背景:在使用证书的方式让beat和logstash通信传输数据的过程中,生成了证书,logstash的证书配置如下:
input {
beats {
ssl => true
port => 5044
ssl_certificate_authorities => ["/data/elk/logstash/certs/beat.crt"]
ssl_certificate => "/data/elk/logstash/certs/logstash.crt"
ssl_key => "/data/elk/logstash/key/logstash.pkcs8.key"
ssl_verify_mode => "force_peer"
codec => json {
charset => "UTF-8"
}
client_inactivity_timeout => 36000
}
}
错误现象:在启动logstsah的时候出现报错:
[2022-08-18T15:59:02,702][WARN ][io.netty.channel.DefaultChannelPipeline][webs_monitor][00ad8304ca625095fa19c2de1d917d0a4f847854c034b488a26d5bbc4c7cae0a] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 325700000002324300000917785ecc586b6f1cb7d5d6fb7e2bd01f3120d01a706756248773e1188b465a2bb2132beb6837b193265870389c592a73590f39b214633f2469032468da7e498b26018cf4060448831648012369ff8d64c7ffa2e0acb45add6c350dda7ed28897439ec3e79cf33c8b9f5b5a5afabfa5a5effde01e7846cb4228cd8a09880086183b307450388441e48511219dd0f75e053678a6109a254c3310dd03b1601a44602c58addb6f1be8dd8900111825150736d816b5925509221076dc0e06531b34756eb62655c1a499d05b9d1d59aa312bb3429459875705b0c1a4aa358808716d9036790e2230d67aa2a2e5e5b3d72b3e168539b85d06a636504d51b07ad79cd54c40846c9054774b10c1a90d0457667cf176b003cd2e9689529b393131066b968f64022220689cf0d44b9c3061dc2129f29c9030d749dd3820492218f17d6083762d2731f518420e0d42e29030a54ee8f1c4c104538ca89f7a21063628597b61c19543110b1d48b0ef53bf5356db2caf38cb8fa2b918e033423ad67a62ee5c0b35a94a25ccb7d24c376ac4ab448008436883b84ada688c991a9b73dd187242300d538e382294a5714a7848a99fc614131c304190203ea131750967847a94a238083d1c879e076c10ef6aa166112d642146076fafc58e5e9ee44c96572c3e66b512badbe8d409816d3c4944dd467f20ea6d518308dc96e5c03cff862833608315cec5443b9baccc8402d1c12936e855a516a5766e8832d3c603e4a185e1e10c78ede1635d98e8ad702e9472ccc6baca9d953cafee3a1b428fabc4185e5f1bda37fb83e1792baf1dde757e747b860d6e30a59d8d2a91a914061c03a66d0b116b83d51686185a884698461eb2d637ceb5deaf65d626c021b0ef0ab923cbb392e12ad306dac371635b28b4569acc1c83ad596e7ac1c1316b9a652002af0102294c13cfa181e331987894638c7c5fbc06c0746a835ab708d795666d2a360a44087bd8f7a03f350b74de3e1017b596a9e44c8b5159e9d136cb653262a96e5f0d43ec9a1a81c32174234822e2752084a646a88397bd07763c48cddf4913e7928fde10bb23b133a9ca36c97ccf73031b18d3b148abdaf838ab3c81838343abfea1d5051b2ccfaa5aea710122b039583189a75463ae750f24526959668d5463918c0e92acf742773daf62960f64565a9b8315abffb23518dcb07a2b168628b4fb8bf3e5b6a398ddebaeae011bf0aa28aaf2d0d013ad80e9b15b2af9669b7b249c397991c835f196e0edf39ce7c7e55308b1fbddbd077f7ef4cefdfd0fdfdd7fffd347ef7df6f06f6f3dfce4bdc7bffdd5375ffe7eefebaff77ff6f9fe2f1fd837baab426ec932b307c3f967afdb7be19497974fa370da3eab64f9a86c8ab84580ebbb081184304608bb010e7c44b1ef424abcd0e4ba9259c974538b63ef35b8b6823ddf31cf36b50f8ad13da0c60c99d2199084853e152173639c204fc4d873bd24e13c4d5c88904821e26df15163863ddfec41dc4b69920471ecf1987838e1c425290b184d68e0c6411227c40f7d18c0d84b7c82908b45c0294f09873ef4db9c381beb1781a5509ac5798b3610e9ba11f3123d9ad495ae7865ba97ce4d093baadda8635a009793711bcacdc18ae35e5d1b38bdd59eeb0caeb5b129aa52eaaa05f5ac9a83c8b4321b244dcd74db561792d77743e3c758f03746595d999e07781a329773e120c1998390481ce609eaa40cf9aec010bacc74e9b6f54f586b2f6b4bcd2902e0051d976293dcb9e9f827e6e97c7e3a67006d533ae888c8750372d4f2f6fff0d9c32ffff8e89dfbdf7cf09ef3f0d77fd9fff0dd471fdf377bc5f641fb4d98664ab4e442eb8999aae2a3b232ae94be48fb941310fd04208a3bc80f3ba88391e918a9086114a521f22357a469940a0c231389d76d50306eb6a42c6a67230c23e846666e3a6de9d2ff2f2d7dffea53e952d8094362a2f56fd3a5ffbadbc770a8674df6f8db86015d78db9fff66efabcff7befad3fe573fddbfff8bfd076f3ffce483fdf73f7dfcf1bbfb1fff6e569566f568efef6fed3df8e8f1db5f3cfae2af269f5bc2721ec42986a147d16984538e184ffdef00e1610752f709083f989f7e6b6ef90470cf69a74c4cdafe4709a4fdadb8ee194cbe6032ef085ddd2d4d4dd4e2a954fe9c0da7b97c8bb713047781491e32c3e10c9d730a78443fd75751085d78168bc4014206bf03a19d5e55bd218529003abb3bca83515d355a747d26621cbb8ca49478ae8b39a538c66ecc184d500ad9156b6d67226ba1ba0714cd596932c7d4c896a2d108b714ed8a7593e97177d9b858a8914cbadb5b5b69befbd2f5fecd57af5ebb5b91679f7f757ce7f917976f5d2f5f7965f7d6b0b9596f06498c379a8dee15eb6a2b99ba67456dd1b4ca472291a63fcc96deb9631ee2c2db67378bb9cb7fb47afbdaaddbdbabbbf166bd736beb9597fbbbc54db1ddcf26abc3f53787cfd52fa69910f082377bfd88c10f046f6aa9779d9b552ef92e8880e2b59c6847d5dcbaa4449e5eb2cc93b772af2ab32dd989994c1ae3c77c625c9c183c3976b9935555960b87952cdfd592abf9fe167b1a75322d8b5671cead9e311c2d2f5feea84a55c78e3f31d48ecc223db7756ce0e0ff16f2bc2aac63abe6a3472b8f0da9d9ee5363854c983af4a23cdc7df6e8a4893b32b973e7a4c79c4d341fb38558c4791547d6a5a6542c158e2c73598a4bf3ffc536cb2f5db16a6124bad3d4b23d5699738fd0b6cc33e9c4b25c9e2d1bf14cfeb81ea926360da4cbd5e48765d552956eca726534558ff1b138946a6d31d9715826ba26676f3bcfd6ac104e7f6250ad0c895cd958eb6f5e5fbf6eb8eba648455d8bfa084ed54c
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) ~[netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-all-4.1.65.Final.jar:4.1.65.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.65.Final.jar:4.1.65.Final]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: .......
问题原因:排错的过程比较辛酸,就不赘述了。这里的报错原因是证书中指定的ip在logstash发布服务的时候没有指定该ip,因此抛出了不是ssl/tls记录的错误。
证书生成openssl req -subj '/CN=192.168.1.1/' -x509 -days $((100 * 365)) -batch -nodes -newkey rsa:2048 -keyout logstash.key -out logstash.crt
解决办法:在logstash配置文件中指定服务发布地址为证书中的ip为192.168.1.1;