Cannot make this work

Elastic Stack Elasticsearch
1

Hi Group
I struggling like H*** t omake this work

I have created an ELK server on Ubuntu 20.04LTS - and would like to monitor both Normal Linux/Windows Server - and allso our PFsense Routers.
I'm using the PFELK --> GitHub - pfelk/pfelk: pfSense/OPNsense + ELK to monitor our PFsense

But its like I cannot have both setups running at the same time! and the questions is why

Is it that both default uses Filebeat as the data collector - and can not make it work
Seperatly If I create an install for normal machines - this work
Allso installing pfelk as single install - is working

But when I using Both at the same time - I'm only getting information from PFsense - not all other PC - there just no data after the PFelk is installed

What is my problem here

Thanks in advance
P

2

When you are using pfelk and other Filebeat instances, what happens exactly? What is the config setup as and what do the logs of Filebeat show?

3

Well in this case - I'm following this guide --> How To Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 20.04 | DigitalOcean
Configured as described in the guide

Than all logs files from other machines are sending to the ELK server
Then I do the Installation for PFsense - using this guide --> GitHub - pfelk/pfelk: pfSense/OPNsense + ELK
Using the Script for installing. no errors or reinstallation of the packages

And then afterwards I'm logging from PFsense - But not from all other machines!
My guess is that PFELK overrules the filebeat setup and therefor only see the PFELK solutions

Asking about config setup - I haven't done anything else other that what the guides describes.
There was data before installing PFelk - in this

image
image1611×323 28.1 KB

After installing PFELK it'll just show the above image - and no data are getting to the ELK server from Servers

a Restart of filebeat gives me this logfile:

It'll shoiw active status when using systemctl

The exact thing that goes wrong - is when I'm using their automatic installation, All indexes setup before runnign the script - and trhen just showing no information are noticed for filebeat index!
But I not sure where this error are created -. Which files would you like to see - since I'm getting lost when I look through the fiules and which configuration are you interested in

4

I had a look at pfelk/ubuntu.md at main · pfelk/pfelk · GitHub, as the install script is a bit much to pull apart, and it does overwrite things in Logstash and Kibana, so it's likely that is the cause of the issue.

5

So I cannot see where and why it goes wrong - as I see it, So I cannot figure out where the issue is in this setup - but It should be possible to make this work

But I cannot figure out why !

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.