Hi,
I've upgraded to ELK 5 so now everything is in the 5 version but after the upgrade ELK stopped recieving logs
when I put this command
curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'
I'm getting a hit but on nothing shows up on kibana
I checked my logs and it says
ERR Connecting error publishing events (retrying): dial tcp 192.168.154.100:5044: getsockopt: connection refused
My config for beats is like this:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
#pfSense
#tcp syslog stream via 5140
input {
tcp {
type => "syslog"
port => 5140
}
}
#udp syslogs tream via 5140
input {
udp {
type => "syslog"
port => 5140
}
}
and my filebeat.yml looks like this
filebeat:
prospectors:
-
paths:
- /var/log/secure
- /var/log/messages
document_type: syslog
-
paths:
- /var/log/yum.log
document_type: yumlog
-
paths:
- /var/log/nginx/access.log
document_type: nginx-access
-
paths:
- /var/log/httpd/access_log
document_type: apache-access
-
paths:
- /var/log/cron
document_type: cronlog
-
paths:
- /var/log/audit/audit.log
document_type: auditlog
-
paths:
- /var/log/maillog
document_type: maillog
registry_file: /var/lib/filebeat/registry
It was working fine before but now it doesn't and I just don't get why?