On SERVER_2 I installed Metricbeat with the following commands :
$ sudo scp -r -p root@IP_SERVER_1:/etc/pki/tls/certs/logstash-forwarder.crt /etc/pki/tls/certs $ sudo apt install metricbeat $ sudo metricbeat modules enable system $ sudo nano /etc/metricbeat/metricbeat.yml I replaced the line output.elasticsearch: # Array of hosts to connect to. hosts: ["localhost:9200"] by output.elasticsearch: # Array of hosts to connect to. hosts: ["IP_SERVER_1:9200"]
If I was on IP 56.78.147.236 it redirects to monitoring.example.com and displays Kibana. If I go on 56.78.147.236:9200 it says "Site inaccessible". Is this normal ?
Here is the state of the firewall on the ELK server :
To Action From
22/tcp ALLOW IN Anywhere
80,443/tcp (Nginx Full) ALLOW IN Anywhere
5044 ALLOW IN Anywhere
9200 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80,443/tcp (Nginx Full (v6)) ALLOW IN Anywhere (v6)
5044 (v6) ALLOW IN Anywhere (v6)
9200 (v6) ALLOW IN Anywhere (v6)
ubuntu@www-example-com ~ $ sudo systemctl status metricbeat
● metricbeat.service - Metricbeat is a lightweight shipper for metrics.
Loaded: loaded (/lib/systemd/system/metricbeat.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2019-05-08 01:09:05 CEST; 14s ago
Docs: https://www.elastic.co/products/beats/metricbeat
Main PID: 15581 (metricbeat)
Tasks: 11 (limit: 4915)
CGroup: /system.slice/metricbeat.service
└─15581 /usr/share/metricbeat/bin/metricbeat -e -c /etc/metricbeat/metricbeat.yml -path.home /usr/share/metricbeat -path.config /
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.979+0200 INFO instance/beat.go:391 metricbeat st
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.980+0200 INFO filesystem/filesystem.go:57 Ignori
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.980+0200 INFO fsstat/fsstat.go:59 Ignoring files
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.981+0200 INFO [monitoring] log/log.go:117
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.981+0200 INFO cfgfile/reload.go:150 Config reloa
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.982+0200 INFO filesystem/filesystem.go:57 Ignori
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.982+0200 INFO fsstat/fsstat.go:59 Ignoring files
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.982+0200 INFO cfgfile/reload.go:205 Loading of c
May 08 01:09:06 www-example-com metricbeat[15581]: 2019-05-08T01:09:06.733+0200 INFO add_cloud_metadata/add_cloud_metadata.go:
May 08 01:09:07 www-example-com metricbeat[15581]: 2019-05-08T01:09:07.734+0200 INFO pipeline/output.go:95 Connecting t
May 08 01:09:05 www-example-com metricbeat[15581]: 2019-05-08T01:09:05.982+0200 INFO cfgfile/reload.go:205 Loading of c
May 08 01:09:06 www-example-com metricbeat[15581]: 2019-05-08T01:09:06.733+0200 INFO add_cloud_metadata/add_cloud_metadata.go:
May 08 01:09:07 www-example-com metricbeat[15581]: 2019-05-08T01:09:07.734+0200 INFO pipeline/output.go:95 Connecting t
May 08 01:09:35 www-example-com metricbeat[15581]: 2019-05-08T01:09:35.984+0200 INFO [monitoring] log/log.go:144
May 08 01:10:05 www-example-com metricbeat[15581]: 2019-05-08T01:10:05.984+0200 INFO [monitoring] log/log.go:144
May 08 01:10:35 www-example-com metricbeat[15581]: 2019-05-08T01:10:35.986+0200 INFO [monitoring] log/log.go:144
May 08 01:10:39 www-example-com metricbeat[15581]: 2019-05-08T01:10:39.577+0200 ERROR pipeline/output.go:100 Failed to
May 08 01:10:39 www-example-com metricbeat[15581]: 2019-05-08T01:10:39.579+0200 INFO pipeline/output.go:93 Attempting t
May 08 01:11:05 www-example-com metricbeat[15581]: 2019-05-08T01:11:05.986+0200 INFO [monitoring] log/log.go:144
May 08 01:11:35 www-example-com metricbeat[15581]: 2019-05-08T01:11:35.983+0200 INFO [monitoring] log/log.go:144
I read the documentation, why do you need 3 files? While I already created these 3 files on SERVER_1 and I downloaded /etc/pki/tls/certs/logstash-forwarder.crt on SERVER_2
For example, in this tutorial (for Filebeat) there is only one file for the client server :
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.