Hi all:)
I have my logstash vm and my application vm, they don't run in the same subnet
I am trying send logs from my vm application to logstash vm
this is my filebeat.yml
filebeat.inputs:
- type: log
paths:
- /home/ubuntu/releases/1.1.0/utsoft_fe/server/opdata/log/sql.log
output.logstash:
hosts: ["{logstash public ip}:5044"]
enabled: true
and here my logstah.conf:
input {
beats {
port => "5044"
host => "{private ip}"
codec => plain {
charset => "US-ASCII"
}
}
}
filter {}
output {
elasticsearch {
hosts => ["http://{public ip}:9200"]
user => "elastic"
password => '{my password}'
}
stdout{codec=> rubydebug}
}
when I run the filebeat I get :
Failed to connect to backoff(async(tcp://{}:5044)): dial tcp {}:5044: i/o timeout
when I run "sudo ./filebeat test output"
I get
connection...
parse host... OK
dns lookup... OK
addresses: {logstah public ip}
dial up... ERROR dial tcp {logstah public ip}:5044: i/o timeout
when I start logstah I get:
[INFO ] 2021-01-18 10:37:32.809 [[main]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>2.76}
[INFO ] 2021-01-18 10:37:33.097 [[main]-pipeline-manager] beats - Starting input listener {:address=>"10.0.2.10:5044"}
[INFO ] 2021-01-18 10:37:33.162 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2021-01-18 10:37:33.397 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2021-01-18 10:37:33.756 [[main]<beats] Server - Starting server on port: 5044
when I check in logstah vm if I received the packages with this command:
"sudo tcpdump -Xni eth0 port 5044"
I can see the pachages for example:
"10:49:34.806583 IP {my app vm}.53790 > 10.0.2.10.5044: Flags [S], seq 2443882348, win 64240, options [mss 1440,sackOK,TS val 394395986 ecr 0,nop,wscale 7], length 0
0x0000: 4500 003c e27d 4000 3006 1dc0 0d43 3132 E..<.}@.0....C12
0x0010: 0a00 020a d21e 13b4 91aa af6c 0000 0000 ...........l....
0x0020: a002 faf0 c2e6 0000 0204 05a0 0402 080a ................
0x0030: 1782 0152 0000 0000 0103 0307 ...R........
"
I tried to add ssl but it dosen't work
versions:
logstash 7.10.0
filebeat version 7.10.1
logstash-input-beats (6.0.13)
any ideas?
thanks