Closed lmunro closed 9 years ago
This only occurs if a lumberjack secret exists, or you're using lumberjack as the transport protocol.
Logstash server expects the secrets to be in /opt/logstash/lumberjack.crt and /opt/logstash/lumberjack.key
I believe this was because if we are using the non-Java agent 'logstash-forwarder', we can't guarantee that /opt/logstash exists or if it does, it may be owned by root (and then it won't be readable by everything).
Constant errors are being posted in the logstash log because logstash server cannot find lumberjack secrets referenced in the input_lumberjack config.
By default, lumberjack secrets are placed in /etc/lumberjack.crt and /etc/lumberjack.key. This is configured on the logstash server side regardless of using either lumberjack or tcp for log transport.
https://github.com/rackspace-cookbooks/elkstack/blob/master/attributes/forwarder.rb#L7-L8 https://github.com/rackspace-cookbooks/elkstack/blob/master/recipes/_lumberjack_secrets.rb#L51
By default, Logstash server expects the secrets to be in /opt/logstash/lumberjack.crt and /opt/logstash/lumberjack.key https://github.com/rackspace-cookbooks/elkstack/blob/master/recipes/logstash.rb#L55-L56