FileBeat Connection reset by peer

Elastic Stack Beats
1

Hello. I'm trying to get some log files from windows pc. And I can observe the following log message every time when I restart FileBeat service on Windows PC

{:timestamp=>"2016-09-09T04:59:41.233000-0400", :message=>"Beats Input: Remote connection closed", :peer=>"192.yyy.10.zzz:51545", :exception=>#<Lumberjack::Beats::Connection::ConnectionClosed: Lumberjack::Beats::Connection::ConnectionClosed wrapping: Errno::ECONNRESET, Connection reset by peer - Connection reset by peer>, :level=>:warn}

Here is my FileBeat config file:

############################# Filebeat ######################################
filebeat:
  prospectors:
        - c:\windows\WindowsUpdate.log
      input_type: log
  registry_file: "C:/ProgramData/filebeat/registry"
output:
  logstash:
    # The Logstash hosts
    hosts: ["192.xxx.0.xxx:5044"]
shipper:
logging:
  to_syslog: false
  to_files: true
  files:
    path: c:\PROGRA~1/filebeat
    name: filebeat.log
  level: debug

And Logstash config is published below:

input {
  beats {
    type => beats
    port => 5044
  }
}

filter {
}
output {
            elasticsearch {
                           hosts => "localhost:9200"
                          }
}

And I'd like to say that I can see neither TCP nor UDP 5044 open ports when I implement netstat -l command. Example is below

/var/log/logstash# netstat -l | grep 5044
tcp6 0 0 [::]:5044 [::]:* LISTEN

And I suppose that it's a problem, but I have no idea what should I do with it.

Could you please help me to sovle this issue?

Thanks in advance!

2

{:timestamp=>"2016-09-09T04:59:41.233000-0400", :message=>"Beats Input: Remote connection closed", :peer=>"192.yyy.10.zzz:51545", :exception=>#, :level=>:warn}

So... Filebeat closed the connection. Isn't that expected when you restart Filebeat?

3

Let my clarify the situation. I'd like to get information from the log file in Kibana with FileBeat agent. I'm speaking about Win FileBeat agent. Actulally we have installed ELK stack. I prepared confoguration files, and from my point of view they both are ok. I dont' get any error messages when i try to start commands:

  • service logstash configtest on our Linux server
  • /filebeat -configtest -e on Windows host.

Then I expected to see text from log file in Kibana web interface, but there was nothing.

So I had decided that something wrong with Logstash and I tried to investigate this situation analyzing log files. Finally, I found message that was published in my previous post.

I'm newbie in ELK stack so I don't have much knowledge about it. And I'd like to know how I can determine that messages was delivered to Logstash, Elastic and Kibana and the ways to solve problems situation on each step.

Thanks in advance!

4

Did you check if you have any message in the filebeat log file?

5

This topic was automatically closed after 21 days. New replies are no longer allowed.