Logstash Forwarder

Question

Trying to send some logs to logstash server. Using logstash forwarder to forward the logs to logstash

But its getting timed out:

2015/03/04 08:19:15.266955 Started harvester at end of file (current offset now 10659): /apps/azuga-dds/logs/amqData.log
2015/03/04 08:19:15.267089 Setting trusted CA from file: /etc/logstash-forwarder/logstash-forwarder.crt
2015/03/04 08:19:15.290016 Connecting to [10.90.9.242]:5000 (ec2-54-70-33-51.us-west-2.compute.amazonaws.com)
2015/03/04 08:19:20.290259 Failure connecting to 10.90.9.242: dial tcp 10.90.9.242:5000: i/o timeout
2015/03/04 08:19:21.291691 Connecting to [10.90.9.242]:5000 (ec2-54-70-33-51.us-west-2.compute.amazonaws.com)
2015/03/04 08:19:26.291903 Failure connecting to 10.90.9.242: dial tcp 10.90.9.242:5000: i/o timeout
2015/03/04 08:19:27.293218 Connecting to [10.90.9.242]:5000 (ec2-54-70-33-51.us-west-2.compute.amazonaws.com)

Any idea how to resolve this issue.

Answer 1

Try generating a new ssl cert in the logsatsh server (10.90.9.242) with the IP-SAN alternate name which means editing the /etc/ssl/openssl.cnf and adding:
subjectAltName = IP:10.90.9.242
under the [v3_ca] section.
and only afterwards generating the cert and key by running:
openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/logstash-forwarder.key -out /etc/pki/tls/certs/logstash-forwarder.crt -days 3650
Don't forget to reset the logstash and move the crt and key to the correct path of the logstash-forwarder (written in the config file).

Answer 2

You may have some problems with SSL cert, sometimes checking cert may help. And be sure that you are using same version of JVM on logstash-forwarder, logstash and elasticsearch. Generate cert with your logstash-server IP, log says that you try to connect to host with IP, that not listed in cerificate.

Try

 openssl s_client -showcerts -connect host:port