2016/02/25 17:37:08.496727 transport.go:125: ERR SSL client failed to connect with: dial tcp 172.31.31.169:5044: getsockopt: no route to host


(Mayur Patel) #1

Hey I am using Amazon EC2 server for my app. I have follow this tutorial for setting ELK stack: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04

When I run sudo service filebeat restart command I got this error:

2016/02/25 17:37:08.496727 transport.go:125: ERR SSL client failed to connect with: dial tcp ec2_private_ip:5044: getsockopt: no route to host


(Mark Walkom) #2

That's a networking issue, it means your filebeat host cannot connect to the end point.

Providing your configs may help.


(Mayur Patel) #3

/etc/logstash/conf.d/logstash.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

output {
  stdout { codec => "rubydebug" }
  elasticsearch {
    hosts => ["localhost:9200"]
    sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

/etc/filebeat/filebeat.yml

filebeat:
  prospectors:
    -
      paths:
        - /var/log/auth.log
        - /var/log/syslog
      #  - /var/log/*.log
      input_type: log
      document_type: syslog
  registry_file: /var/lib/filebeat/registry

output:
  logstash:
    enabled: true
    hosts: ["elk_server_private_ip:5044"]
    bulk_max_size: 1024
    tls:
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

shipper:

logging:
  files:
    rotateeverybytes: 10485760 # = 10MB

(Mark Walkom) #4

Can you ping elk_server_private_ip from the host running filebeat? Can you telnet elk_server_private_ip 5044 from the same host?


(Mayur Patel) #5
telnet 172.31.32.169 5044
Trying 172.31.32.169...
telnet: Unable to connect to remote host: No route to host

it's on aws ec2
and thanks for quick reply


(Mark Walkom) #6

So there's your problem, it could be a security group thing, so start there.


(system) #7