Hello,
I'm running the Logtash image with the following:
docker run -it --rm -v "$PWD":/config-dir logstash -f /config-dir/logstash.conf
My logstash file is:
input {
beats{
host => "192.168.0.66"
port => 5044
}
}
output {
elasticsearch {
hosts => [ "192.168.0.66:9200","192.168.0.66:9201","192.168.0.66:9202" ]
}
}
- Elasticsearch nodes are sitting on 192.168.0.66:9200,9201,9202.
- Kibana on 192.168.0.66:5601
- Logstash on 192.168.0.66:5044
What I am trying to do is send Filebeat (Snort) logs from 192.168.0.67 but no matter which IP I put in the input host, I still get the error.
Edit: Realised I didn't specify the docker network. However, the same issue still arises.
docker run --network es-net --rm -v "$PWD":/config-dir logstash -f /config-dir/logstash.conf
If I remove the host
parameter, it starts on 0.0.0.0 which I still can not access on 192.168.0.66.
22:00:41.013 [[main]-pipeline-manager] INFO logstash.inputs.beats - Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}