Hi everypeople,
I setup LAB for my room.
I has been finished setup lab. but config send log from windows 10 to ELK Ubuntu has problem.
2018-09-13T15:44:20.359+0700 ERROR pipeline/output.go:91 Failed to connect: read tcp 172.16.99.100:50581->172.16.99.101:5044: wsarecv: An existing connection was forcibly closed by the remote host.
2018-09-13T15:44:46.612+0700 INFO [monitoring] log/log.go:141 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":437,"time":{"ms":16}},"total":{"ticks":1827,"time":{"ms":47},"value":1827},"user":{"ticks":1390,"time":{"ms":31}}},"info":{"ephemeral_id":"2f4e1b0d-e296-4162-8c6e-5c9c19700b71","uptime":{"ms":390066}},"memstats":{"gc_next":32218112,"memory_alloc":16111120,"memory_total":118134544,"rss":-1171456}},"libbeat":{"config":{"module":{"running":0}},"output":{"write":{"errors":1}},"pipeline":{"clients":4,"events":{"active":4120,"retry":2048}}}}}}
2018-09-13T15:45:16.614+0700 ERROR pipeline/output.go:91 Failed to connect: write tcp 172.16.99.100:50588->172.16.99.101:5044: wsasend: An existing connection was forcibly closed by the remote host.
2018-09-13T15:45:46.615+0700 INFO [monitoring] log/log.go:141 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":468},"total":{"ticks":1858,"value":1858},"user":{"ticks":1390}},"info":{"ephemeral_id":"2f4e1b0d-e296-4162-8c6e-5c9c19700b71","uptime":{"ms":450069}},"memstats":{"gc_next":32218112,"memory_alloc":16197704,"memory_total":118221128}},"libbeat":{"config":{"module":{"running":0}},"output":{"read":{"errors":1},"write":{"bytes":142}},"pipeline":{"clients":4,"events":{"active":4120,"retry":2048}}}}}}
My config
winlogbeat.yml
winlogbeat.event_logs:
- name: Application
ignore_older: 72h- name: Security
- name: System
- name: Microsoft-windows-sysmon/operational
output.logstash:
hosts: ["172.16.99.101:5044"]
ssl.certificate_authorities: ['C:\Tools\ELK\certs\logstash-forwarder.crt']
How to fixed this proplem ?
Thanks ALL !!!