如何配置logstash和filebeat SSL通信 问题是:
有人能帮我找出为什么我不能让filebeats通过TLS/SSL与logstash对话吗 错误: 我可以让filebeat和logstash在禁用TLS/SSL的情况下与eachover对话,但当我启用它并使用下面的设置/配置时,我会出现以下错误(在如何配置logstash和filebeat SSL通信 问题是:,logstash,elastic-stack,filebeat,Logstash,Elastic Stack,Filebeat,有人能帮我找出为什么我不能让filebeats通过TLS/SSL与logstash对话吗 错误: 我可以让filebeat和logstash在禁用TLS/SSL的情况下与eachover对话,但当我启用它并使用下面的设置/配置时,我会出现以下错误(在logstash.log中观察到): {:timestamp=>“2016-10-28T17:21:44.445000+0100”,:message=>“管道因错误而中止”, :exception=>java.lang.NullPointerExce
logstash.log
中观察到):
{:timestamp=>“2016-10-28T17:21:44.445000+0100”,:message=>“管道因错误而中止”,
:exception=>java.lang.NullPointerException,:backtrace=>org.logstash.netty.PrivateKeyCo
generatePkcs8(org/logstash/netty/PrivateKeyConverter.java:43)”,“org.logstash.nett
y、 PrivateKeyConverter.convert(org/logstash/netty/PrivateKeyConverter.java:39)“,”java.lang
.reflect.Method.invoke(java/lang/reflect/Method.java:498)”,“RUBY.create_服务器(/usr/share
/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.0.beta4-java/lib/logstash/
inputs/beats.rb:139)”,“RUBY.register(/usr/share/logstash/vendor/bundle/jruby/1.9/gems/log
stash-input-beats-3.1.0.beta4java/lib/logstash/inputs/beats.rb:132)”,“RUBY.start\u inputs(
/usr/share/logstash/logstash core/lib/logstash/pipeline.rb:311)”,org.jruby.RubyArray.eac
h(org/jruby/RubyArray.java:1613)”,“RUBY.start\u输入(/usr/share/logstash/logstash core/li
b/logstash/pipeline.rb:310)”,“RUBY.start\u workers(/usr/share/logstash/logstash-core/lib/lo
gstash/pipeline.rb:187)”,“RUBY.run(/usr/share/logstash/logstash-core/lib/logstash/pipelin
e、 rb:145)”,“RUBY.start_管道(/usr/share/logstash/logstash core/lib/logstash/agent.rb:2
40)”,“java.lang.Thread.run(java/lang/Thread.java:745)”,:level=>:error}
{:timestamp=>“2016-10-28T17:21:47.452000+0100”,:message=>“正在停止管道”,:id=>“主”
,:level=>:warn}
{:timestamp=>“2016-10-28T17:21:47.456000+0100”,:message=>“发生意外错误!”,
:error=>#在Filebeat 5.0中,tls
配置设置更改为ssl
,以与Logstash和Elasticsearch中使用的配置设置一致。请尝试更新Filebeat配置
参考资料:
CN=elkserver.system.local
可能是错误的。主机名始终位于SAN中。如果它位于CN中,则它也必须位于SAN中(在这种情况下,必须列出两次)。有关更多规则和原因,请参见和@jww-谢谢和抱歉。CN实际上是由Ansible变量设置的,因此为了清理示例,我删除了Ansible使用的模板格式。我怀疑我对Ansible变量Ansible_fqdn
的“猜测”是错误的。
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/filebeat-forwarder.crt"
ssl_key => "/etc/pki/tls/private/filebeat-forwarder.key"
}
}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
output:
logstash:
enabled: true
hosts:
- "<my ip address>:5044"
timeout: 15
tls:
certificate_authorities:
- /etc/pki/tls/certs/filebeat-forwarder.crt
filebeat:
prospectors:
-
paths:
- /var/log/syslog
- /var/log/auth.log
document_type: syslog
-
paths:
- /var/log/nginx/access.log
document_type: nginx-access
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = TG
ST = Togo
L = Lome
O = Private company
CN = *
[v3_req]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:TRUE
subjectAltName = @alt_names
[alt_names]
DNS.1 = *
DNS.2 = *.*
DNS.3 = *.*.*
DNS.4 = *.*.*.*
DNS.5 = *.*.*.*.*
DNS.6 = *.*.*.*.*.*
DNS.7 = *.*.*.*.*.*.*
IP.1 = <my ip address>