Logstash 输出到 Elasticsearch SSL 证书

我有以下码头集装箱

docker create 
--name=elasticsearch 
--restart=always 
--network=infrastructure_network 
--network-alias=elasticsearch 
-e TZ=Etc/UTC 
-e discovery.type=single-node 
-e "ES_JAVA_OPTS=-Xms6g -Xmx6g" 
-e ELASTIC_PASSWORD="foobar" 
-p 9200:9200 
-p 9300:9300 
-v elasticsearch:/usr/share/elasticsearch 
elasticsearch:8.0.0

docker create 
--name=logstash 
--restart=always 
--network=infrastructure_network 
--network-alias=logstash 
-e TZ=Etc/UTC 
-p 5040:5040 
-p 8514:8514/udp 
-v logstash:/usr/share/logstash/ 
-v elasticsearch:/elastic/ 
logstash:8.0.0

容器启动非常好,但是..当我设置logstash输出如下:

input 
{
  tcp 
  {
    port => 8514
    type => syslog
  }
}

filter 
{
  if [type] == "syslog" 
  {
    grok 
    {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date 
    {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss.SSS", "MMM dd HH:mm:ss.SSS" ]
      timezone => "UTC"
    }
  }
}

output 
{
    elasticsearch 
    {
        hosts => ['https://elasticsearch:9200']
        cacert => '/elastic/config/certs/http_ca.crt'
        ssl_certificate_verification => false
        user => "elastic"
        password => "foobar"
        index => "syslog"
        ilm_enabled => false
    }

    stdout { codec => rubydebug }
}

我在 logstash 日志中收到以下错误...

原因:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径

[2022-03-02T03:27:04,496][WARN][logstash.outputs.elasticsearch][main] 尝试恢复到死 ES 实例的连接,但出现错误 {:url=>"https://elastic:xxxxxx @elasticsearch:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch 无法访问:[https://elasticsearch:9200/][Manticore:: ClientProtocolException] PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到到请求目标的有效证书路径"}

[2022-03-02T03:27:08,344][DEBUG][logstash.outputs.elasticsearch][main] 等待连接到 Elasticsearch 集群,16 秒后重试

我假设我可能使用了错误的证书?这是 elascticsearch 容器启动时创建的证书,我应该使用什么?

stack overflow Logstash output to Elasticsearch SSL certificate
原文答案

答案:

作者头像

添加 ssl => true 以输出弹性

作者头像

确保您在 cacert 中指向的文件包含在弹性端使用的证书的完整链(我们先让它与 root 一起使用,然后按顺序与任何中间 CA 一起使用)