So i looked at the winlogbeat log file and am seeing this error:
2021-01-08T12:09:19.639-0800 INFO [monitoring] log/log.go:154 Uptime: 232.2918ms
2021-01-08T12:09:19.639-0800 INFO [monitoring] log/log.go:131 Stopping metrics logging.
2021-01-08T12:09:19.640-0800 INFO instance/beat.go:452 winlogbeat stopped.
2021-01-08T12:09:19.643-0800 ERROR instance/beat.go:956 Exiting: error connecting to Kibana: fail to load the TLS config: 2 errors: open /certs/lab.crt: The system cannot find the path specified. /certs/lab.crt; open /certs/ca.crt: The system cannot find the path specified. reading <nil>
So I changed my yaml to the full path of the certificates:
*# =================================== Kibana ===================================*
*setup.kibana:*
* host: https://lab:5601*
* ssl.enabled: true*
* setup.kibana.ssl.verification_mode: none*
* ssl.certificate_authorities: "C:\elk\7.10.1\beats\winlogbeat-7.10.1-windows-x86_64\config\certs\ca.crt"*
* ssl.certificate: "C:\elk\7.10.1\beats\winlogbeat-7.10.1-windows-x86_64\config\certs\lab.crt"*
* ssl.key: "C:\elk\7.10.1\beats\winlogbeat-7.10.1-windows-x86_64\config\certs\lab.key"*
*# ---------------------------- Elasticsearch Output ----------------------------*
*output.elasticsearch:*
* hosts: "https://lab:9200"*
* username: "elastic" *
* password: "passwordhere"*
* output.elastic.ssl.certificate_authorities: "C:\elk\7.10.1\beats\winlogbeat-7.10.1-windows-x86_64\config\certs\ca.crt"*
* output.elastic.ssl.key: "C:\elk\7.10.1\beats\winlogbeat-7.10.1-windows-x86_64\config\certs\lab.key"*
But now I am getting the following error:
C:\elk\7.10.1\beats\winlogbeat-7.10.1-windows-x86_64>winlogbeat.exe test config -c .\winlogbeat.yml -e
Exiting: error loading config file: yaml: line 46: found unknown escape character
What path should I be specifying?
