Filebeat fortinet module not indexing after upgrading it and kibana to 7.10.0,

I upgraded Kibana and filebeat to 7.10.0 and my Fortinet logs aren't being indexed anymore. Looking at the logs, it looks like I am filebeat is connected to Kibana but I am getting several of these messages below and logs aren't indexed. Winlogbeat and Logstash are working fine after the upgrade

Non-zero metrics in the last 30s

Config files below:

filebeat.yml:

- type: log

  enabled: false


  paths:
    - /var/log/*.log


filebeat.config.modules:

  path: ${path.config}/modules.d/*.yml


  reload.enabled: false




setup.template.settings:
  index.number_of_shards: 1




output.elasticsearch:
  
  hosts: ["192.168.1.119:9200"]

  


processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

fortinet.yml

# Module: fortinet
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.10/filebeat-module-fortinet.html

- module: fortinet
  firewall:
    enabled: true

    var.syslog_host: 0.0.0.0


    var.syslog_port: 5514

  clientendpoint:
    enabled: true

    

  fortimail:
    enabled: true

    
  fortimanager:
    enabled: true

    

logs:

2020-07-28T09:13:38.119-0700	INFO	instance/beat.go:647	Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2020-07-28T09:13:38.120-0700	INFO	instance/beat.go:655	Beat ID: ec968893-7887-471c-91da-8c50a3c33fe6
2020-07-28T09:13:38.126-0700	INFO	[seccomp]	seccomp/seccomp.go:124	Syscall filter successfully installed
2020-07-28T09:13:38.126-0700	INFO	[beat]	instance/beat.go:983	Beat info	{"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "ec968893-7887-471c-91da-8c50a3c33fe6"}}}
2020-07-28T09:13:38.126-0700	INFO	[beat]	instance/beat.go:992	Build info	{"system_info": {"build": {"commit": "f79387d32717d79f689d94fda1ec80b2cf285d30", "libbeat": "7.8.0", "time": "2020-06-14T18:15:37.000Z", "version": "7.8.0"}}}
2020-07-28T09:13:38.126-0700	INFO	[beat]	instance/beat.go:995	Go runtime info	{"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.13.10"}}}
2020-07-28T09:13:38.128-0700	INFO	[beat]	instance/beat.go:999	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-07-28T09:12:14-07:00","containerized":false,"name":"elk-vm","ip":["127.0.0.1/8","::1/128","192.168.1.119/24","fe80::c015:4583:d2f6:dea7/64"],"kernel_version":"5.4.0-42-generic","mac":["00:0c:29:96:9c:19"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"18.04.4 LTS (Bionic Beaver)","major":18,"minor":4,"patch":4,"codename":"bionic"},"timezone":"PDT","timezone_offset_sec":-25200,"id":"00c9d310251042a98c0459fb0266d49a"}}}
2020-07-28T09:13:38.128-0700	INFO	[beat]	instance/beat.go:1028	Process info	{"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"ambient":null}, "cwd": "/home/jon", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 2328, "ppid": 2277, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2020-07-28T09:13:37.130-0700"}}}
2020-07-28T09:13:38.128-0700	INFO	instance/beat.go:310	Setup Beat: filebeat; Version: 7.8.0
2020-07-28T09:13:38.129-0700	INFO	[index-management]	idxmgmt/std.go:183	Set output.elasticsearch.index to 'filebeat-7.8.0' as ILM is enabled.
2020-07-28T09:13:38.130-0700	INFO	eslegclient/connection.go:97	elasticsearch url: http://192.168.1.119:9200
2020-07-28T09:13:38.130-0700	INFO	[publisher]	pipeline/module.go:113	Beat name: elk-vm
2020-07-28T09:13:38.133-0700	INFO	beater/filebeat.go:96	Enabled modules/filesets: fortinet (firewall)
2020-07-28T09:13:38.134-0700	INFO	[monitoring]	log/log.go:118	Starting metrics logging every 30s
2020-07-28T09:13:38.134-0700	INFO	instance/beat.go:463	filebeat start running.
2020-07-28T09:13:38.135-0700	INFO	registrar/registrar.go:145	Loading registrar data from /var/lib/filebeat/registry/filebeat/data.json
2020-07-28T09:13:38.135-0700	INFO	registrar/registrar.go:152	States Loaded from registrar: 25
2020-07-28T09:13:38.135-0700	INFO	[crawler]	beater/crawler.go:71	Loading Inputs: 2
2020-07-28T09:13:38.136-0700	INFO	[crawler]	beater/crawler.go:141	Starting input (ID: %d)15116849340234315384
2020-07-28T09:13:38.137-0700	INFO	udp/input.go:103	Starting UDP input
2020-07-28T09:13:38.137-0700	INFO	[udp]	udp/server.go:81	Started listening for UDP connection	{"address": "localhost:9004"}
2020-07-28T09:13:38.138-0700	INFO	[crawler]	beater/crawler.go:108	Loading and starting Inputs completed. Enabled inputs: 1
2020-07-28T09:13:38.138-0700	INFO	cfgfile/reload.go:164	Config reloader started
2020-07-28T09:13:38.139-0700	INFO	eslegclient/connection.go:97	elasticsearch url: http://192.168.1.119:9200
2020-07-28T09:13:38.166-0700	INFO	[esclientleg]	eslegclient/connection.go:306	Attempting to connect to Elasticsearch version 7.6.2
2020-07-28T09:13:38.185-0700	INFO	cfgfile/reload.go:224	Loading of config files completed.
