Nevermind the dot file. You are still getting connection errors to logstash. You should work on fixing that.
On my logstash syslog config file I had port 5000 for TCP.. so I decided to give port 5044 for Beats.
I allowed port 5044 on the firewall and everything, restarted the services and it worked. Filebeat and Metric are both sending logs to Kibana. Winlogbeat still not sending logs, could it be sending to Logstash instead ? if so, it is not readable.
Paste your full winlogbeat configuration so I can have a look.
It is working now:
My config is:
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "10.130.233.242:5601"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["10.130.233.242:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
logging:
to_files: true
files:
path: C:/Software/winlogbeat/LogsWin
level: infoThis topic was automatically closed 28 days after the last reply. New replies are no longer allowed.