Hi, I've just used and set up the cert generator for PoC with SearchGuard. When I do that curl I get connection refused: sudo curl --key /etc/elasticsearch/CN=demouser.key.pem --cert /etc/elasticsearch/CN=demouser.crt.pem https://localhost:9200/ curl: (7) Failed to connect to localhost port 9200: Connection refused I can share configs and anything else you might need. Any thoughts? Currently my integration is broken. ☹ -----Original Message----- From: Fabien Wernli <wernli@in2p3.fr> Sent: Wednesday, July 10, 2019 1:55 AM To: Allen Olivas <allen.olivas@infodefense.com> Cc: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: RE: [syslog-ng] Cannot send Syslog-ng to Elasticsearch On Wed, Jul 10, 2019 at 06:47:48AM +0000, Allen Olivas wrote:
My problem now is it still doesn't seem to authenticate or work with elasticsearch.
How did you create the user certificate? You can test it using curl: curl --key /path/to/key --cert /path/to/cert https://localhost:9200/
Should I have an entry in the elasticsearch.yml? Searchguard has already been configured for elasticsearch and kibana. Also is your elastic-http-plugin.conf referencing the yml file or the client-mode ("searchguard")? I'm not entirely sure what all needs to be configured.
Client-mode is not a valid option for the elasticsearch-http() driver, so don't use it (it was an option to the java elastic dest).
[2019-07-10T01:44:39.100211] curl: error sending HTTP request; url='https://127.0.0.1:9200/_bulk', error='Problem with the local SSL certificate', worker_index='3', driver='d_elastic#0', location='#buffer:4:3'
Again, test the client certificate with curl. My guess is that you generated a node certificate instead of a client certificate.