I have enabled TLS for logstash

ranjinikcloud · July 2, 2025, 8:08am

Versions (relevant - OpenSearch 2.13):

Describe the issue: I have enabled TLS. I m using logstash as the input source and opensearch plugin. How to verify from the logs if the TLS is enabled.

Configuration:

output {
 
    opensearch {
      ecs_compatibility => disabled
      hosts => ["https://log-search.dev.mbi.com:443"]
      ssl => true
      cacert => "sectigo.pem"
      ssl_certificate_verification => true
      document_id => "%{fingerprint}"
      index => "db-server"
    }
  }
}

Relevant Logs or Screenshots:

[2025-07-02T06:58:10,366][INFO ][logstash.outputs.opensearch][main] New OpenSearch output {:class=>"LogStash::Outputs::OpenSearch", :hosts=>["https://log-search.dev.mbi.com:443"]}
[2025-07-02T06:58:10,587][INFO ][logstash.outputs.opensearch][main] OpenSearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://log-search.dev.mbi.com:443/]}}
[2025-07-02T06:58:11,007][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://log-search.dev.mbi.com:443/"}
[2025-07-02T06:58:11,055][INFO ][logstash.outputs.opensearch][main] Cluster version determined (2.13.0) {:version=>2}
[2025-07-02T06:58:11,066][INFO ][logstash.outputs.opensearch][main] New OpenSearch output {:class=>"LogStash::Outputs::OpenSearch", :hosts=>["https://log-search.dev.mbi.com:443"]}
[2025-07-02T06:58:11,089][INFO ][logstash.outputs.opensearch][main] Using a default mapping template {:version=>2, :ecs_compatibility=>:disabled}
[2025-07-02T06:58:11,098][INFO ][logstash.outputs.opensearch][main] OpenSearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://log-search.dev.mbi.com:443/]}}
[2025-07-02T06:58:11,137][WARN ][logstash.outputs.opensearch][main] Restored connection to OpenSearch instance {:url=>"https://log-search.dev.mbi.com:443/"}
[2025-07-02T06:58:11,151][INFO ][logstash.outputs.opensearch][main] Cluster version determined (2.13.0) {:version=>2}
[2025-07-02T06:58:11,171][INFO ][logstash.outputs.opensearch][main] Using a default mapping template {:version=>2, :ecs_compatibility=>:disabled}
[2025-07-02T06:58:11,289][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
[2025-07-02T06:58:11,317][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
[2025-07-02T06:58:11,356][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
[2025-07-02T06:58:11,393][INFO ][logstash.filters.csv     ][main] ECS compatibility is enabled but `target` option was not specified. This may cause fields to be set at the top-level of theevent where they are likely to clash with the Elastic Common Schema. It is recommended to set the `target` option to avoid potential schema conflicts (if your data is ECS compliant or non-conflicting, feel free to ignore this message)
[2025-07-02T06:58:11,395][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
[2025-07-02T06:58:11,420][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
[2025-07-02T06:58:11,608][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
[2025-07-02T06:58:11,631][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schemabecomes available, this plugin will need to be updated
2025-07-02T06:58:11,830][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["/usr/share/logstash/logstash-9.0.2/conf.d/common-filter.conf", "/usr/share/logstash/logstash-9.0.2/conf.d/epo_filter.conf", "/usr/share/logstash/logstash-9.0.2/conf.d/fingerprint_filter.conf", "/usr/share/logstash/logstash-9.0.2/conf.d/input.conf", "/usr/share/logstash/logstash-9.0.2/conf.d/opensearch-output.conf", "/usr/share/logstash/logstash-9.0.2/conf.d/system-filter-linux.conf", "/usr/share/logstash/logstash-9.0.2/conf.d/system-input-linux.conf"], :thread=>"#<Thread:0x7dd40aed /usr/share/logstash/logstash-9.0.2/logstash-core/lib/logstash/java_pipeline.rb:138 run>"}[2025-07-02T06:58:15,230][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>3.4}[2025-07-02T06:58:15,245][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/logstash-9.0.2/data/plugins/inputs/file/.sincedb_e8b3c7c716c42d4923bc980e0496a4fd", :path=>["/var/McAfee/dbserver/logs/dbserver-start.log"]}[2025-07-02T06:58:15,248][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/logstash-9.0.2/data/plugins/inputs/file/.sincedb_32ea5fd16259a6b3ea437dc916cf3c43", :path=>["/var/McAfee/dbserver/logs/dbserver.log"]}[2025-07-02T06:58:15,251][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/logstash-9.0.2/data/plugins/inputs/file/.sincedb_d6550412b8e74dfdba0f3fed7d3249eb", :path=>["/var/McAfee/dbserver/logs/dbserver-lib.log"]}[2025-07-02T06:58:15,254][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/logstash-9.0.2/data/plugins/inputs/file/.sincedb_1948558e6f584cad5f7657c23c58a680", :path=>["/tmp/bootstrapper.log"]}
[2025-07-02T06:58:15,258][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/logstash-9.0.2/data/plugins/inputs/file/.sincedb_876504a6b882d9624d49446bdc46af7e", :path=>["/tmp/reconfig-tie.log"]}
[2025-07-02T06:58:15,261][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/usr/share/logstash/logstash-9.0.2/data/plugins/inputs/file/.sincedb_d64c3f0dbffdc31094ef016999a774ca", :path=>["/data/dbserver/traffic/dbserver-traffic.csv"]}
[2025-07-02T06:58:15,270][INFO ][filewatch.observingtail  ][main][4f093c5a36e0aba5bcde5fad57a394f226c35a922510fa676570ed1eb6fa7168] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,272][INFO ][filewatch.observingtail  ][main][5b3158beae7ded1c4c4e3f414012b333d95c31b4362ee8415e9058f2b5a547d6] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,278][INFO ][filewatch.observingtail  ][main][a5408d9056b4638db49b2e365b05ae1d2acaf3ca9e30951f4fa232eaa8e71c28] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,287][INFO ][filewatch.observingtail  ][main][1f0b9cefc1d012ac3bfe37797daebcf8a7acbeb9db6a6456ddc6547064e2b5c9] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,296][INFO ][filewatch.observingtail  ][main][3829305f4da86be24bac4c6b2c63365f22e75681b4019186277644ded8c00859] START, creating Discoverer, Watch with file and sincedb collections[2025-07-02T06:58:15,305][INFO ][filewatch.observingtail  ][main][5e223469426fa02c0f169a2e4a8ecc618199b9fdcf867c23719affaf886575da] START, creating Discoverer, Watch with file and sincedb collections[2025-07-02T06:58:15,320][INFO ][filewatch.observingtail  ][main][348e1b618b5700bc8a9847e4a4e226bc46ba6a3e9ca7efe8dd3e843906d409ac] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,331][INFO ][filewatch.observingtail  ][main][59950cb83d68fea52d130e3904c977110af01d6deb69ec0c89013f88f8fa66a7] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,337][INFO ][filewatch.observingtail  ][main][04d56e2b54bff529904b86c68713911d583696d38d3256806dd28ac7a22bf2fb] START, creating Discoverer, Watch with file and sincedb collections
[2025-07-02T06:58:15,340][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}[2025-07-02T06:58:15,369][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

Anthony · July 2, 2025, 11:20am

@ranjinikcloud if https is used, which it is in your case, the communications is encrypted. This is also evident from the logs:

Restored connection to OpenSearch instance {:url=>"https://log-search.dev.mbi.com:443/"}

Topic		Replies	Views
Does Opensearch support full verification mode for MTLs OpenSearch	0	43	December 19, 2024
Logstash : How to configure certificate for input source & output destination for OpenSearch Logstash Security configure	2	81	January 22, 2025
Logstash to Opensearch with Certs auth Data Prepper	5	1518	December 16, 2022
Logstash Opensearch Input OpenSearch	6	398	October 6, 2023
Logstash opensearch filter plugin OpenSearch	3	685	February 6, 2024

I have enabled TLS for logstash

Related topics