We have configured Fleet server and added Elastic Agents. Output is configured using Logstash. Agent policy is added which contains system integration, its working fine and sending logs to logstash output.
When we try to add Barracauda Cloudgen Firewall integration, integration gets added but its showing following error:
Documentation suggests that it receives output via Lumberjack protocol. There are lumberjack plugins there for logstash-input-lumberjack and logstash-output-lumberjack . Do we need to install any of this plugin ? or it should be fixed any other way, please guide.
Following are the logs from elastic agent log file for reference:
{"log.level":"error","@timestamp":"2023-12-08T07:09:38.411Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":857},"message":"Spawned new component lumberjack-default: input not supported","log":{"source":"elastic-agent"},"component":{"id":"lumberjack-default","state":"FAILED"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-12-08T07:09:38.411Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":857},"message":"Spawned new unit lumberjack-default-lumberjack-barracuda_cloudgen_firewall-542abf24-7edb-4c28-852a-b3454c5fa5a7: input not supported","log":{"source":"elastic-agent"},"component":{"id":"lumberjack-default","state":"FAILED"},"unit":{"id":"lumberjack-default-lumberjack-barracuda_cloudgen_firewall-542abf24-7edb-4c28-852a-b3454c5fa5a7","type":"input","state":"FAILED"},"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-12-08T07:09:38.411Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":857},"message":"Spawned new unit lumberjack-default: input not supported","log":{"source":"elastic-agent"},"component":{"id":"lumberjack-default","state":"FAILED"},"unit":{"id":"lumberjack-default","type":"output","state":"FAILED"},"ecs.version":"1.6.0"}
Yeah, not sure what could be this issue, the only thing I could think of is that if the Agent could not bind to the IP port because there was something else using the port 5044 on the same server.
Can you confirm that the port 5044 is not being used on the server that the Elastic Agent with the barracuda integration is running?
Thanks @leandrojmp, we are using version 8.6.2 for fleet and elastic agent, and logstash is using version 8.7.0. Looks like we may need to update versions.
Yeah, it seems that the lumberjack input on Elastic Agent was removed between version 8.5.3 and 8.6.0 and added back on 8.7.1 according to this issue.
I'm not sure you can run Elastic Agent on a minor version higher than the rest of the stack, so you will probably need to upgrade your entire stack, Elasticasearch, Kibana, Fleet and then the Agents.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
