Error in Powershell during Config

(Adrian Serrano) #21

Nevermind the dot file. You are still getting connection errors to logstash. You should work on fixing that.

(Marcos Felix) #22

On my logstash syslog config file I had port 5000 for TCP.. so I decided to give port 5044 for Beats.
I allowed port 5044 on the firewall and everything, restarted the services and it worked. Filebeat and Metric are both sending logs to Kibana. Winlogbeat still not sending logs, could it be sending to Logstash instead ? if so, it is not readable.

(Adrian Serrano) #23

Paste your full winlogbeat configuration so I can have a look.

(Marcos Felix) #24

It is working now:

My config is:

  - name: Application
    ignore_older: 72h
  - name: Security
  - name: System

#==================== Elasticsearch template setting ==========================

  index.number_of_shards: 3
  #index.codec: best_compression
  #_source.enabled: false

#============================== Kibana =====================================

# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  host: ""

#----------------------------- Logstash output --------------------------------
  # The Logstash hosts
  hosts: [""]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

  to_files: true
    path: C:/Software/winlogbeat/LogsWin
  level: info

(system) #25

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.