Filebeat SSL enabled logs reporting ‘ tls: failed to send closeNotify alert (but connection was closed anyway)

[vikas271019]

please confirm the exact cause of so many occurrences of frequent disconnection occurred while filbeat trying to connect with the logstash with the following exception.

**{"log.level":"error","@timestamp":"2024-12-05T23:08:41.336+0100","log.logger":"logstash","log.origin":{"file.name":"logstash/sync.go","file.line":100},"message":"error closing connection to logstash host log-transformer:5044: tls: failed to send closeNotify alert (but connection was closed anyway): write tcp : write: connection reset by peer, reconnecting...","service.name":"filebeat","ecs.version":"1.6.0"}**
Following is the filebeat configuration.

`filebeat.inputs:
type: container
paths:
/var/log/containers/test-demo.log
fields:
logplane: adp-app-logs
symlinks: true
multiline.pattern: '^[[:space:]]+(at|.{3})|^Caused by:|^java|^io'
multiline.negate: false
multiline.match: after

fields_under_root: true
tail_files: true
close_timeout: "6h"
ignore_older: "24h"
clean_inactive: "25h"
close_removed: false
clean_removed: false
output.logstash:
hosts: "test-log-transformer:5044"
ssl.certificate_authorities: "${TRUSTED_INTERNAL_ROOT_CA_PATH}/ca.crt"
ssl.certificate: "${LT_CLIENT_CERT_PATH}/${CERT}"
ssl.key: "${LT_CLIENT_CERT_PATH}/${KEY}"
ssl.verification_mode: "full"
ssl.renegotiation: "freely"
ssl.supported_protocols: ["TLSv1.2", "TLSv1.3"]
ssl.cipher_suites: []
bulk_max_size: 2048
worker: 1
pipelining: 0
ttl: 30
filebeat.registry.flush: 5s
logging.level: "info"
logging.metrics.enabled: false
http.enabled: true
http.host: localhost
http.port: 5066`

logstash.version'=>'8.4.3'
filebeat","version":8.4.3

[botelastic]

This issue doesn't have a Team:<team> label.

[anroots-by]

I'm also seeing this in filebeat logs. I've connected filebeat with logstash output over mTLS, and set a TTL value (and disabled pipelining).

The error messages appear regularly, every ttl * 2 interval.

filebeat 8.18.0; logstash 8.16.0