I installed winlogbeat and used an existing and working winlogbeat.yml - but on this client, I get the error:
Failed to connect to backoff(elasticsearch(https://elasticserver:9200)): Get https://elasticserver:9200: Forbidden
I ran the test output command:
elasticsearch: https://elasticserver:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 10.10.10.100 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.2 dial up... OK talk to server... ERROR Get https://elasticserver:9200: Forbidden
My yml file (this file worked on another machines):
winlogbeat.event_logs: - name: Application ignore_older: 72h level: critical, error, warning - name: System ignore_older: 72h level: critical, error, warning setup.template.settings: index.number_of_shards: 1 setup.kibana: host: "https://elasticserver:5601" output.elasticsearch: hosts: ["https://elasticserver:9200"] protocol: "https" username: "winlogbeat" password: "secret" processors: - add_host_metadata: ~ - add_cloud_metadata: ~
Does anyone have an Idea why this issue happens?