Hi,
I installed winlogbeat and used an existing and working winlogbeat.yml - but on this client, I get the error:
Failed to connect to backoff(elasticsearch(https://elasticserver:9200)): Get https://elasticserver:9200: Forbidden
I ran the test output command:
elasticsearch: https://elasticserver:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.10.10.100
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... ERROR Get https://elasticserver:9200: Forbidden
My yml file (this file worked on another machines):
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
level: critical, error, warning
- name: System
ignore_older: 72h
level: critical, error, warning
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "https://elasticserver:5601"
output.elasticsearch:
hosts: ["https://elasticserver:9200"]
protocol: "https"
username: "winlogbeat"
password: "secret"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
Does anyone have an Idea why this issue happens?