Data doesn't transfer

m_pahlevanzadeh · April 23, 2024, 5:37am

I have two machine: 1. Fortigate appliance and 2. ELK machine
In my ELK I have the following services :
filebeat with the following input and output:

filebeat.input:
   -type: udp
   host: "172.16.57.222:5044"  ## this is FG machine
   max-message-size: 10KiB
   enabled: true
output.logstash:
   host: ["http://localhost:5044"] #TCP

In logstash machine I have:

input{
        beats {
                     port => 5044
         }
}
output {
  if [@metadata][pipeline] {
	elasticsearch {
  	hosts => ["localhost:9200"]
	user => "elastic"
	password => "changeme"
  	manage_template => false
  	index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  	pipeline => "%{[@metadata][pipeline]}"
	}
  } else {
	elasticsearch {
  	hosts => ["http://localhost:9200"]
	user => "elastic"
	password => "changeme"
  	manage_template => false
  	index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
	}
  }
}

Elasticsearchg configuration

network.host: localhost
http.port: 9200

Notes: 1. I can see logs via tcpdump and logs arrived. 2. when I use filestream instead of udp in filebeat I can see logs of system. 3. fortinet is enabled and it's okey.
But I can't send data from filebeat to kibana such as :

filebeat->logstash->elastic->kibana

m_pahlevanzadeh · April 23, 2024, 7:18am

For your case,
you have to set host: in filebeat to ip address of your ELK:5044
and in module file you have to set 0.0.0.0

Topic		Replies	Views
Fortigate Firewall Logs to Elasticsearch Logstash	3	3578	February 8, 2022
Grabbing UDP data stream with Beats? Beats filebeat	2	347	September 26, 2020
Logstash to Elasticsearch connection Logstash	1	346	March 9, 2023
Logstash not listening to 5044 Logstash	3	5024	July 29, 2021
ELK + Filebeat Elasticsearch	8	2294	April 5, 2018

Data doesn't transfer

Related Topics