Iptables module not working - filebeat or elastic?

mevan · January 31, 2022, 2:13pm

Resolved.

/var/log/iptables.log must contain ONLY log entries of iptables format.
It may be necessary to remove /var/lib/filebeat/registry (or rename to registry.bk) and restart filebeat
To isolate logging from specific source with rsyslog:
/etc/rsyslog.d/00-iptables.conf:

if $fromhost-ip=='192.168.1.1' then /var/log/iptables.log
& ~

Topic		Replies	Views
No iptables in elasticsearch Beats filebeat	2	359	February 27, 2022
Errors Using Iptables Module Beats filebeat	2	661	March 8, 2022
Filebeat 'iptables' module missing Beats fleet	1	376	November 4, 2022
Filebeat - iptables module Beats filebeat	3	801	February 26, 2020
Filebeat w/ Iptables Module to Logstash to Elastic: Expected Fields Not Populated Beats docker , filebeat	5	535	March 28, 2022