Filebeat Failed to connect to backoff(async(tcp:logstash:5044

Hi

i tried to setup filebeat 7 in my client server..

log message shows:

May 22 22:50:06 beat filebeat: 2019-05-22T22:50:06.108+0800#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(async(tcp://192.168.136.164:5044)): dial tcp 192.168.136.x:5044: connect: connection refused
May 22 22:50:06 beat filebeat: 2019-05-22T22:50:06.109+0800#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(async(tcp://192.168.136.x:5044)) with 3 reconnect attempt(s)

i tried telnet , doesnt work...

filebeat.yml file:

filebeat.inputs:

Each - is an input. Most options can be set at the input level, so

you can use different inputs for various configurations.

Below are the input specific configurations.

  • type: log

    Change to true to enable this input configuration.

    enabled: true

    Paths that should be crawled and fetched. Glob based paths.

    paths:

    • /var/log/messages
      #- /var/log/*.log
      #----------------------------- Logstash output --------------------------------
      output.logstash:

    The Logstash hosts

    hosts: ["192.168.136.164:5044"]
    ssl.certificate_authorities: ["/etc/ssl/certs/logstash-forwarder.crt"]

checked on logstash server - couldnt see any logs over there... but logstash service is running.

from logstash server i tried to connect telnet to es server, it works.

logstash.conf file:

input {
beats {
port => 5044
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}

date {

match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}

}
output {
elasticsearch {
hosts => ["http://192.168.136.159:9200" , "http://192.168.136.160:9200"]
user => "elastic"
password => "elastic"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}

can help me to guide me , where i make mistake...

Thanks

Harry

Logstash might only be listening on localhost and not on the other IP.

netstat -an|grep 5044

should show you which ips it listen on.

Hi

port 5044 is not listening on my logstash server.

logstash logs are not generating, but logstash service is running.

but logstash can communicate to es server. tested using telnet.

can guide me, where i did mistake.

is that any TLS key need to set in beat server to communicate.

Thanks

Harry

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.