[syslog-ng] Cannot send Syslog-ng to Elasticsearch

Fabien Wernli wernli at in2p3.fr
Wed Jul 10 06:54:41 UTC 2019


On Wed, Jul 10, 2019 at 06:47:48AM +0000, Allen Olivas wrote:
> My problem now is it  still doesn't seem to authenticate or work with elasticsearch. 

How did you create the user certificate?
You can test it using curl:

  curl --key /path/to/key --cert /path/to/cert https://localhost:9200/

> Should I have an entry in the elasticsearch.yml? Searchguard has already been configured for elasticsearch and kibana. Also is your elastic-http-plugin.conf referencing the yml file or the client-mode ("searchguard")? I'm not entirely sure what all needs to be configured. 

Client-mode is not a valid option for the elasticsearch-http() driver, so
don't use it (it was an option to the java elastic dest).

> [2019-07-10T01:44:39.100211] curl: error sending HTTP request; url='https://127.0.0.1:9200/_bulk', error='Problem with the local SSL certificate', worker_index='3', driver='d_elastic#0', location='#buffer:4:3'

Again, test the client certificate with curl. My guess is that you generated
a node certificate instead of a client certificate.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2801 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190710/027880b0/attachment-0001.bin>


More information about the syslog-ng mailing list