logstach写入es报错:
logstach 端报错:
[WARN ] 2024-06-18 16:54:19.159 [Ruby-0-Thread-5: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@39.134.86.100:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@39.134.86.100:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"}
[WARN ] 2024-06-18 16:54:19.166 [Ruby-0-Thread-7: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@39.134.86.100:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@39.134.86.100:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"}
es日志报错:
[2024-06-18T16:52:18,943][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37824}
[2024-06-18T16:52:18,944][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37828}
[2024-06-18T16:52:23,950][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37862}
[2024-06-18T16:52:23,950][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37864}
解决参考:
elasticsearch - Enabling TLS/SSL in elastic and logstash 7.1.0 - Stack Overflow
Enabling TLS/SSL in elastic and logstash 7.1.0
I am trying to connect logstash to elasticsearch-7.1.0 which has TLS/SSL enabled using basic license. But every time when logstash tries to connect to the elastic, "http client did not trust this server's certificate, closing connection Netty4HttpChannel" warning is thrown by elastic.
I have generated certificates using both certutil and certgen but i think both the certificates does not have the trusted author. how to generate a certificate with trusted author? Or it might be the scenario that in basic license version elasticsearch-7.1.0 can we use TLS/SSL for logstash?
My elasticsearch.yml
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: path/to/the/key/ca.key
xpack.security.transport.ssl.certificate: path/to/the/cert/ca.crt
xpack.security.transport.ssl.certificate_authorities: [
"path/to/the/cert/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificate
xpack.security.http.ssl.truststore.path: certs/elastic-certificate
xpack.security.http.ssl.verification_mode: certificate
My logstash.yml
xpack.monitoring.enabled: false
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: changeit
xpack.monitoring.elasticsearch.hosts: ["https://localhost:9200"]
xpack.monitoring.elasticsearch.ssl.truststore.path:certs/elastic-
certificate
xpack.monitoring.elasticsearch.ssl.truststore.password: password
xpack.monitoring.elasticsearch.ssl.keystore.path:certs/elastic-
certificate
xpack.monitoring.elasticsearch.ssl.keystore.password: password
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
the warning i am getting is --" http client did not trust this server's certificate, closing connection Netty4HttpChannel"
Try to add ssl_certificate_verification => false
or path to CA cert cacert => '/etc/elasticsearch/ca/key.pem'
into logstash configuration:
output {
elasticsearch {
hosts => ["http://localhost:9200"]
ssl => true
ssl_certificate_verification => false
#or
cacert => '/etc/elasticsearch/ca/key.pem'
}
}