Here's the error:
× filebeat.service - Filebeat sends log files to Logstash or directly to Elasti>
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; preset: ena>
Active: failed (Result: exit-code) since Thu 2023-02-02 20:06:47 PST; 4s a>
Duration: 43ms
Docs: Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic
Process: 10556 ExecStart=/usr/share/filebeat/bin/filebeat --environment sys>
Main PID: 10556 (code=exited, status=2)
CPU: 52ms
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: rip 0x7f6c6d29226b
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: rflags 0x246
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: cs 0x33
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: fs 0x0
Feb 02 20:06:47 VSS-WazuhServer filebeat[10556]: gs 0x0
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: filebeat.service: Scheduled restart>
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: Stopped Filebeat sends log files to>
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: filebeat.service: Start request rep>
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: filebeat.service: Failed with resul>
Feb 02 20:06:47 VSS-WazuhServer systemd[1]: Failed to start Filebeat sends log >
~
Here's my filebeat.yml:
Wazuh - Filebeat configuration file
output.elasticsearch:
hosts: ["127.0.0.1:9200"]
protocol: https
username: "admin"
password: "admin"
ssl.certificate_authorities:
- /etc/filebeat/certs/root-ca.pem
ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.overwrite: true
setup.ilm.enabled: false
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false