logstash错误，启用ssl后无法连接elasticsearch

irtuqstp 于 2021-06-15 发布在 ElasticSearch

关注(0)|答案(0)|浏览(530)

我有一个麋鹿设置（1个主es，3个工作es，1个logstash，1个kibana），filebeat是日志收集器/发射器。后启用x-pack和tls，es和kibana工作正常。问题在于logstash。我现在看到这个错误 /var/log/logstash/logstash-plain.log .
[error][logstash.javapipeline][filebeat]由于错误{：pipeline_id=>“filebeat”，：exception=>#manticore:：unknownexception:无法识别的ssl消息，纯文本连接？，：backtrace=>[“/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in`block in initialize'”
我还可以在elasticsearch主服务器中看到以下日志：
[2020-09-01t07:13:20323][warn][o.e.x.c.s.t.n.securitynetty4transport][esmasternode1]在加密通道上接收到明文通信，关闭连接netty4tcpcpcchannel{localaddress=/10.1.1.6:9300，remoteaddress=/publicipaddress:35166}[2020-09-01t07:13:20，865][warn][o.e.t.tcptransport][esmasternode1]在传输层[netty4tcpcchannel{localaddress=/10.1.1.6:9300，remoteaddress=/public]上捕获到异常ipaddress:35326}]，正在关闭连接
下面是我的logstash和filebeat配置。我已经将logstash设置为filebeat中的输出，将filebeat设置为logstash config中的输入。
日志存储.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/logstashcert.crt"
    ssl_key => "/etc/logstash/logstashcert.key"
  }
}

filter { json { source => "message" remove_field => [ "message" ] } }

output {
  elasticsearch {
  hosts => ["https://esmasterprivateIP:9200"]
    index => "logs-%{+YYYY-MM-dd}"
    manage_template => true
    template => "/etc/logstash/conf.d/template.json"
    template_name => "mytemplate"
    ssl => true
    cacert => '/home/ubuntu/esca.pem'
    user => logstash_user
    password => mypassword

  }
}

文件节拍.conf

output.logstash:
      workers: 2
      enabled: true
      protocol: "https"
      hosts: ['logstashprivateip:5044']
      path: "/"
      ssl:
      certificate_authorities: [“/etc/tls.crt”]

我找不到哪里出了问题。
注意：filebeat是在kubernetes中运行的，因此当它通过configmap时，配置看起来可能略有不同。

elasticsearch logstash filebeat

来源：https://stackoverflow.com/questions/63684866/logstash-error-unable-to-connect-with-elasticsearch-after-enabling-ssl