Cannot make this work

Peque · June 16, 2021, 7:12am

Hi Group
I struggling like H*** t omake this work

I have created an ELK server on Ubuntu 20.04LTS - and would like to monitor both Normal Linux/Windows Server - and allso our PFsense Routers.
I'm using the PFELK --> GitHub - pfelk/pfelk: pfSense/OPNsense + ELK to monitor our PFsense

But its like I cannot have both setups running at the same time! and the questions is why

Is it that both default uses Filebeat as the data collector - and can not make it work
Seperatly If I create an install for normal machines - this work
Allso installing pfelk as single install - is working

But when I using Both at the same time - I'm only getting information from PFsense - not all other PC - there just no data after the PFelk is installed

What is my problem here

Thanks in advance
P

warkolm · June 17, 2021, 1:52am

When you are using pfelk and other Filebeat instances, what happens exactly? What is the config setup as and what do the logs of Filebeat show?

Peque · June 17, 2021, 8:35am

Well in this case - I'm following this guide --> How To Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 20.04 | DigitalOcean
Configured as described in the guide

Than all logs files from other machines are sending to the ELK server
Then I do the Installation for PFsense - using this guide --> GitHub - pfelk/pfelk: pfSense/OPNsense + ELK
Using the Script for installing. no errors or reinstallation of the packages

And then afterwards I'm logging from PFsense - But not from all other machines!
My guess is that PFELK overrules the filebeat setup and therefor only see the PFELK solutions

Asking about config setup - I haven't done anything else other that what the guides describes.
There was data before installing PFelk - in this

After installing PFELK it'll just show the above image - and no data are getting to the ELK server from Servers

a Restart of filebeat gives me this logfile:

It'll shoiw active status when using systemctl

The exact thing that goes wrong - is when I'm using their automatic installation, All indexes setup before runnign the script - and trhen just showing no information are noticed for filebeat index!
But I not sure where this error are created -. Which files would you like to see - since I'm getting lost when I look through the fiules and which configuration are you interested in

warkolm · June 18, 2021, 2:36am

I had a look at pfelk/ubuntu.md at main · pfelk/pfelk · GitHub, as the install script is a bit much to pull apart, and it does overwrite things in Logstash and Kibana, so it's likely that is the cause of the issue.

Peque · June 18, 2021, 5:13am

So I cannot see where and why it goes wrong - as I see it, So I cannot figure out where the issue is in this setup - but It should be possible to make this work

But I cannot figure out why !

system · July 16, 2021, 5:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure pfsense to ELK Beats filebeat	12	6623	November 2, 2020
Getting a filebeat error when trying to send filebeat logs to elasticsearch Logstash	7	836	December 24, 2021
Multiple Pipelines - filebeat fails Logstash	1	253	May 12, 2021
ELK stack set up - Filebeat setup failing Beats filebeat	6	836	December 28, 2020
Filbeat tail_filter Logs 5.4 Version Beats filebeat	9	1350	July 27, 2017

Cannot make this work

Related Topics