Got Invalid Frame Type Exception even Filebeat version is same which pointing to Logstash 5.6.14

Elastic Stack Logstash
1

Hi Magnus,

I have problems with Filebeat and Logstash setup. So I assigned to move logstash service to dockerize one. Then, I use logstash Docker with version 5.6.14. But I have an exception when attempt to redirect one of my server to new logstash service. I got "Invalid Frame Type" exception on Logstash side.

Here are different configuration between old logstash and new logstash:

  • old logstash version: 5.6.8

  • new logstash version: 5.6.14

  • redis server send log to new logstash service (5.6.14)

filebeat.yml:

# cat /etc/filebeat/filebeat.yml
# << ansible managed file >>

filebeat:
  prospectors:
    - input_type: log
      paths:
        - /var/log/syslog
        - /var/log/auth.log
      document_type: syslog

output:
  logstash:
    hosts: [ '10.100.0.37:5044' ]

filebeat version:

# /usr/share/filebeat/bin/filebeat --version
filebeat version 5.4.0 (amd64), libbeat 5.4.0

ubuntu version:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:    16.04
Codename:   xenial
  • elasticsearch server send log to old logstash service (5.6.8)

filebeat.yml:

# cat /etc/filebeat/filebeat.yml
# << ansible managed file >>

filebeat:
  prospectors:
    - input_type: log
      paths:
        - /var/log/syslog
        - /var/log/auth.log
      document_type: syslog
    - input_type: log
      paths:
        - /var/log/elasticsearch/*/*cluster.log
      document_type: elasticsearch_log
output:
  logstash:
    hosts: [ '10.100.0.7:5044' ]

filebeat version:

# /usr/share/filebeat/bin/filebeat --version
filebeat version 5.4.0 (amd64), libbeat 5.4.0

ubuntu version:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:    16.04
Codename:   xenial

When I tried to redirect elasticsearch filebeat to 10.100.0.37 from 10.100.0.7, new logstash service got an error like this:

[org.logstash.beats.BeatsHandler] Exception: 

org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type

On the other hand, both of hosts are able to perform telnet to new logstash service. So, I could consider there are no any network issue such as blocked by Firewall.

elasticsearch instance:

es1:/home/users/ridwan# telnet 10.100.0.37 5044
Trying 10.100.0.37...
Connected to 10.100.0.37.
Escape character is '^]'.
^CConnection closed by foreign host.

redis instance:

redis1:/home/users/ridwan# telnet 10.100.0.37 5044
Trying 10.100.0.37...
Connected to 10.100.0.37.
Escape character is '^]'.
^CConnection closed by foreign host.

I also didn't set SSL both for Filebeat or Logstash.

Do you have any suggestion or Feedback, Magnus?

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.