2016/02/25 17:37:08.496727 transport.go:125: ERR SSL client failed to connect with: dial tcp 172.31.31.169:5044: getsockopt: no route to host

Mayur_Patel · February 25, 2016, 5:44pm

Hey I am using Amazon EC2 server for my app. I have follow this tutorial for setting ELK stack: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04

When I run sudo service filebeat restart command I got this error:

2016/02/25 17:37:08.496727 transport.go:125: ERR SSL client failed to connect with: dial tcp ec2_private_ip:5044: getsockopt: no route to host

warkolm · February 25, 2016, 8:28pm

That's a networking issue, it means your filebeat host cannot connect to the end point.

Providing your configs may help.

Mayur_Patel · February 26, 2016, 7:39pm

/etc/logstash/conf.d/logstash.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

output {
  stdout { codec => "rubydebug" }
  elasticsearch {
    hosts => ["localhost:9200"]
    sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

/etc/filebeat/filebeat.yml

filebeat:
  prospectors:
    -
      paths:
        - /var/log/auth.log
        - /var/log/syslog
      #  - /var/log/*.log
      input_type: log
      document_type: syslog
  registry_file: /var/lib/filebeat/registry

output:
  logstash:
    enabled: true
    hosts: ["elk_server_private_ip:5044"]
    bulk_max_size: 1024
    tls:
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

shipper:

logging:
  files:
    rotateeverybytes: 10485760 # = 10MB

warkolm · February 26, 2016, 7:48pm

Can you ping elk_server_private_ip from the host running filebeat? Can you telnet elk_server_private_ip 5044 from the same host?

Mayur_Patel · February 26, 2016, 7:51pm

telnet 172.31.32.169 5044
Trying 172.31.32.169...
telnet: Unable to connect to remote host: No route to host

it's on aws ec2
and thanks for quick reply

warkolm · February 26, 2016, 9:34pm

So there's your problem, it could be a security group thing, so start there.

Topic		Replies	Views
Transport.go:125: ERR SSL client failed to connect with: dial tcp ...:5044: i/o timeout Beats filebeat	4	1523	May 9, 2017
Transport.go 125 SSL client failed to connect with dial tcp <IP:Address of ELK>5044 getsockopt connection refused Beats	8	1494	October 10, 2018
ERR Failed to connect: dial tcp ELK_IP_ADDRESS:9600: getsockopt: connection refused Beats filebeat	3	1704	April 24, 2018
Filebeat cannot connect to Logstash using ssl. curl: (35) TCP connection reset by peer Beats filebeat	3	1654	January 14, 2020
Transport.go:125: SSL client failed to connect with: dial tcp xx.xx.xx.xx:5044: getsock…n refused Logstash	3	103	May 27, 2024

2016/02/25 17:37:08.496727 transport.go:125: ERR SSL client failed to connect with: dial tcp 172.31.31.169:5044: getsockopt: no route to host

Related topics