Hi everyone, I want to send docker logs from machine B to machine A but get some errors. Any reply will be appreciated. 
on machine A (IP: 52.80.xx.xx):
- I set up ELK framework through docker-elk
sudo docker run \
--rm \
--ulimit nofile=1024:65536 \
-p 5601:5601 -p 9200:9200 -p 5044:5044 \
-d \
--name elk \
elk:latest
- I get in this container and modify
/etc/logstash/conf.d/02-beats-input.confto
input {
beats {
port => 5044
}
}
(do i need to do something to make this config active?)
on machine B:
- rpm install filebeat
- modify /etc/filebeat/filebeat.yml
output:
logstash:
enabled: true
hosts: ["52.80.xx.xx:5044"]
timeout: 15
filebeat:
inputs:
-
type: docker
containers.ids: '*'
-
paths:
- /var/log/syslog
- /var/log/auth.log
document_type: syslog
- restart filebeat and debug, get error
2020-01-12T15:46:00.899Z INFO pipeline/output.go:105 Connection to backoff(async(tcp://52.80.xx.xx:5044)) established
2020-01-12T15:46:00.920Z ERROR logstash/async.go:256 Failed to publish events caused by: lumberjack protocol error
2020-01-12T15:46:00.923Z ERROR logstash/async.go:256 Failed to publish events caused by: client is not connected
switch to machine A, get exception
020-01-12T16:06:21,101][WARN ][io.netty.channel.DefaultChannelPipeline][main] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER