Open vbohata opened 5 years ago
Still present in LS 6.8.0, despite documentation says you should set *.ssl.verification_mode
to full
.
I am seeing this in 7.4
Same in 7.5.1
I am also getting same message in logstash 7.6.0
getting same message in logstash 7.6.2
Same issue on 7.9.2
For some time I see in logstash logs messages like: [2019-03-08T19:20:21,169][WARN ][logstash.outputs.elasticsearch] WARNING Detected UNSAFE options in elasticsearch output configuration! WARNING You have enabled encryption but DISABLED certificate verification. WARNING To make sure your data is secure change :ssl_certificate_verification to true
This is related to xpack monitoring. I do not use elasticsearch output plugins in this logstash. Xpack monitoring related config is:
xpack: monitoring: elasticsearch: password: somepass ssl: ca: someca.crt url:
If I change it to:
xpack: monitoring: elasticsearch: password: somepass ssl: ca: someca.crt verification_mode: full url:
I get: [2019-03-08T19:26:42,852][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<ArgumentError: Invalid value "full". Options are: ["none", "certificate"]>
From the logs I can see the LS really configures elasticsearch output with ssl_certificate_verification=>false but I did not configure it anywhere, I even do not use elasticsearch output (only xpack ES monitoring).
So this seems to be LS bug. It is at least in LS 6.5.x and 6.6.x.