2020-07-28T09:13:38.185-0700	INFO	udp/input.go:103	Starting UDP input
2020-07-28T09:13:38.185-0700	ERROR	udp/input.go:106	Error running harvester: listen udp 0.0.0.0:5514: bind: address already in use
2020-07-28T09:13:41.122-0700	INFO	[add_cloud_metadata]	add_cloud_metadata/add_cloud_metadata.go:89	add_cloud_metadata: hosting provider type not detected.
2020-07-28T09:14:08.136-0700	INFO	[monitoring]	log/log.go:145	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":140,"time":{"ms":147}},"total":{"ticks":180,"time":{"ms":194},"value":180},"user":{"ticks":40,"time":{"ms":47}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":12},"info":{"ephemeral_id":"ea6861c2-3e89-46d2-9c94-933bc8105de4","uptime":{"ms":30163}},"memstats":{"gc_next":11462608,"memory_alloc":8252536,"memory_total":20441040,"rss":55885824},"runtime":{"goroutines":26}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":1},"output":{"type":"elasticsearch"},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":4},"load":{"1":3.08,"15":0.64,"5":1.67,"norm":{"1":0.77,"15":0.16,"5":0.4175}}}}}}
2020-07-28T09:14:38.135-0700	INFO	[monitoring]	log/log.go:145	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":150,"time":{"ms":4}},"total":{"ticks":190,"time":{"ms":5},"value":190},"user":{"ticks":40,"time":{"ms":1}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":12},"info":{"ephemeral_id":"ea6861c2-3e89-46d2-9c94-933bc8105de4","uptime":{"ms":60163}},"memstats":{"gc_next":11462608,"memory_alloc":8690800,"memory_total":20879304},"runtime":{"goroutines":26}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":1.99,"15":0.63,"5":1.54,"norm":{"1":0.4975,"15":0.1575,"5":0.385}}}}}}
2020-07-28T09:15:08.135-0700	INFO	[monitoring]	log/log.go:145	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":150,"time":{"ms":4}},"total":{"ticks":200,"time":{"ms":6},"value":200},"user":{"ticks":50,"time":{"ms":2}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"ea6861c2-3e89-46d2-9c94-933bc8105de4","uptime":{"ms":90163}},"memstats":{"gc_next":11462608,"memory_alloc":9015048,"memory_total":21203552},"runtime":{"goroutines":24}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":1.29,"15":0.62,"5":1.41,"norm":{"1":0.3225,"15":0.155,"5":0.3525}}}}}}
2020-07-28T09:15:38.137-0700	INFO	[monitoring]	log/log.go:145	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":160,"time":{"ms":9}},"total":{"ticks":210,"time":{"ms":10},"value":210},"user":{"ticks":50,"time":{"ms":1}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"ea6861c2-3e89-46d2-9c94-933bc8105de4","uptime":{"ms":120165}},"memstats":{"gc_next":11704080,"memory_alloc":9012552,"memory_total":21433328,"rss":675840},"runtime":{"goroutines":24}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.85,"15":0.6,"5":1.29,"norm":{"1":0.2125,"15":0.15,"5":0.3225}}}}}}
2020-07-28T09:16:08.138-0700	INFO	[monitoring]	log/log.go:145	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":170,"time":{"ms":7}},"total":{"ticks":220,"time":{"ms":8},"value":220},"user":{"ticks":50,"time":{"ms":1}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"ea6861c2-3e89-46d2-9c94-933bc8105de4","uptime":{"ms":150164}},"memstats":{"gc_next":11704080,"memory_alloc":6269424,"memory_total":21851736},"runtime":{"goroutines":24}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.58,"15":0.59,"5":1.18,"norm":{"1":0.145,"15":0.1475,"5":0.295}}}}}}
2020-07-28T09:16:38.135-0700	INFO	[monitoring]	log/log.go:145	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":170,"time":{"ms":5}},"total":{"ticks":220,"time":{"ms":6},"value":220},"user":{"ticks":50,"time":{"ms":1}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"ea6861c2-3e89-46d2-9c94-933bc8105de4","uptime":{"ms":180164}},"memstats":{"gc_next":11704080,"memory_alloc":6492688,"memory_total":22075000},"runtime":{"goroutines":24}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":2,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.83,"15":0.61,"5":1.18,"norm":{"1":0.2075,"15":0.1525,"5":0.295}}}}}}
2020-07-28T09:17:03.870-0700	INFO	beater/filebeat.go:456	Stopping filebeat
2020-07-28T09:17:03.870-0700	INFO	beater/crawler.go:148	Stopping Crawler
2020-07-28T09:17:03.870-0700	INFO	beater/crawler.go:158	Stopping 1 inputs
2020-07-28T09:17:03.870-0700	INFO	cfgfile/reload.go:227	Dynamic config reloader stopped
2020-07-28T09:17:03.870-0700	INFO	[reload]	cfgfile/list.go:118	Stopping 1 runners ...
2020-07-28T09:17:03.870-0700	INFO	input/input.go:138	input ticker stopped
2020-07-28T09:17:03.870-0700	INFO	udp/input.go:118	Stopping UDP input
2020-07-28T09:17:03.870-0700	INFO	[udp]	udp/server.go:140	Stopping UDP server	{"address": "0.0.0.0:5514"}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.