ERR SSL client failed to connect with: dial tcp x.x.x.x:5043: getsockopt: connection refused


(Harsimran brar) #1

I'm encounter a issue with the topbeat. I tried to ship the logs to logstash server on port 5043 and getting below on the client, while starting the topbeat. Both are rhel-6.5 virtual machines.

  1. logstash is running and able to telnet with logstash port 5043.
  2. firewall is off on both machines.
  3. selinux is disabled.
  4. copied the certificate on the client machine.
  5. logstash conf file:
 input {
  beats {
    port => 5043
    type => "logs"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}
output {
  elasticsearch { host => localhost }
  stdout { codec => rubydebug }
}
  1. topbeat config file:
input:
  # In seconds, defines how often to read server statistics
  period: 10
  # Regular expression to match the processes that are monitored
  # By default, all the processes are monitored
  procs: [".*"]
  # Statistics to collect (all enabled by default)
  stats:
    # per system statistics, by default is true
    system: true
    # per process statistics, by default is true
    proc: true
    # file system information, by default is true
    filesystem: true
    # cpu usage per core, by default is false
    cpu_per_core: false
output:
   logstash:
    hosts: ["x.x.x.x:5043"]
    index: topbeat
    tls:
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
logging:
    rotateeverybytes: 10485760 # = 10MB

please help to solve this issue.


(Tudor Golubenco) #2

Do you get any errors from topbeat or logstash? One thing that I noticed is that you didn't enable SSL on the Logstash side. Try adding ssl => true.


(Harsimran brar) #3

I tried with the same but the output is same.


(Steffen Siering) #4

is remote host accessible? Can you try ping and telnet into remote host with given port? Any firewall rules?


(system) #5