Question 84313 in Docker Question posted in
The official documentation can be found here.

Logstash output to Elasticsearch SSL certificate – Docker

I have the following docker containers

docker create 
--name=elasticsearch 
--restart=always 
--network=infrastructure_network 
--network-alias=elasticsearch 
-e TZ=Etc/UTC 
-e discovery.type=single-node 
-e "ES_JAVA_OPTS=-Xms6g -Xmx6g" 
-e ELASTIC_PASSWORD="foobar" 
-p 9200:9200 
-p 9300:9300 
-v elasticsearch:/usr/share/elasticsearch 
elasticsearch:8.0.0

docker create 
--name=logstash 
--restart=always 
--network=infrastructure_network 
--network-alias=logstash 
-e TZ=Etc/UTC 
-p 5040:5040 
-p 8514:8514/udp 
-v logstash:/usr/share/logstash/ 
-v elasticsearch:/elastic/ 
logstash:8.0.0

The containers start perfectly fine, but.. when I set the logstash output as follows:

input 
{
  tcp 
  {
    port => 8514
    type => syslog
  }
}

filter 
{
  if [type] == "syslog" 
  {
    grok 
    {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date 
    {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss.SSS", "MMM dd HH:mm:ss.SSS" ]
      timezone => "UTC"
    }
  }
}

output 
{
    elasticsearch 
    {
        hosts => ['https://elasticsearch:9200']
        cacert => '/elastic/config/certs/http_ca.crt'
        ssl_certificate_verification => false
        user => "elastic"
        password => "foobar"
        index => "syslog"
        ilm_enabled => false
    }

    stdout { codec => rubydebug }
}

I get the following error in the logstash logs…

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

[2022-03-02T03:27:04,496][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@elasticsearch:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://elasticsearch:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

[2022-03-02T03:27:08,344][DEBUG][logstash.outputs.elasticsearch][main] Waiting for connectivity to Elasticsearch cluster, retrying in 16s

I’m assuming that I’m using the wrong cert maybe? It’s the cert that is created when the elascticsearch container is spun up, what SHOULD I be using ??

Tags:

2

Answers


  1. 0

    add ssl => true to output elastic

    Login or Signup to reply.
  2. 0

    Make sure the file you point to in cacert contains the full chain of the certificate used on the elastic side (we’ve had it work with root first and then any intermediate CAs in order)

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search