Our enterprise configures our AWS EC2 instances with Auditbeat, Filebeat, Journalbeat, Metricbeat, and Packetbeat to forward to a set of logstash servers. Our /var/log/messages, and /var/log/secure files are filled with error messages:
May 17 03:34:04 vac10appcpe800 auditbeat[1462]: {"log.level":"error","@timestamp":"2023-05-17T03:34:04.436Z","log.logger":"logstash","log.origin":{"file.name":"logstash/async.go","file.line":280},"message":"Failed to publish events caused by: write tcp 10.247.148.20:57200->10.247.2.241:6048: write: broken pipe","service.name":"auditbeat","ecs.version":"1.6.0"}
May 17 03:34:05 vac10appcpe800 auditbeat[1462]: {"log.level":"error","@timestamp":"2023-05-17T03:34:05.531Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":176},"message":"failed to publish events: write tcp 10.247.148.20:35652->10.247.2.241:6046: write: broken pipe","service.name":"auditbeat","ecs.version":"1.6.0"}
May 17 03:35:17 vac10appcpe800 filebeat[1456]: {"log.level":"error","@timestamp":"2023-05-17T03:35:17.352Z","log.logger":"logstash","log.origin":{"file.name":"logstash/async.go","file.line":280},"message":"Failed to publish events caused by: EOF","service.name":"filebeat","ecs.version":"1.6.0"}
May 17 03:35:24 vac10appcpe800 journalbeat[1457]: 2023-05-17T03:35:24.877Z#011ERROR#011[logstash]#011logstash/async.go:280#011Failed to publish events caused by: EOF
As a system administrator I try to address all Errors and Warnings, but I am not sure where to begin with theses.
Can I fix these issues with my local beats .yml config files?
Is this something they have to fix on the logstash server end?
Thank you,