* Rebuilt URL to: https://elkstack:9200/
* Trying 10.114.11.12...
* Connected to elkstack (10.114.11.12) port 9200 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
If you are using a self-signed certificate (vs one signed by a trusted CA like Let's Encrypt) then you need to configure the client to trust that certificate. This is where output.elasticsearch.ssl.certificate_authorities option needs to be used in order to establish trust of the server's certificate.
That change got the packetbeat service up and running. However, I am getting this error. I know the first two entries are standard checks but, the last one is one I haven't seen yet.
2018-01-19T12:53:56-06:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=24213776 beat.memstats.memory_alloc=21307480 beat.memstats.memory_total=22833040 libbeat.config.module.running=0 libbeat.pipeline.clients=13 libbeat.pipeline.events.active=0
2018-01-19T12:54:26-06:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=24213776 beat.memstats.memory_alloc=21321528 beat.memstats.memory_total=22847088 libbeat.config.module.running=0 libbeat.pipeline.clients=13 libbeat.pipeline.events.active=0
2018-01-19T12:54:26-06:00 CRIT Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: fail to get the Kibana version:HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get https://newservername:5601//api/status: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers). Response: .
Thank you for your help. I am just error after error on this.
I do not think it is setup up the listen on HTTPS. I am going to change that. I have been reading what makes it listen HTTPS vs HTTP.
The double slash (//) - I cannot find where that is coming from. I looked in the packetbeat.yml and the kibana.yml and neither have and extra slash at the end of the :5601.
Yes. I am getting this error sending the dashboards. They are client certs.
Packetbeat config: (kibana section)
setup.kibana:
username: "username"
password: "password"
setup.kibana.host: "servername:5601"
setup.kibana.protocol: "https"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.certificate_authorities: ["/etc/packetbeat/root-ca.pem"]
setup.kibana.ssl.certificate: "/etc/packetbeat/CN=demouser.crt.pem"
setup.kibana.ssl.key: "/etc/packetbeat/CN=demouser.key.pem"
I run this command:
/usr/share/packetbeat/bin/packetbeat setup --dashboards --path.config /etc/packetbeat/
I get this message:
Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: fail to load the TLS config: 1 error: tls: failed to parse private key
I could very easily be confused on the certificate part. Do I need to add in a password for this to decrypt the cert/key? If so, would that setting be setup.kibana.ssl.key_passphrase: ?
Doing that gives me this error. Should I go in and delete the index for packetbeat?
Exiting: Error importing Kibana dashboards: fail to import the dashboards in Kibana: Error importing directory /usr/share/packetbeat/kibana: Failed to import index-pattern: Failed to load directory /usr/share/packetbeat/kibana/default/index-pattern:
error loading /usr/share/packetbeat/kibana/default/index-pattern/packetbeat.json: 403 Forbidden. Response: {"statusCode":403,"error":"Forbidden","message":"Error: Unauthorized"}