Elasticsearch, Kibana does not work

I have an issue with Elasticsearch. After restarting ubuntu, Kibana does not show any logs.

Please read Dec 10th, 2022: [EN] Asking top notch technical questions to get you help quicker! - #2 and update your post. Without proving a lot more information we are unable to help sorry to say.

1 Like
root@elastic-virtual-machine:/etc/kibana# cat kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://0.0.0.0:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
elasticsearch.requestTimeout: 300000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
#i18n.locale: "en"
root@elastic-virtual-machine:/etc/kibana# cat /etc/elasticsearch/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes:
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
  1. Does your ES is up and running?
    Use curl to test: curl -u user:pass http://host:9200
  2. Any trace in ES logs?
  3. Can Kibana host reach ES? If is on the same server, no need to check

You miss setting for logging in kibana.yml

Which version of Elasticsearch are you using?

Change the IP address to 127.0.0.1 (localhost).

I do not see any security set up in your Elasticsearch config. Can you comment out these lines and see if that makes any difference?

Thanks for reply.
this is kibana.yml
It still logs the data under /etc/var/log/elasticsearch

root@elastic-virtual-machine:/var/log/elasticsearch# cat /etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://0.0.0.0:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
elasticsearch.requestTimeout: 300000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
#i18n.locale: "en"
root@elastic-virtual-machine:/var/log/elasticsearch#



Kibana and ES are on the same server.

