The host running Logstash might be unreachable or the certificate may not be valid. To resolve your issue:
Make sure that Logstash is running and you can connect to it. First, try to ping the Logstash host to verify that you can reach it from the host running Auditbeat. Then use either
telnetto make sure that the port is available. For example:
ping <hostname or IP> telnet <hostname or IP> 5044
Verify that the certificate is valid and that the hostname and IP match.
For testing purposes only, you can set
verification_mode: noneto disable hostname checking.
- Use OpenSSL to test connectivity to the Logstash server and diagnose problems. See the OpenSSL documentation for more info.
Make sure that you have enabled SSL (set
ssl => true) when configuring the Beats input plugin for Logstash.
Here are some common errors and ways to fix them:
This happens because your certificate is only valid for the hostname present in the Subject field.
To resolve this problem, try one of these solutions:
- Create a DNS entry for the hostname mapping it to the server’s IP.
Create an entry in
/etc/hostsfor the hostname. Or on Windows add an entry to
- Re-create the server certificate and add a SubjectAltName (SAN) for the IP address of the server. This make the server’s certificate valid for both the hostname and the IP address.
This is not a SSL problem. It’s a networking problem. Make sure the two hosts can communicate.
This is not a SSL problem. Make sure that Logstash is running and that there is no firewall blocking the traffic.
A firewall is refusing the connection. Check if a firewall is blocking the traffic on the client, the network, or the destination host.