Here's the error from the terminal:
× filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Thu 2023-02-02 20:06:47 PST; 4s ago
Duration: 43ms
Docs: https://www.elastic.co/products/beats/filebeat
Process: 10556 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=2)
Main PID: 10556 (code=exited, status=2)
CPU: 52ms
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: rip 0x7f6c6d29226b
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: rflags 0x246
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: cs 0x33
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: fs 0x0
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: gs 0x0
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: filebeat.service: Start request repeated too quickly.
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: filebeat.service: Failed with result 'exit-code'.
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
~
~
~
Here's my filebeat.yml:
# Wazuh - Filebeat configuration file
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
protocol: https
username: "admin"
password: "admin"
ssl.certificate_authorities:
- /etc/filebeat/certs/root-ca.pem
ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false