Dek 27 15:29:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672140587.4363] connectivity: (ens160) timed out
Dek 27 15:34:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672140887.4363] connectivity: (ens160) timed out
Dek 27 15:39:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672141187.4401] connectivity: (ens160) timed out
Dek 27 15:44:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672141487.4362] connectivity: (ens160) timed out
Dek 27 15:49:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672141787.4401] connectivity: (ens160) timed out
Dek 27 15:54:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672142087.4286] connectivity: (ens160) timed out
Dek 27 15:59:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672142387.4404] connectivity: (ens160) timed out
Dek 27 16:04:47 elastic-virtual-machine NetworkManager[936]: <info>  [1672142687.4403] connectivity: (ens160) timed out
Dek 27 16:09:05 elastic-virtual-machine NetworkManager[936]: <info>  [1672142945.6191] device (ens160): state change: activated -> unavailable (reason 'carrier-changed', sys-iDek 27 16:09:06 elastic-virtual-machine NetworkManager[936]: <info>  [1672142946.5454] device (ens192): state change: activated -> unavailable (reason 'carrier-changed', sys-iDek 27 16:09:06 elastic-virtual-machine NetworkManager[936]: <info>  [1672142946.5825] dhcp4 (ens192): canceled DHCP transaction, DHCP client pid 1093
Dek 27 16:09:06 elastic-virtual-machine NetworkManager[936]: <info>  [1672142946.5825] dhcp4 (ens192): state changed bound -> done
Dek 27 16:09:06 elastic-virtual-machine NetworkManager[936]: <info>  [1672142946.5874] manager: NetworkManager state is now CONNECTED_SITE
Dek 27 16:09:06 elastic-virtual-machine NetworkManager[936]: <info>  [1672142946.5903] manager: NetworkManager state is now CONNECTED_LOCAL
Dek 27 16:09:06 elastic-virtual-machine NetworkManager[936]: <info>  [1672142946.5907] manager: NetworkManager state is now DISCONNECTED
-- Reboot --
Dek 27 16:37:10 elastic-virtual-machine systemd[1]: Starting Network Manager...
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.5412] NetworkManager (version 1.10.6) is starting... (for the first time)
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.5422] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 10-dns-resolved.conf, 20-connDek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.5553] manager[0x55b9e4d97060]: monitoring kernel firmware directory '/lib/firmware'.
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.5554] monitoring ifupdown state file '/run/network/ifstate'.
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.8343] hostname: hostname: using hostnamed
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.8344] hostname: hostname changed from (none) to "elastic-virtual-machine"
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.8351] dns-mgr[0x55b9e4db0140]: init: dns=systemd-resolved, rc-manager=symlink, plugin=systemd-Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.8361] manager[0x55b9e4d97060]: rfkill: WiFi hardware radio set enabled
Dek 27 16:37:12 elastic-virtual-machine NetworkManager[928]: <info>  [1672144632.8362] manager[0x55b9e4d97060]: rfkill: WWAN hardware radio set enabled
Dek 27 16:37:12 elastic-virtual-machine systemd[1]: Started Network Manager.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4472] init!
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4476]       interface-parser: parsing file /etc/network/interfaces
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4477]       interface-parser: finished parsing file /etc/network/interfaces
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4477] management mode: unmanaged
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4491] devices added (path: /sys/devices/pci0000:00/0000:00:15.0/0000:03:00.0/net/ens160, ifaceDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4491] device added (path: /sys/devices/pci0000:00/0000:00:15.0/0000:03:00.0/net/ens160, iface:Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4492] devices added (path: /sys/devices/pci0000:00/0000:00:16.0/0000:0b:00.0/net/ens192, ifaceDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4492] device added (path: /sys/devices/pci0000:00/0000:00:16.0/0000:0b:00.0/net/ens192, iface:Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4493] devices added (path: /sys/devices/virtual/net/lo, iface: lo)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4493] device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration fDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4493] end _init.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4493] settings: loaded plugin ifupdown: (C) 2008 Canonical Ltd.  To report bugs please use theDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] settings: loaded plugin keyfile: (c) 2007 - 2016 Red Hat, Inc.  To report bugs please usDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections (managed=false): return empty list.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4834] keyfile: new connection /etc/NetworkManager/system-connections/Wired connection 1 (407f1Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4847] get unmanaged devices count: 0
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4848] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: Networking is enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4852] dhcp-init: Using DHCP client 'dhclient'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4864] Loaded device plugin: NMBondDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4866] Loaded device plugin: NMBridgeDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4870] Loaded device plugin: NMDummyDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4871] Loaded device plugin: NMEthernetDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4872] Loaded device plugin: NMInfinibandDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4873] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacsecDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacvlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMPppDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMTunDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVethDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4878] Loaded device plugin: NMVxlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5003] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-deviDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5879] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devicDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5947] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-deviDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6019] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6065] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-deviDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6113] device (lo): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6126] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6173] manager: (ens160): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6205] device (ens160): state change: unmanaged -> unavailable (reason 'managed', sys-iface-staDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6270] device (ens160): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6301] manager: (ens192): new Ethernet device (/org/freedesktop/NetworkManager/Devices/3)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6321] keyfile: add connection in-memory (44b0328f-3474-35a5-ad22-4d696c3d2d23,"Wired connectioDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6329] settings: (ens192): created default wired connection 'Wired connection 2'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6342] device (ens192): state change: unmanaged -> unavailable (reason 'managed', sys-iface-staDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6406] device (ens192): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.9160] modem-manager: ModemManager available
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.9290] device (ens160): state change: unavailable -> disconnected (reason 'none', sys-iface-staDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.9310] device (ens192): state change: unavailable -> disconnected (reason 'none', sys-iface-staDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.9349] policy: auto-activating connection 'Wired connection 1'
lines 121-160
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections (managed=false): return empty list.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4834] keyfile: new connection /etc/NetworkManager/system-connections/Wired connection 1 (407f14
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4847] get unmanaged devices count: 0
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4848] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: Networking is enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4852] dhcp-init: Using DHCP client 'dhclient'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4864] Loaded device plugin: NMBondDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4866] Loaded device plugin: NMBridgeDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4870] Loaded device plugin: NMDummyDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4871] Loaded device plugin: NMEthernetDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4872] Loaded device plugin: NMInfinibandDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4873] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacsecDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacvlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMPppDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMTunDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVethDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4878] Loaded device plugin: NMVxlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5003] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devic
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5879] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5947] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devic
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6019] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devi
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6065] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devic
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6113] device (lo): carr
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections (managed=false): return empty list.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4834] keyfile: new connection /etc/NetworkManager/system-connections/Wired connection 1 (407f14
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4847] get unmanaged devices count: 0
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4848] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: Networking is enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4852] dhcp-init: Using DHCP client 'dhclient'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4864] Loaded device plugin: NMBondDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4866] Loaded device plugin: NMBridgeDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4870] Loaded device plugin: NMDummyDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4871] Loaded device plugin: NMEthernetDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4872] Loaded device plugin: NMInfinibandDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4873] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacsecDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacvlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMPppDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMTunDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVethDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4878] Loaded device plugin: NMVxlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5003] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devic
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5879] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5947] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devic
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6019] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devi
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6065] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-devic
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6113] device (lo): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6126] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6173] manager: (ens160): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6205] device (ens160): state change: unmanaged -> unavailable (reason 'managed', sys-iface-stat
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6270] device (ens160): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6301] manager: (ens192): new Ethernet device (/org/freedesktop/NetworkManager/Devices/3)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6321] keyfile: add connection in-memory (44b0328f-3474-35a5-ad22-4d696c3d2d23,"Wired connection
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6329] settings: (ens192): created default wired connection 'Wired connection 2'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6342] device (ens192): state change: unmanaged -> unavailable (reason 'managed', sys-iface-stat
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6406] device (ens192): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.9160] modem-manager: ModemManager available
lines 121-157
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4494] (-455283456) ... get_connections (managed=false): return empty list.
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4834] keyfile: new connection /etc/NetworkManager/system-connections/Wired connection 1 (407f141b-70b6-3aDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4847] get unmanaged devices count: 0
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4848] manager: rfkill: WiFi enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4849] manager: Networking is enabled by state file
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4852] dhcp-init: Using DHCP client 'dhclient'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4864] Loaded device plugin: NMBondDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4866] Loaded device plugin: NMBridgeDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4870] Loaded device plugin: NMDummyDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4871] Loaded device plugin: NMEthernetDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4872] Loaded device plugin: NMInfinibandDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4873] Loaded device plugin: NMIPTunnelDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacsecDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4874] Loaded device plugin: NMMacvlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMPppDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4875] Loaded device plugin: NMTunDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVethDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4877] Loaded device plugin: NMVlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.4878] Loaded device plugin: NMVxlanDeviceFactory (internal)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5003] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5879] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-adDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.5947] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-tDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6019] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6065] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/libnm-device-plugin-wDek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6113] device (lo): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6126] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6173] manager: (ens160): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6205] device (ens160): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'extern
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6270] device (ens160): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6301] manager: (ens192): new Ethernet device (/org/freedesktop/NetworkManager/Devices/3)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6321] keyfile: add connection in-memory (44b0328f-3474-35a5-ad22-4d696c3d2d23,"Wired connection 2")
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6329] settings: (ens192): created default wired connection 'Wired connection 2'
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6342] device (ens192): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'extern
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6406] device (ens192): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.9160] modem-manager: ModemManager available
lines 121-157orkManager[928]: <info>  [1672144633.6113] device (lo): carrier: link connected
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6126] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6173] manager: (ens160): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6205] device (ens160): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'extern
Dek 27 16:37:13 elastic-virtual-machine NetworkManager[928]: <info>  [1672144633.6270] device (ens160): carrier: link connected

