我正在尝试配置metricbeat以将数据发送到logstash。我将两者都配置为使用SSL(我认为是正确的),但是遇到了tls握手失败。具体错误是:
2020-02-17T19:42:06.411Z ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://elk-logstash-beat:5044)): remote error: tls: handshake failure
我的beats.conf输入是:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/ssl/elk/cert.pem"
ssl_certificate_authorities => [
"/etc/ssl/elk/ca_root.pem",
"/etc/ssl/elk/ca_int.pem"
]
ssl_key => "/etc/ssl/elk/key-p8.pem"
}
}
我的metricbeat output.logstash是:
output:
logstash:
index: metricbeat
hosts:
- logstash:5044
ssl:
enabled: true
verification_mode: none
我已验证我的output.logstash配置在没有为Logstash和Metricbeat都配置SSL的情况下可以正常工作。
此外,当我将input.beats更新为以下内容时:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/ssl/elk/cert.pem"
ssl_certificate_authorities => [
"/etc/ssl/elk/ca_root.pem",
"/etc/ssl/elk/ca_int.pem"
]
ssl_key => "/etc/ssl/elk/key-p8.pem"
ssl_verify_mode => "none"
}
}
和我的output.logstash如下:
output:
logstash:
index: elk-metricbeat
hosts:
- elk-logstash-beat:5044
ssl:
enabled: true
verification_mode: none
certificate: /etc/ssl/elk/cert.pem
certificate_authorities:
- /etc/ssl/elk/ca_root.pem
- /etc/ssl/elk/ca_int.pem
key: /etc/ssl/elk/key-p8.pem
...一切正常。但是,将output.logstash中的以下内容注释掉会使其失败:
certificate: /etc/ssl/elk/cert.pem
certificate_authorities:
- /etc/ssl/elk/ca_root.pem
- /etc/ssl/elk/ca_int.pem
key: /etc/ssl/elk/key-p8.pem
根据我的理解,ssl_verify_mode => "none"应该接受任何通过SSL连接的客户端,无论它是否通过身份验证。这是正确的吗?