Getsockopt: connection refused error while trying from Docker vm

Firdaus · December 6, 2017, 6:05am

I have installed filebeat in a docker machine and trying to connect to ELK server but i get below error
[tomluser@tomlvmtest etc]$ sudo systemctl status filebeat
● filebeat.service - filebeat
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-12-06 05:56:36 UTC; 2s ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Main PID: 62152 (filebeat)
CGroup: /system.slice/filebeat.service
└─62152 /usr/bin/filebeat -c /etc/filebeat/filebeat.yml

Dec 06 05:56:36 tomlvmtest systemd[1]: Started filebeat.
Dec 06 05:56:36 tomlvmtest systemd[1]: Starting filebeat...
Dec 06 05:56:36 tomlvmtest /usr/bin/filebeat[62152]: transport.go:125: SSL client failed to connect with: dial tcp 10.0.0.7:5044: getsockopt: connection refused
Dec 06 05:56:36 tomlvmtest /usr/bin/filebeat[62152]: transport.go:125: SSL client failed to connect with: dial tcp 10.0.0.7:5044: getsockopt: connection refused
Dec 06 05:56:37 tomlvmtest /usr/bin/filebeat[62152]: transport.go:125: SSL client failed to connect with: dial tcp 10.0.0.7:5044: getsockopt: connection refused

It works fine when I install filebeat in ELK server and put IP address as localhost. I believe its the IP/port issue. But port 5044 is already open both ways.

I am also able to ping to the ip address from vm.

Please advise.

steffens · December 6, 2017, 1:57pm

Is the port correctly forwarded? If ping <ip> works from VM, try telnet <ip> <port> next.

Firdaus · December 6, 2017, 4:44pm

Yes ping works well. And when I do telnet in docker machine I don't see port in the list. But I tried adding port using iptables command. I don't know how to make that port visible when I do telnet. I tried adding via docker command but it's not docker installed machine. It is just a container. I have less knowledge n on docker , I guess it's because of docker. Please suggest

steffens · December 7, 2017, 12:38pm

So beats is running and VM and elasticsearch in container?

Which imaage are you using? How did you start the container?

You can check the port mapping of elasticsearch via docker ps. When starting a container you can use -p 9200:9200, to have the exposed 9200 port mapped to the hosts 9200 port. If you don't configure the mapping, the port might not be available outside the container.

Before trying to get beats work, make sure Elasticsearch is running correctly by running curl http://<ip>:9200. Does this work from any other host but your VM?

system · January 4, 2018, 12:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.