there was no information since this day.

Yan 20 12:12:20 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:12:41 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:12:56 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:13:17 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:13:27 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:13:43 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:14:03 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:14:16 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:14:25 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:14:32 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:14:46 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:15:01 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:15:14 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:15:30 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:15:49 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:16:03 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:16:18 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:16:30 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:16:38 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:16:58 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:17:05 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:17:13 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:17:22 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:17:31 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:17:41 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:17:48 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:18:01 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:18:20 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:18:29 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:18:40 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:18:54 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:19:15 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:19:36 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:19:45 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:20:03 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:20:24 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:20:42 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:21:02 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:21:23 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:21:37 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:21:49 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:22:08 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:22:16 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:22:31 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:22:49 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:23:04 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:23:16 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:23:37 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:23:44 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:23:56 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:24:03 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:24:16 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:24:25 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:24:37 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:24:51 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:25:00 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:25:12 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:25:32 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:25:50 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:26:04 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:26:12 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:26:19 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:26:27 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:26:36 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:26:51 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:27:08 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:27:19 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:27:26 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:27:35 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:27:48 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:28:02 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:28:09 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:28:21 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:28:32 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:28:43 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:28:54 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:29:06 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:29:19 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:29:35 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:29:51 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:30:03 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:30:23 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:30:42 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:30:59 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:31:13 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:31:29 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:31:40 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:31:53 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:00 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:07 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:16 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:23 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:31 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:41 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 172.23.1.12 port 67 (xid=0x7007abfe)
Yan 20 12:32:55 elastic-virtual-machine dhclient[1117]: DHCPREQUEST of 172.22.19.142 on ens192 to 255.255.255.255 port 67 (xid=0x7007abfe)
Yan 20 12:32:55 elastic-virtual-machine dhclient[1117]: DHCPACK of 172.22.19.142 from 172.22.19.1
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2162] dhcp4 (ens192):   address 172.22.19.142
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2163] dhcp4 (ens192):   plen 24 (255.255.255.0)
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2163] dhcp4 (ens192):   gateway 172.22.19.1
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2163] dhcp4 (ens192):   lease time 495491
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2164] dhcp4 (ens192):   nameserver '172.23.1.11'
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2164] dhcp4 (ens192):   nameserver '172.23.1.12'
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2164] dhcp4 (ens192):   domain name 'ADIF.local'
Yan 20 12:32:55 elastic-virtual-machine NetworkManager[928]: <info>  [1674203575.2164] dhcp4 (ens192): state changed bound -> bound
Yan 20 12:32:55 elastic-virtual-machine dhclient[1117]: bound to 172.22.19.142 -- renewal in 221694 seconds.
root@elastic-virtual-machine:/etc/filebeat# cat filebeat.yml
###################### Filebeat Configuration Example #########################

