Set up communication logstash with SSL using http input plugin

Question

Mine question:

How sent logs to logstash (using for example postman) with SSL? Should I include some certificate in request Header or what?

Additional questions:

How to set up http logstash input with SSL? I already does it right?
How communication with logstash throught SSL works?

What I already have:

Working ELK docker image based on: https://github.com/deviantony/docker-elk
Working logstash-input-http-plugin based on: https://www.elastic.co/blog/introducing-logstash-input-http-plugin
My logstash.conf file looks like:

input {
  http {
        port => "5000"
  }
  http {
        port => "5001"
        ssl => on
        keystore => "KeyStore.jks"
        keystore_password => "1qaz@WSX"
  }
}

output {
  elasticsearch {
      hosts => "elasticsearch:9200"
  }
}

KeyStore.jks file is created using section 1 of : https://support.globalsign.com/customer/en/portal/articles/2121490-java-keytool---create-keystore
I copy my KeyStore.jks to docker-image and logstash http plugin see this file

Workflow:

First component sent logs to first input using postman and it work fine - Response: "OK"
When second component try send logs to second input: have no response (and no logs about receive request in docker-compose logs) - in postman: "Could not get any response"

I refactor my question. It looks like I need some certificate somewhere I guess. I have logstash logs that first input receive request but have no logs about SSL input. — TheHorizon

Praveen Praveen · Accepted Answer · 2018-09-19T06:58:00

input {
http { port => "5000"
  }
http {
    port => "5001"

ssl => on => change this from on to true

keystore => "KeyStore.jks"
keystore_password => "1qaz@WSX"
}
}

output {
elasticsearch {
  hosts => "elasticsearch:9200"
 }
}

This is because ssl accepts boolean value(true or false). this will solve your issue , and it will work if you have correctly created your .jks file.

Set up communication logstash with SSL using http input plugin

1 Answers