登录
当前位置: 首页 > 知识库问答 >
问题:

Logstash无法连接安全(ssl)弹性搜索集群

葛念
2023-03-14

在elasticsearch和kibana中启用ssl通信工作良好,但logstash无法连接elasticsearch,但我可以卷曲elasticsearch urlhttps://localhost:9200也没有防火墙阻止,我已经生成了打开的ssl证书和密钥文件并保存在elasticsearch中

input {
  beats {
     client_inactivity_timeout => 1000
     port => 5044
  }
}

filter {
  grok {
    match => [ "message", "%{TIMESTAMP_ISO8601} %{LOGLEVEL:loglevel} zeppelin IDExtractionService transactionId %{WORD:transaction_id} operation %{WORD:otype} received request duration %{NUMBER:duration} exception %{WORD:error}" ]
  }
}
filter {
    if "beats_input_codec_plain_applied" in [tags] {
        mutate {
            remove_tag => ["beats_input_codec_plain_applied"]
        }
    }
}

filter {
    if "_grokparsefailure" in [tags] {
        mutate {
            remove_tag => ["_grokparsefailure"]
        }
    }
}

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: https://localhost:9200
output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    user => elastic
    password => password
    manage_template => false
#    ssl_certificate_verification => false
    ssl => true
    cacert => '/etc/elasticsearch/ca/key.pem'
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"

  }
}

弹性搜索配置文件

cluster.name: my-application
network.host: 0.0.0.0
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key:  /opt/elasticsearch/ca/ca.key
xpack.security.http.ssl.certificate: /opt/elasticsearch/ca/ca.crt

logstash日志文件

[2018-05-16T05:28:16,421][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] localhost:9200 failed to respond"}
[2018-05-16T05:28:17,201][WARN ][logstash.shutdownwatcher ] {"inflight_count"=>1, "stalling_thread_info"=>{"other"=>[{"thread_id"=>24, "name"=>nil, "current_call"=>"[...]/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/interval.rb:89:in `sleep'"}]}}
[2018-05-16T05:28:21,422][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@localhost:9200/, :path=>"/"}
[2018-05-16T05:28:21,422][INFO ][logstash.licensechecker.licensereader] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@localhost:9200/, :path=>"/"}
[2018-05-16T05:28:21,424][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] localhost:9200 failed to respond"}
[2018-05-16T05:28:21,425][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] localhost:9200 failed to respond"}
[2018-05-16T05:28:22,202][WARN ][logstash.shutdownwatcher ] {"inflight_count"=>1, "stalling_thread_info"=>{"other"=>[{"thread_id"=>24, "name"=>nil, "current_call"=>"[...]/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/interval.rb:89:in `sleep'"}]}}
[2018-05-16T05:28:26,425][INFO ][logstash.licensechecker.licensereader] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@localhost:9200/, :path=>"/"}
[2018-05-16T05:28:26,426][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@localhost:9200/, :path=>"/"}
[2018-05-16T05:28:26,427][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] localhost:9200 failed to respond"}
[2018-05-16T05:28:26,427][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] localhost:9200 failed to respond"}
[2018-05-16T05:28:27,201][WARN ][logstash.shutdownwatcher ] {"inflight_count"=>1, "stalling_thread_info"=>{"other"=>[{"thread_id"=>24, "name"=>nil, "current_call"=>"[...]/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/interval.rb:89:in `sleep'"}]}}
root@5c417caecc5f:/var/log/logstash#

共有1个答案

冀萧迟
2023-03-14

您必须在日志库中启用elasticsearch监控。yml配置文件。

/etc/logstash/logstash。yml

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: http://X.X.X.X:9200

有关更多信息,请参阅此帖子:

https://discuss.elastic.co/t/elasticsearch-unreachable-error-in-logstash/75157/7

和留档(TLS/SSL监控设置可能需要):

https://www.elastic.co/guide/en/logstash/6.2/configuring-logstash.html#monitoring-settings

xpack.monitoring.elasticsearch.ssl.ca
xpack.monitoring.elasticsearch.ssl.truststore.path
xpack.monitoring.elasticsearch.ssl.truststore.password
xpack.monitoring.elasticsearch.ssl.keystore.path
xpack.monitoring.elasticsearch.ssl.keystore.password

如果这不起作用,我可以看看你的 /etc/logstash/logstash.yml配置文件吗?

 类似资料:
  • 弹性搜索+LogStash无法连接

    我试图使用docker容器创建一个弹性搜索安装。我只使用Elastic.io提供者的映像。 我不知道为什么,但logstash告诉我,他无法连接到带有此错误消息的ElasticSearch实例: 如果logstash真的得到了我的设置,有人能告诉我为什么他使用了一个坏的主机事件吗?

  • Logstash无法连接到弹性搜索,因为ip地址错误

    我也有同样的问题: Logstash无法连接到弹性搜索 My/conf.d/logstash。形态: 错误: error_type= logstash在哪里选择这个ip地址?“本地主机:9200”

  • jhipster弹性搜索连接

    我在localhost:9200上有一个本地弹性搜索,当我向浏览器输入地址时,我得到了以下内容: 当我尝试运行我的应用程序时,我得到以下错误: 如何用我的Jhipster(V5.0.0-beta.3)后端连接到这个弹性服务器?

  • 弹性搜索和nodejs连接

    我正在尝试创建一个节点。带有RESTAPI的js应用程序,用于查询弹性搜索应用程序云上的数据。我有以下elasticsearch连接代码 上面的连接连接正确,如果我添加任何数据,它也会被添加。但是我希望数据不会被添加到本地主机。我希望我的实际集群拥有数据。我尝试了以下代码 上面的代码仍然没有添加数据或从我的云集群中检索数据... Evrry在互联网上我只找到localhost示例...有人能告诉我

  • 弹性搜索-用连字符搜索

    由于已经有很多关于连字符的问题,我已经尝试了以下解决方案: 使用字符筛选器:ElasticSearch-在名称中使用连字符进行搜索。 所以我做了这个映射: 所以char筛选器似乎没有在搜索字符串上执行?我该怎么做才能让它起作用?

  • 弹性搜索-无法初始化SSL-证书颁发

    我试图通过PySpark从Elastic Search(版本:7.13.4)获取数据。但是,我得到了这个错误。 我的代码: 完全错误: Py4JJavaError:调用o673时出错。负载:组织。elasticsearch。hadoop。eShadoPillegalArgumentException:无法检测ES版本-通常情况下,如果网络/Elasticsearch群集不可访问,或者在没有正确设置

相关问答

弹性搜索-用连字符搜索弹性搜索-无法初始化SSL-证书颁发logstash无法成功将数据发送到外部弹性搜索如何从NEST连接到弹性搜索弹性搜索与Nutch集成

相关文章

使用Java建立与MySQL Amazon RDS(SSL / TLS)的安全连接Websocket SSL连接NoSuchMethodError:com.google.common.util.concurrent.MoreExecutors.directExecutor在弹性搜索jar中发生冲突ElasticSearch全文搜索MongoDB安装的全文本搜索选项

相关阅读

Redis-安全-性能测试不知情搜索算法字节 国际化搜索运营-推荐内容安全 社招一面Vim搜索弹性分布式数据集(RDD)简介

相关工具

联系人搜索算法团购搜索Eclipse搜索引擎网页应用接口LogstashNSPredicate模糊搜索

相关文档

具有高级安全性的 Windows 防火墙安卓应用安全指南PHP 安全基础Python 安全编程iOS Security 安全 Wiki
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.