Logstash can't connect to logstash

Search Guard
1

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

  • ELK version - 6.2.2

  • SG version - 6.2.2-22.0

  • JVM version - build 1.8.0_161-b12

  • Elasticsearch log:

[2018-04-10T22:17:59,143][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [logsta] SSL Problem Received fatal alert: certificate_unknown

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

  • Logstash log:

[WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https://logstash.taxnet.ru:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [https://logstash.taxnet.ru:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”}

The information from the Logstash is loaded, but at the same time I see the connection error. Also, there is no Logstash in the Kibana.

2

Please post your logstash configuration. This is an TLS connection error, most likely you did not provide the your root certificate to logstash, so the certificate that Elasticsearch / Search Guard sends cannot be verified:

truststore => “/path/to/truststore.jks”

truststore_password => changeit

``

See also here:

If you are using demo/dummy certificates and the hostname in the certificates does not match the real hostname you also need to disable certificate verification.

···

On Tuesday, April 10, 2018 at 9:21:38 PM UTC+2, Sergey Murashov wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any
  • ELK version - 6.2.2
  • SG version - 6.2.2-22.0
  • JVM version - build 1.8.0_161-b12
  • Elasticsearch log:

[2018-04-10T22:17:59,143][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [logsta] SSL Problem Received fatal alert: certificate_unknown

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

  • Logstash log:

[WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https://logstash.taxnet.ru:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [[https://logstash.taxnet.ru:9200/]Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”}

The information from the Logstash is loaded, but at the same time I see the connection error. Also, there is no Logstash in the Kibana.

3

I turned off the x-pack monitoring and the error went away

···

среда, 11 апреля 2018 г., 23:03:00 UTC+3 пользователь Jochen Kressin написал:

Please post your logstash configuration. This is an TLS connection error, most likely you did not provide the your root certificate to logstash, so the certificate that Elasticsearch / Search Guard sends cannot be verified:

truststore => “/path/to/truststore.jks”

truststore_password => changeit

``

See also here:

https://docs.search-guard.com/latest/logstash

If you are using demo/dummy certificates and the hostname in the certificates does not match the real hostname you also need to disable certificate verification.

On Tuesday, April 10, 2018 at 9:21:38 PM UTC+2, Sergey Murashov wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any
  • ELK version - 6.2.2
  • SG version - 6.2.2-22.0
  • JVM version - build 1.8.0_161-b12
  • Elasticsearch log:

[2018-04-10T22:17:59,143][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [logsta] SSL Problem Received fatal alert: certificate_unknown

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

  • Logstash log:

[WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https://logstash.taxnet.ru:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [[https://logstash.taxnet.ru:9200/]Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”}

The information from the Logstash is loaded, but at the same time I see the connection error. Also, there is no Logstash in the Kibana.

4

do you disabled x-pack monitoring in logstash or in elasticsearch?

···

On Thursday, 12 April 2018 11:26:38 UTC+2, Sergey Murashov wrote:

I turned off the x-pack monitoring and the error went away

среда, 11 апреля 2018 г., 23:03:00 UTC+3 пользователь Jochen Kressin написал:

Please post your logstash configuration. This is an TLS connection error, most likely you did not provide the your root certificate to logstash, so the certificate that Elasticsearch / Search Guard sends cannot be verified:

truststore => “/path/to/truststore.jks”

truststore_password => changeit

``

See also here:

https://docs.search-guard.com/latest/logstash

If you are using demo/dummy certificates and the hostname in the certificates does not match the real hostname you also need to disable certificate verification.

On Tuesday, April 10, 2018 at 9:21:38 PM UTC+2, Sergey Murashov wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any
  • ELK version - 6.2.2
  • SG version - 6.2.2-22.0
  • JVM version - build 1.8.0_161-b12
  • Elasticsearch log:

[2018-04-10T22:17:59,143][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [logsta] SSL Problem Received fatal alert: certificate_unknown

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

  • Logstash log:

[WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https://logstash.taxnet.ru:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [[https://logstash.taxnet.ru:9200/]Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”}

The information from the Logstash is loaded, but at the same time I see the connection error. Also, there is no Logstash in the Kibana.