我有一个麋鹿设置(1个主es,3个工作es,1个logstash,1个kibana),filebeat是日志收集器/发射器。后启用x-pack和tls,es和kibana工作正常。问题在于logstash。我现在看到这个错误 /var/log/logstash/logstash-plain.log
.
[error][logstash.javapipeline][filebeat]由于错误{:pipeline_id=>“filebeat”,:exception=>#manticore::unknownexception:无法识别的ssl消息,纯文本连接?,:backtrace=>[“/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in`block in initialize'”
我还可以在elasticsearch主服务器中看到以下日志:
[2020-09-01t07:13:20323][warn][o.e.x.c.s.t.n.securitynetty4transport][esmasternode1]在加密通道上接收到明文通信,关闭连接netty4tcpcpcchannel{localaddress=/10.1.1.6:9300,remoteaddress=/publicipaddress:35166}[2020-09-01t07:13:20,865][warn][o.e.t.tcptransport][esmasternode1]在传输层[netty4tcpcchannel{localaddress=/10.1.1.6:9300,remoteaddress=/public]上捕获到异常ipaddress:35326}],正在关闭连接
下面是我的logstash和filebeat配置。我已经将logstash设置为filebeat中的输出,将filebeat设置为logstash config中的输入。
日志存储.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/logstash/logstashcert.crt"
ssl_key => "/etc/logstash/logstashcert.key"
}
}
filter { json { source => "message" remove_field => [ "message" ] } }
output {
elasticsearch {
hosts => ["https://esmasterprivateIP:9200"]
index => "logs-%{+YYYY-MM-dd}"
manage_template => true
template => "/etc/logstash/conf.d/template.json"
template_name => "mytemplate"
ssl => true
cacert => '/home/ubuntu/esca.pem'
user => logstash_user
password => mypassword
}
}
文件节拍.conf
output.logstash:
workers: 2
enabled: true
protocol: "https"
hosts: ['logstashprivateip:5044']
path: "/"
ssl:
certificate_authorities: [“/etc/tls.crt”]
我找不到哪里出了问题。
注意:filebeat是在kubernetes中运行的,因此当它通过configmap时,配置看起来可能略有不同。
暂无答案!
目前还没有任何答案,快来回答吧!