# This file is an example configuration file highlighting only the most common
# options. The filebeat.reference.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/filebeat/index.html

# For more available modules and options, please see the filebeat.reference.yml sample
# configuration file.

# ============================== Filebeat inputs ===============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

# filestream is an input for collecting log messages from files.
- type: filestream

  # Change to true to enable this input configuration.
  enabled: false

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*

  # Exclude lines. A list of regular expressions to match. It drops the lines that are
  # matching any regular expression from the list.
  #exclude_lines: ['^DBG']

  # Include lines. A list of regular expressions to match. It exports the lines that are
  # matching any regular expression from the list.
  #include_lines: ['^ERR', '^WARN']

  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
  # are matching any regular expression from the list. By default, no files are dropped.
  #prospector.scanner.exclude_files: ['.gz$']

  # Optional additional fields. These fields can be freely picked
  # to add additional information to the crawled log files for filtering
  #fields:
  #  level: debug
  #  review: 1

# ============================== Filebeat modules ==============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: true

  # Period on which files under path should be checked for changes
  reload.period: 10s

# ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1
  #index.codec: best_compression
  #_source.enabled: false


# ================================== General ===================================

# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:

# The tags of the shipper are included in their own field with each
# transaction published.
#tags: ["service-X", "web-tier"]

# Optional fields that you can specify to add additional information to the
# output.
#fields:
#  env: staging

# ================================= Dashboards =================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here or by using the `setup` command.
setup.dashboards.enabled: true

# The URL from where to download the dashboards archive. By default this URL
# has a value which is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:

# =================================== Kibana ===================================

# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: "0.0.0.0:5601"

  # Kibana Space ID
  # ID of the Kibana Space into which the dashboards should be loaded. By default,
  # the Default Space will be used.
  #space.id:

# =============================== Elastic Cloud ================================

# These settings simplify using Filebeat with the Elastic Cloud (https://cloud.elastic.co/).

# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:

# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:

# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["0.0.0.0:9200"]

  # Protocol - either `http` (default) or `https`.
  #protocol: "http"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "IOiHWUry6ykJ31nnQTxS"

# ------------------------------ Logstash Output -------------------------------
#output.logstash:
  # The Logstash hosts
  #hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

# ================================= Processors =================================
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

# ================================== Logging ===================================

# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publisher", "service".
#logging.selectors: ["*"]

# ============================= X-Pack Monitoring ==============================
# Filebeat can export internal metrics to a central Elasticsearch monitoring
# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
# reporting is disabled by default.

# Set to true to enable the monitoring reporter.
#monitoring.enabled: false

# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Filebeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:

# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch output are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:

# ============================== Instrumentation ===============================

# Instrumentation support for the filebeat.
#instrumentation:
    # Set to true to enable instrumentation of filebeat.
    #enabled: false

    # Environment in which filebeat is running on (eg: staging, production, etc.)
    #environment: ""

    # APM Server hosts to report instrumentation results to.
    #hosts:
    #  - http://localhost:8200

    # API Key for the APM Server(s).
    # If api_key is set then secret_token will be ignored.
    #api_key:

    # Secret token for the APM Server(s).
    #secret_token:


# ================================= Migration ==================================

# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true

PAN-OS send logs to 5515 port.

tcpdump -i any dst port 5515

While I'm listening to this port, I can capture packets coming from pan-os.

Solved

1 Like

Would be nice to explain briefly, what was cause and how you solved.

The issue was in nginx. I have configured it again like that.

root@elastic-virtual-machine:/etc/nginx# cat nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
stream {

    server {
        listen     5515;

        #TCP traffic will be forwarded to the "stream_backend" upstream group
        proxy_pass dns_servers;
    }
    upstream dns_servers {
        server localhost:5514;
    }
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/streams-available/*;
}