How to generate SSL and TLS self signed certificate for logstash and filebeat

Graylog Central (peer support)
1

Hi,

Currently I am planning to use TLS certificate for inputs and send logs using logstash and filebeat.

I am using below command to generate tls token for logstash and filebeat,

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout logstash.key -out logstash.crt

logstash configuration is as below,

output {
    tcp {
        codec => json_lines
        host => "<Graylog Host>"
        port => 12221
        ssl_enable => true
        ssl_verify => true
        ssl_cacert => "/tmp/tls-keys/graylog-server-tls.crt"
    }
}

I am getting below error,

[2018-02-07T14:25:02,212][ERROR][logstash.agent           ] Pipeline aborted due to error {:exception=>#<TypeError: can't convert nil into String>, :backtrace=>["org/jruby/RubyIO.java:3804:in `read'", "org/jruby/RubyIO.java:3987:in `read'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-tcp-4.0.2/lib/logstash/outputs/tcp.rb:94:in `setup_ssl'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-tcp-4.0.2/lib/logstash/outputs/tcp.rb:115:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:10:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:43:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:290:in `register_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:301:in `register_plugins'", "org/jruby/RubyArray.java:1613:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:301:in `register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:310:in `start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:235:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:408:in `start_pipeline'"]}

Filebeat Configuration is as below,

output.logstash:
  hosts: ["graylog-host:5046"]
  compression_level: 9
  tls:
    certificate_authorities: ["/tmp/tls-keys/graylog-server-tls.crt"]

Filebeat error is as below,

2018-02-07T14:41:37Z ERR Failed to publish events caused by: EOF
2018-02-07T14:41:37Z INFO Error publishing events (retrying): EOF

Please help how we can create the TLS certificate that will work for logstash, filebeat and Graylog input.

Thanks in Advance

2

You can find support for Logstash- and Beats-related questions in the Elastic discussion forums.

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.