Logstash-forwarder not connecting with the server

Hi All,
I am trying to use the logstash and logstash-forwarder fir the first time. My logstash-forwarder and logstash are installed on 2 separate VMs.
Consider forwarder on server A and Logstash on Server B.

I generated the SSL certificates from Server B using the command
openssl req -x509 -nodes -newkey rsa:2048 -keyout logstash-forwarder.key -out logstash-forwarder.crt and when Common Name was asked, i entered the Server A name which is already in /etc/hosts/.

This is the config for logstash in server B
input {
lumberjack {
port => 5043
ssl_certificate => "/etc/logstash/server.crt"
ssl_key => "/etc/logstash/server.key"
}
}
These crt and key files are copied to Server A to /opt/logstash-forwarder/bin/

Below is the config from Server A [ Forwarder ]
{
"network": {
"servers": [ "astroELK:5043" ],
"ssl certificate": "/opt/logstash-forwarder/bin/logstash-forwarder.crt",
"ssl key": "/opt/logstash-forwarder/bin/logstash-forwarder.key",
"ssl ca": "/opt/logstash-forwarder/bin/logstash-forwarder.crt",
"timeout": 15
},

"files": [
{
"paths": [
"/var/log/nds/cmdc/cmdc.audit"
],
"fields": { "type": "cmdc" }
}
]
}

if i run the logstash-forwarder using the command, ./logstash-forwarder -config config.json I am getting the following output

2016/03/29 13:31:51.725925 Waiting for 1 prospectors to initialise
2016/03/29 13:31:51.726049 Launching harvester on new file: /var/log/nds/cmdc/cmdc.audit
2016/03/29 13:31:51.726111 Started harvester at end of file (current offset now 2828108): /var/log/nds/cmdc/cmdc.audit
2016/03/29 13:31:51.726148 All prospectors initialised with 0 states to persist
2016/03/29 13:31:51.726243 Loading client ssl certificate: /opt/logstash-forwarder/bin/logstash-forwarder.crt and /opt/logstash-forwarder/bin/logstash-forwarder.key
2016/03/29 13:31:52.035688 Setting trusted CA from file: /opt/logstash-forwarder/bin/logstash-forwarder.crt
2016/03/29 13:31:52.036614 Connecting to [10.209.26.147]:5043 (astroELK)
2016/03/29 13:31:52.037147 Failure connecting to 10.209.26.147: dial tcp 10.209.26.147:5043: connection refused

Not sure whether i made any mistakes here.

2016/03/29 13:31:52.037147 Failure connecting to 10.209.26.147: dial tcp 10.209.26.147:5043: connection refused

The computer running LSF can't connect to 10.209.26.147:5043. This might be because Logstash on that host isn't running, or that it's running but wasn't able to bind to that port, or that there's a firewall blocking the access, or something else.

Please be aware that LSF is deprecated. You should be moving to filebeat instead.

Thanks warkolm. I will try using filebeat. Will you be kind to give me the versions of elastic search, logstash , kibana and filebeat

Will you be kind to give me the versions of elastic search, logstash , kibana and filebeat

What do you mean?

I wanted to know the latest versions of all 4 components which supports each other.

See https://www.elastic.co/support/matrix.

Thanks. One last query. When i try to upgrade from 1.5.2 logstash to 2.2.1, i found this. May i know the reason please?

[root@astroELK rpms]# rpm -ivh logstash-2.2.2-1.noarch.rpm
Preparing... ########################################### [100%]
file /etc/init.d/logstash from install of logstash-1:2.2.2-1.noarch conflicts with file from package logstash-1:1.5.2-1.noarch
file /etc/logrotate.d/logstash from install of logstash-1:2.2.2-1.noarch conflicts with file from package logstash-1:1.5.2-1.noarch

I believe RPMs should be upgraded with rpm -U, not rpm -i.

1 Like

Sorry. My mistake. Its done.
Many thanks