When I type the command iptables -S, I see this:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-pizza-login
-A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-pizza-login
-A f2b-pizza-login -s 192.168.88.16/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-pizza-login -j RETURN
I then successfully installed filebeat on this same machine. This is what my /etc/filebeat/modules.d/iptables.yml looks like:
- module: iptables
log:
enabled: true
When I go to Kibana > Dashboard > [Logs Iptables] Overview, none of the visualizations show any data.
When I go to Kibana > Discover and search for the term pizza, no results show up when I search the data views filebeat-* or logs-* or these data views:
In fact none of the data views show any mention of the term pizza.
I also tried installing a standalone elastic agent and using the IP Tables integration. Again, no mention of the term pizza in any of the dataviews or dashboards.
I can see the filebeat and elastic agent are both successfully transmitting other pieces of information to my elastic+kibana stack. But I'm just not getting anything related to the f2b-pizza-login chain.
I am open to using other elastic tools to getting information about the f2b-pizza-login chain of hte iptables into my elastic stack.
What am i doing wrong? Or what tools should I be using?
I am using Elasticsearch and Kibana version 8.11.3