我有一个麋鹿设置(1个主es,3个工作es,1个logstash,1个kibana),filebeat是日志收集器/发射器。后启用x-pack和tls,es和kibana工作正常。问题在于logstash。我现在看到这个错误 /var/log/logstash/logstash-plain.log .
[error][logstash.javapipeline][filebeat]由于错误{:pipeline_id=>“filebeat”,:exception=>#manticore::unknownexception:无法识别的ssl消息,纯文本连接?,:backtrace=>[“/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in`block in initialize'”
我还可以在elasticsearch主服务器中看到以下日志:
[2020-09-01t07:13:20323][warn][o.e.x.c.s.t.n.securitynetty4transport][esmasternode1]在加密通道上接收到明文通信,关闭连接netty4tcpcpcchannel{localaddress=/10.1.1.6:9300,remoteaddress=/publicipaddress:35166}[2020-09-01t07:13:20,865][warn][o.e.t.tcptransport][esmasternode1]在传输层[netty4tcpcchannel{localaddress=/10.1.1.6:9300,remoteaddress=/public]上捕获到异常ipaddress:35326}],正在关闭连接
下面是我的logstash和filebeat配置。我已经将logstash设置为filebeat中的输出,将filebeat设置为logstash config中的输入。
日志存储.conf
input {beats {port => 5044ssl => truessl_certificate => "/etc/logstash/logstashcert.crt"ssl_key => "/etc/logstash/logstashcert.key"}}filter { json { source => "message" remove_field => [ "message" ] } }output {elasticsearch {hosts => ["https://esmasterprivateIP:9200"]index => "logs-%{+YYYY-MM-dd}"manage_template => truetemplate => "/etc/logstash/conf.d/template.json"template_name => "mytemplate"ssl => truecacert => '/home/ubuntu/esca.pem'user => logstash_userpassword => mypassword}}
文件节拍.conf
output.logstash:workers: 2enabled: trueprotocol: "https"hosts: ['logstashprivateip:5044']path: "/"ssl:certificate_authorities: [“/etc/tls.crt”]
我找不到哪里出了问题。
注意:filebeat是在kubernetes中运行的,因此当它通过configmap时,配置看起来可能略有不同。
暂无答案!
目前还没有任何答案,快来回答吧!