MM-dd}"
manage_template => true
template => "/etc/logstash/conf.d/template.json"
template_name => "mytemplate"
ssl => true
cacert => '/home/ubuntu/esca.pem'
user => logstash_user
password => mypassword
}
}
output.logstash:
workers: 2
enabled: true
protocol: "https"
hosts: ['logstashprivateip:5044']
path: "/"
ssl:
certificate_authorities: [“/etc/tls.crt”]
Filebeat.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/logstashcert.crt"
ssl_key => "/etc/logstash/logstashcert.key"
}
}
filter { json { source => "message" remove_field => [ "message" ] } }
output {
elasticsearch {
hosts => ["https://esmasterprivateIP:9200"]
index => "logs-%{+YYYY-MM-dd}"
manage_template => true
template => "/etc/logstash/conf.d/template.json"
template_name => "mytemplate"
ssl => true
cacert => '/home/ubuntu/esca.pem'
user => logstash_user
password => mypassword
}
}
output.logstash:
workers: 2
enabled: true
protocol: "https"
hosts: ['logstashprivateip:5044']
path: "/"
ssl:
certificate_authorities: [“/etc/tls.crt”]
我无法找出我的错误所在
注意:Filebeat在kubernetes中运行,因此在通过configmap时,配置看起来可能略有不同