lumberjack certs not found in logstash server in default build

Question

lumberjack certs not found in logstash server in default build

lmunro opened this issue 10 years ago · 2 comments

Constant errors are being posted in the logstash log because logstash server cannot find lumberjack secrets referenced in the input_lumberjack config.

By default, lumberjack secrets are placed in /etc/lumberjack.crt and /etc/lumberjack.key. This is configured on the logstash server side regardless of using either lumberjack or tcp for log transport.

https://github.com/rackspace-cookbooks/elkstack/blob/master/attributes/forwarder.rb#L7-L8
https://github.com/rackspace-cookbooks/elkstack/blob/master/recipes/_lumberjack_secrets.rb#L51

By default, Logstash server expects the secrets to be in /opt/logstash/lumberjack.crt and /opt/logstash/lumberjack.key
https://github.com/rackspace-cookbooks/elkstack/blob/master/recipes/logstash.rb#L55-L56

Answer 1 · 2015-06-19T08:57:43.000Z

This only occurs if a lumberjack secret exists, or you're using lumberjack as the transport protocol.

Answer 2 · 2015-06-19T13:38:17.000Z

Logstash server expects the secrets to be in /opt/logstash/lumberjack.crt and /opt/logstash/lumberjack.key

I believe this was because if we are using the non-Java agent 'logstash-forwarder', we can't guarantee that /opt/logstash exists or if it does, it may be owned by root (and then it won't be readable by everything).