Hello, I'm trying to debug a warning message I'm getting in my Logstash logs for my Winlogbeat filter. I've tried adding the setting client_inactivity_timeout => 0
to my Logstash input filter like I read in similar issues with no luck. I've also tried setting ttl: 0s
within the client's winlogbeat.yml, and that didn't work either.
Here's the error message:
[2020-02-03T00:04:39,594][INFO ][org.logstash.beats.BeatsHandler][winlogbeat] [local: 0.0.0.0:5044, remote: 192.168.15.17:63807] Handling exception: Connection reset by peer
[2020-02-03T00:04:39,596][WARN ][io.netty.channel.DefaultChannelPipeline][winlogbeat] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:?]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[?:?]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276) ~[?:?]
at sun.nio.ch.IOUtil.read(IOUtil.java:233) ~[?:?]
at sun.nio.ch.IOUtil.read(IOUtil.java:223) ~[?:?]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358) ~[?:?]
at io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:288) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1125) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:347) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:148) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529) ~[netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at java.lang.Thread.run(Thread.java:834) [?:?]
And this is my Logstash filter:
input {
# Listen on port 5044 for events using the beats codec and keep the connection to host open for 10 minutes to prevent premature timeouts.
beats {
port => 5044
client_inactivity_timeout => 0
}
}
filter {
# Tag event with GeoIP based on the location of their IP address.
geoip {
source => "[event_data][source.ip]"
}
if ("192.168.1*" in [source.ip]) {
mutate {
add_tag => ["Internal IP"]
remove_tag => ["_geoip_lookup_failure"]
}
}
}
output {
# Output data to Elasticsearch.
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}
First time posting on the forum, so I apologize if any of my syntax is off.
Thanks!
EDIT: I should also note that it doesn't appear that I'm missing any logs, I just get this warning very frequently and would like to know the cause and how to prevent it.