Filebeat

/etc/filebeat/filebeat.yml

filebeat:
prospectors:
-
paths:
- /var/log/auth.log
- /var/log/syslog
# - /var/log/*.log

  input_type: log

  document_type: syslog

registry_file: /var/lib/filebeat/registry

output:
logstash:
hosts: ["10.33.30.76:5044"]
bulk_max_size: 1024

tls:
  certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
  certificate_key: ["/etc/pki/tls/private/logstash-forwarder.key"]

shipper:

logging:
files:
rotateeverybytes: 10485760 # = 10MB

/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -e -v

ERR Failed to publish events caused by: read tcp 10.33.255.24:55308->10.33.30.76:5044: i/o timeout
INFO Error publishing events (retrying): read tcp 10.33.255.24:55308->10.33.30.76:5044: i/o timeout
ERR SSL client failed to connect with: read tcp 10.33.30.73:34521->10.33.30.76:5044: i/o timeout

I need anybody's help.

How can I create certificate

Did you follow the docs here? https://www.elastic.co/guide/en/beats/filebeat/current/configuring-tls-logstash.html

Please use descriptive titles for your discuss topics and format the code parts with 3 ticks ` before and after to make it better readable.

I created certificat by this command

openssl req -x509 -days 365 -batch -nodes -newkey rsa:2048 -keyout /etc/ssl/logstash-forwarder.key -out /etc/ssl/logstash-forwarder.crt

I see
logstash-forwarder.crt and logstash-forwarder.key certificates.

I don't understand where root/ca.pem certificat?

Thanks

This topic was automatically closed after 21 days. New replies are no longer allowed.