[graylog2] Failed to tls handshake with logstash-forwarder -> graylog2

Tue, 11 Nov 2014 12:51:43 -0800 

Greetings,

We have been successfully using graylog2 with rsyslog sending logs to 
graylog2-server. We are testing logstash-forwarder-0.3.1-1.x86_64.rpm on 
rhel 6U5 nodes to send logs to graylog2 v0.91.3.. 

logstash-forwarder (RHEL6) -> graylog2-server (RHEL6) -> elasticsearch 
(RHEL6)

When we start logstash-forwarder we receive the following messages: 
/opt/logstash-forwarder/bin/logstash-forwarder.sh  -config 
/etc/logstash-forwarder
2014/11/10 16:55:51.736015 Launching harvester on new file: 
/var/log/messages
2014/11/10 16:55:51.736086 Launching harvester on new file: /var/log/secure
2014/11/10 16:55:51.736934 Starting harvester: /var/log/messages
2014/11/10 16:55:51.737199 Current file offset: 34808
2014/11/10 16:55:51.737504 Starting harvester: /var/log/secure
2014/11/10 16:55:51.737582 Current file offset: 1772
2014/11/10 16:56:00.758028 Connecting to xx.xx.xx.xx:xxx (graylog2_server) 
2014/11/10 16:56:00.759250 Failed to tls handshake with xx.xx.xx.xx EOF
2014/11/10 16:56:00.758028 Connecting to xx.xx.xx.xx:xxx (graylog2_server) 
2014/11/10 16:56:00.759250 Failed to tls handshake with xx.xx.xx.xx EOF
2014/11/10 16:56:00.758028 Connecting to xx.xx.xx.xx:xxx (graylog2_server) 
2014/11/10 16:56:00.759250 Failed to tls handshake with xx.xx.xx.xx EOF

logstash-forwarder:
# cat /etc/logstash-forwarder
{
  "network": {
    "servers": [ "graylog2-server:12501" ],
    "ssl ca ": "/etc/logstash/ca.crt",
    "timeout": 15
},
  "files": [
    {
      "paths": [
        "/var/log/messages",
        "/var/log/secure"
       ],
      "fields": { "type": "syslog" }
    }
   ]
}

We have worked through each of the following suggestions in, and we always 
get the same Failed to tls handshake messages: 
https://github.com/elasticsearch/logstash-forwarder/issues/230
https://github.com/elasticsearch/logstash-forwarder/issues/221

Could you please share the SSL setup to allow logstash-forwarder to send 
messages to graylog2?

Thank you in advance for you support!

Respectfully, 

-- 
You received this message because you are subscribed to the Google Groups 
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to