Hello Everyone,
I have a question I currently have logs coming in without security setup between input and sidecar. I created a CA, created a csr, signed the csr using the CA. So I now have a CA, a cert, and a key for the cert. If I want to encrypt the log data between input and sidecar on the input do I do the following?
**Note HTTPS to the web interface is behind a Nginx reverse proxy with a wildcard cert not related to any of these.
With my sidecar config being:
Needed for Graylog
fields_under_root: true
fields.collector_node_id: {sidecar.nodeName}
fields.gl2_source_collector: {sidecar.nodeId}
filebeat.inputs:
- input_type: log
paths:- /var/log/*.log
type: log
output.logstash:
hosts: [“192.168.2.61:5044”]
ssl.certificate_authorities: ["/etc/ssl/certs/ca.pem"]
ssl.certificate: “/etc/ssl/certs/machine-cert.pem”
ssl.key: “/etc/ssl/certs/machine-key.pem”
path:
data: /var/lib/graylog-sidecar/collectors/filebeat/data
logs: /var/lib/graylog-sidecar/collectors/filebeat/log
- /var/log/*.log
My /etc/filebeat/filebeat.yml file containing:
output.logstash:
hosts: ["192.168.2.61:5044"]
ssl.certificate_authorities: ["/etc/ssl/certs/ca.pem"]
ssl.certificate: "/etc/ssl/certs/machine-cert.pem"
ssl.key: "/etc/ssl/certs/machine-key.pem"
When I do this it shows my input and sidecar are both running and I can see the log directories but no data is sent in. I check the sidecar logs and I receive a connection error and a ton of retries. Am I missing something in these conf files or something else wrong? Not sure really where or what to check at this point. The documentation made sense while I was setting this up I think I am skipping something small.
Below are the errors I receive.
2020-05-27T11:03:58.546-0400 ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://log.domain.com:5044)): read tcp 192.168.2.61:58074->192.168.2.61:5044: read: connection reset by peer
2020-05-27T11:03:58.547-0400 INFO pipeline/output.go:93 Attempting to reconnect to backoff(async(tcp://log.domain.com:5044)) with 36 reconnect attempt(s)