Cisco core switch integration

sbathla · December 28, 2020, 7:10am

Hi All,

I am trying to integrate elasticsearch with cisco core switch.I have done the required configuration in filebeat file and cisco module file.

But while sending logs from core switch on port 9506, getting error that server is temporarily unreachable

Requesting support to help me out to fix this issue

filebeat configuration

============================== Filebeat inputs ===============================

filebeat.inputs:

Each - is an input. Most options can be set at the input level, so

you can use different inputs for various configurations.

Below are the input specific configurations.

type: log

Change to true to enable this input configuration.

enabled: true

setup.kibana:
host: ":5601"

---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:

Array of hosts to connect to.

hosts: ["http://elasticsearchip:9200"]

cisco module configuration

nexus:
enabled: true

# Set which input to use between udp (default), tcp or file.
var.input: udp
var.syslog_host: filebeat host ip
var.syslog_port: 9506

fadjar340 · December 28, 2020, 8:33am

What is your filebeat status?
Can you try to check the UDP open port using nc:

nc -vvvvu <filebeatIP> 9506

sbathla · December 28, 2020, 9:05am

Hi,

please find the below response

nc -vvvvu 9506
Ncat: Version 7.50 ( Ncat - Netcat for the 21st Century )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share /ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundl e.crt: error:02001002:system library:fopen:No such file or directory
libnsock nsi_new2(): nsi_new (IOD #1)
libnsock msevent_new(): msevent_new (IOD #1) (EID #8)
libnsock nsock_connect_udp(): UDP connection requested to :9506 (IOD # 1) EID 8
libnsock nsp_add_event(): NSE #8: Adding event
libnsock nsock_loop(): nsock_loop() started (no timeout). 1 events pending
libnsock nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [5:9506]
Ncat: Connected to :9506.
libnsock nsi_new2(): nsi_new (IOD #2)
libnsock msevent_new(): msevent_new (IOD #1) (EID #18)
libnsock nsock_read(): Read request from IOD #1 [:9506] (timeout: -1ms ) EID 18
libnsock nsp_add_event(): NSE #18: Adding event
libnsock msevent_new(): msevent_new (IOD #2) (EID #26)
libnsock nsock_readbytes(): Read request for 0 bytes from IOD #2 [peer unspecifi ed] EID 26
libnsock nsp_add_event(): NSE #26: Adding event
libnsock msevent_delete(): msevent_delete (IOD #1) (EID #8)

nc -vu 10. 9506
Ncat: Version 7.50 ( Ncat - Netcat for the 21st Century )
Ncat: Connected to :9506.

nc -vuz 9506
Ncat: Version 7.50 ( Ncat - Netcat for the 21st Century )
Ncat: Connected to :9506.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.02 seconds.

fadjar340 · December 28, 2020, 9:18am

That's good..
Perhaps from the cisco machine to the filebeat, there is some blocking

system · January 25, 2021, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.