Failed to tls handshake, An established connection was aborted by the software in your host machine
foresightyj opened this issue · 1 comments
My logstash-forwarder repeatedly throws me the following error with a 1-second interval:
2015/08/10 15:02:22.854153 Connecting to [10.162.59.163]:5043 (linux1.huohuo.com
)
2015/08/10 15:02:22.889311 Failed to tls handshake with 10.162.59.163 WSARecv tc
p 10.165.101.152:55172: An established connection was aborted by the software in
your host machine.
I tried starting logstash from command line by specifying --debug option but it doesn't print anything. Is there any way to figure out what is causing the problem?
FYI. I setup my SSL as follows:
In the host machine (ubuntu, IP addr: 10.162.59.163), I ran:
openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt -days 365 -subj /CN=linux1.huohuo.com
cp logstash-forwarder.key /etc/pki/tls/private/logstash-forwarder/
cp logstash-forwarder.crt /etc/pki/tls/certs/logstash-forwarder/
In the logstash config, I have:
input {
lumberjack {
type => "iislog"
port => 5043
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder/logstash-forwarder.key"
}
}
Then I copied the key and crt files to my windows machine (IP addr: 10.165.101.152) which is where the logs are and logstash-forwarder is run. The logstash-forward config file is:
{
"network": {
"servers": [
"linux1.huohuo.com:5043"
],
"ssl certificate": "./logstash-forwarder.crt",
"ssl key": "./logstash-forwarder.key",
"ssl ca": "./logstash-forwarder.crt",
"timeout": 15
},
"files": [
{
"paths": [
"D:\\CloudMarketing\\iislog\\W3SVC3\\u_ex*.log"
],
"fields": {
"type": "iislog"
}
}
]
}
In the hosts file in windows, I have the following line and I verified that it is correct by pinging linux1.huohuo.com
10.162.59.163 linux1.huohuo.com
Fixed in elastic/logstash#3657, 1.5.4 should fixes this soon