- Journalbeat Reference for 6.5-7.15:
- Overview
- Getting started with Journalbeat
- Setting up and running Journalbeat
- Configuring Journalbeat
- Configure inputs
- Specify general settings
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Define processors
- Add cloud metadata
- Add Docker metadata
- Add fields
- Add Host metadata
- Add Kubernetes metadata
- Add labels
- Add the local time zone
- Add Observer metadata
- Add process metadata
- Add tags
- Community ID Network Flow Hash
- Convert
- Decode Base64 fields
- Decode CSV fields
- Decode JSON fields
- Decompress gzip fields
- Dissect strings
- DNS Reverse Lookup
- Drop events
- Drop fields from events
- Extract array
- Keep fields from events
- Registered Domain
- Rename fields from events
- Script Processor
- Timestamp
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- journalbeat.reference.yml
- Exported fields
- Monitoring Journalbeat
- Securing Journalbeat
- Troubleshooting
SSL client fails to connect to Logstash
editSSL client fails to connect to Logstash
editThe host running Logstash might be unreachable or the certificate may not be valid. To resolve your issue:
-
Make sure that Logstash is running and you can connect to it. First, try to ping the Logstash host to verify that you can reach it from the host running Journalbeat. Then use either
nc
ortelnet
to make sure that the port is available. For example:ping <hostname or IP> telnet <hostname or IP> 5044
-
Verify that the certificate is valid and that the hostname and IP match.
For testing purposes only, you can set
verification_mode: none
to disable hostname checking. - Use OpenSSL to test connectivity to the Logstash server and diagnose problems. See the OpenSSL documentation for more info.
-
Make sure that you have enabled SSL (set
ssl => true
) when configuring the Beats input plugin for Logstash.
Common SSL-Related Errors and Resolutions
editHere are some common errors and ways to fix them:
x509: cannot validate certificate for <IP address> because it doesn’t contain any IP SANs
editThis happens because your certificate is only valid for the hostname present in the Subject field.
To resolve this problem, try one of these solutions:
- Create a DNS entry for the hostname mapping it to the server’s IP.
-
Create an entry in
/etc/hosts
for the hostname. Or on Windows add an entry toC:\Windows\System32\drivers\etc\hosts
. - Re-create the server certificate and add a SubjectAltName (SAN) for the IP address of the server. This make the server’s certificate valid for both the hostname and the IP address.
getsockopt: no route to host
editThis is not a SSL problem. It’s a networking problem. Make sure the two hosts can communicate.
getsockopt: connection refused
editThis is not a SSL problem. Make sure that Logstash is running and that there is no firewall blocking the traffic.
No connection could be made because the target machine actively refused it
editA firewall is refusing the connection. Check if a firewall is blocking the traffic on the client, the network, or the destination host.
On this page