Hello
I try graylog-sidecar with the input beat and tls/ssl on the graylog server 3.1 but I not can fix this problem below! Someone know this problem? It is possible to receive an how to for tls/ssl over graylog-sidecar?
Best regards
ERROR [AbstractTcpTransport] Error in Input [Beats/5dcXXXXXXXX] (channel [id: 0x4ef83d55, L:/192.168.X.X:5044 ! R:/192.168.X.X:54056]) (cause io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record
Now I have this error! Error in Input [Beats/5dced10eec2d98271e02d7a9] (channel [id: 0x0788a38a, L:/192.168.120.73:6044 ! R:/192.168.120.74:51396]) (cause io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_ CERTIFICATE)
If I use only the beat with only Enable TLS without cert, graylog create one but this dont work. Here the error:
2019-11-16T15:29:36.295+01:00 INFO [AbstractTcpTransport] Enabled TLS for input [Beats/5dd006ad67042e0e778ec025]. key-file="" cert-file=""
2019-11-16T15:29:36.295+01:00 WARN [AbstractTcpTransport] TLS key file or certificate file does not exist, creating a self-signed certificate for input [Beats/5dd006ad67042e0e778ec025].
2019-11-16T15:29:36.296+01:00 INFO [InputStateListener] Input [Beats/5dd006ad67042e0e778ec025] is now STARTING
2019-11-16T15:29:36.424+01:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input Beats2Input{title=new beat, type=org.graylog.plugins.beats.Beats2Input, nodeId=null} (channel [id: 0x6ffd35b9, L:/0:0:0:0:0:0:0:0%0:5044]) should be 1048576 but is 425984.
2019-11-16T15:29:36.425+01:00 INFO [InputStateListener] Input [Beats/5dd006ad67042e0e778ec025] is now RUNNING
2019-11-16T15:29:37.514+01:00 ERROR [AbstractTcpTransport] Error in Input [Beats/5dd006ad67042e0e778ec025] (channel [id: 0x9ffe5c90, L:/192.168.34.25:5044 ! R:/192.168.34.116:52830]) (cause io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 3257000001bc324300004e04785eec9dd99ae3c675c72bc8beeffb564226a19d26486c04978489e4d128962c8d648f46b2a59619102892f090000380dd331af755922bbf412ef200799d3c41de245fb18a20b8804da0aa4ba8e9fe3e5fb8d94d0d89fa9dfff99f730a05f30300c0cf01a078afd5b7d3608192d45d2cd5816aea465f330ccd703e35ec81d11d74cc966175bf509beadb0b94babe9bbaeae0b53a466eaa0ed449304763e4a66a534d5f2d913a50477ee4a94df50ac5491085ea40edb6ec96a9de3455e425eae0b57a85e224884275a01a2da3a5ab374d751625a93a78ad86ee02a903f56a71edc668ee8e5bd3551aa038465fb7e691e7ced59ba6ea4e5198aa83d79b7f6fb2fd046839430b14bbf351e0ab03d5b77dc7f68cb166f69cb166f77d57730da3af39e3c9d8f4cc9edf771db5a9cea2240ddd055207ead5e2da8dd1dc1db7a6ab3440718cbe6ecd23cf9dab4d35f0f17fd2f03d1fe9a6d6b7c78e667bbeaeb9e3c944734cc7b2fafab86b38faf12f3f8fa6eae0b51a4d26094ad581de5c7f70fcd2d24d67ea406d5fb9717b1e4ddbe44368214aafa3f845cb68e1b7dedc34d5054a12778a3fe705f4668bc887baa3ebb0e88df86d4d350897ab14ff33e9abf5f2e0576f9aaa17cde7c84ba37814463e22d78bfcc3c7bffd746e8e9268157b6894bd551da856afd7e9da9ea9e9fd4947b39db1adf52ca7afd95dab6376dcbed7f5917ab3864d014071cf82adcf0336960f5c78d566d11bcf292a0c524c4e2582f11b2bf39bd17616a8376bd47e1e00e5f139a8d93a0fd4727179017d37c500dd097ee5aec503ae795c6da3b4e212987e0100e57fc4c15403bd3e2502f74001f7c1e9970667471220f266117cb60ae1d3e80a1a3a348d81e10c0c133efff431c4760b3606f0c94be4add2209cc2c6e565a3d146a9b731026914cd9376e2c5c1324de88b6dea0e608c92d50269578bf5db1a54007f1100e5bfc4315b098ada9ab5e6c62a65ce720b057e09abca799ead99d93da3d3dba1e2240e3b345420a1d8bf944d206c59acc84a105dfd25b149fa6ebe4a45f6497952ad9638c4f34e0b9f2dfb9bd2c5ec981c149117a404a65f0640598a13bc7ac4d1bd84cf61ac9c2fa01fc4a1bb40f05c652d229590f72b00282fc5915729d5e237e1af7c4b8d5f07552a53815a06ab10b56e87a0d5c2ff4b523745decc0da7a895acc631be5a7569acfc2a00ca47e208acc1f72eb616150384f6c6b0bba3cdccdabad36d3ec69fb68a17b5bae68e17bd800b3708b795044da9bf0680f2be38acc4a6d402888b1c6b45acf67be082ad5b1945df62b5b179568fb9f07d19a48f231f0d758ad4af03a0207148d5caf24b29311b166c9d35d3ba5e1a5ca10f83241daee715f12aa4ad0c8dfc4a0b032fc1c8f248abc49afd86d8c42856c1dc291d83d5)
That you have done it wrong with the certificate, alt names and additional I guess.
and the second you have checked that the sending client needs a certificate to authenticate but the filebeat does not send one … but that is just guessing.
Dear Jan
How the communication work exactly if I have graylog with SSL/TLS on Port 9000 TCP and Beat input on Port 5044 and on the Hosts Graylog-Sidecar installed?
The sidecar is connecting to Graylog (TLS Port 9000) and checks in, if configured receive configuration from Graylog.
With that given configuration the sidecar starts the collector. The collector is after collecting sending the data (if configured correctly) to the beats input on Graylog. If that configuration contains parameters for tls/authentification that is done.