> Am 06.02.2018 um 17:54 schrieb Florent LEPOUTRE <
florent....@gmail.com>:
>
> Hi,
> I have installed search guard plugin on my ELK platform : search guard is OK with Elasticsearch and Kibana.
> But with logstash it doesn't work.
>
> Here is my logstash log :
> <code>
> {:timestamp=>"2018-02-05T17:41:16.701000+0100", :message=>"Attempted to send a bulk request to Elasticsearch configured at '[\"
http://localhost:9200\"]', but Elasticsearch appears to be unreachable or down!", :error_message=>"Connection reset",
In the above line logstash seem to try to connect to
http://localhost:9200 instead of
https://localhost:9200
That is also why you get the "Someone (/
127.0.0.1:56442) speaks http plaintext instead of ssl, will close the channel" warning
> :class=>"Manticore::SocketException", :level=>:error}
> </code>
>
> Here is my Elasticsearch log :
> <code>
> [2018-02-06T17:38:10,518][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [somweb-px01-elk-es-log-01] Someone (/
127.0.0.1:56442) speaks http plaintext instead of ssl, will close the channel
> </code>
>
> Here is my logstash output conf :
> <code>
> if [type] == "apache" {
>
> elasticsearch {
> ssl => true
> ssl_certificate_verification => false
> truststore => "/etc/elasticsearch/es-log-01/truststore.jks"
> truststore_password => XXXXX
> user => logstash
> password => XXXXXXX
> hosts => "
https://localhost:9200"
>
> </code>
>
> Do you have any idea ?
>
> Thanks,
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
search-guard...@googlegroups.com.
> To post to this group, send email to
search...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/search-guard/46a8d1cf-f3ff-4622-9af6-03e233df8e75%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.