Elasticearch SSL证书的Logstash输出

4smxwvx5  于 2022-10-06  发布在  Logstash
关注(0)|答案(2)|浏览(271)

我有下列码头集装箱

docker create 
--name=elasticsearch 
--restart=always 
--network=infrastructure_network 
--network-alias=elasticsearch 
-e TZ=Etc/UTC 
-e discovery.type=single-node 
-e "ES_JAVA_OPTS=-Xms6g -Xmx6g" 
-e ELASTIC_PASSWORD="foobar" 
-p 9200:9200 
-p 9300:9300 
-v elasticsearch:/usr/share/elasticsearch 
elasticsearch:8.0.0

docker create 
--name=logstash 
--restart=always 
--network=infrastructure_network 
--network-alias=logstash 
-e TZ=Etc/UTC 
-p 5040:5040 
-p 8514:8514/udp 
-v logstash:/usr/share/logstash/ 
-v elasticsearch:/elastic/ 
logstash:8.0.0

容器一开始就很好,但是..当我按如下方式设置logstash输出时:

input 
{
  tcp 
  {
    port => 8514
    type => syslog
  }
}

filter 
{
  if [type] == "syslog" 
  {
    grok 
    {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date 
    {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss.SSS", "MMM dd HH:mm:ss.SSS" ]
      timezone => "UTC"
    }
  }
}

output 
{
    elasticsearch 
    {
        hosts => ['https://elasticsearch:9200']
        cacert => '/elastic/config/certs/http_ca.crt'
        ssl_certificate_verification => false
        user => "elastic"
        password => "foobar"
        index => "syslog"
        ilm_enabled => false
    }

    stdout { codec => rubydebug }
}

我在日志记录中看到以下错误...

原因:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到指向请求目标的有效证书路径

[2022-03-02T03:27:04,496][Warn][logstash.outputs.elasticearch][Main]尝试恢复与失效ES示例的连接,但收到错误{:url=>“https://elastic:xxxxxx@elasticsearch:9200/”,:exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError,:Message=>“Elasticearch Unreacable:[https://elasticsearch:9200/][Manticore::ClientProtocolException]PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到指向请求目标的有效证书路径”}

[2022-03-02T03:27:08,344][DEBUG][logstash.outputs.elasticsearch][main]正在等待连接到ElasticSearch群集,将在16秒后重试

我假设我使用的证书可能是错误的?这是在启动elascticearch容器时创建的证书,我应该使用什么??

aelbi1ox

aelbi1ox1#

确保您在cacert中指向的文件包含在弹性端使用的证书的完整链(我们已经让它首先与根证书一起工作,然后按顺序与任何中间CA一起工作)

idfiyjo8

idfiyjo82#

ssl => true添加到输出弹性

相关问题