I recently implemented the ELK Stack solution to centralise logs from several devices. It works very well when I send my logs over UDP, but I'm having a few problems encrypting the logs.
Here are some of my logstash inputs :
input { udp { type => "log-synology" host => "10.7.7.101" port => 5140 } tcp { type => "log-synology" host => "logs.<domaine.com>" port => 5140 ssl_enable => true ssl_certificate => "/etc/ssl/logstash/fullchain.pem"# ssl_certificate_authorities => "/etc/ssl/logstash/chain.crt" ssl_key => "/etc/ssl/logstash/privkey.pem" }}Here is the configuration on the Synology:Server : logs.<domaine.com>Port 5142Protocol : TCPFormat : IETF (RFC 5424)Activate secure connection (SSL) : Yes
And here is the error message :[ERROR] 2023-10-13 12:30:49.296 [nioEventLoopGroup-2-1] tcp - null: closing due:io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16)
I work on Ubuntu 22.04.3 LTS
Elasticsearch version 8.13.2
java --versionjava 21.0.3 2024-04-16 LTSJava(TM) SE Runtime Environment (build 21.0.3+7-LTS-152)Java HotSpot(TM) 64-Bit Server VM (build 21.0.3+7-LTS-152, mixed mode, sharing)
/usr/share/logstash/bin/logstash --versionUsing bundled JDK: /usr/share/logstash/jdklogstash 8.13.2
Hope that someone can help me.