Logstash is not open 5044 port on ubuntu server

Elastic Stack Logstash
1

Hi all,
I configured the pipeline to collect windows firewall log of windows server 2012 as follows:
etc/logstash/conf.d/10-input.conf
input {
beats {
# The port to listen on for filebeat connections.
port => 5044
}
}
etc/logstash/conf.d/20-fwlog.conf

filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:date_time} %{DATA:action} %{WORD:protocol} %{IPORHOST:src_ip} %{IPORHOST:dst_ip} %{INT:src_port} %{INT:dst_port} %{DATA:size} %{DATA:tcp_flags} %{DATA:tcp_syn} %{DATA:tcp_act} %{DATA:tcp_win} %{DATA:acmp_type} ${DATA:icmp_code} %{DATA:info} %{WORD:path}"}
}
date {
match => ["timestamp" , "dd/MMM/yyyy:HH:mm:ss Z"]
}
}
etc/logstash/conf.d/30-output.conf

output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
Until I run the netstat -lntp command. Did not see it active port 5044 :frowning:

image.png897×259 6.79 KB

2

Please don't post pictures of text, they are difficult to read and some people may not be even able to see them.

Has LS started? Can you try telnetting to the port?

3

HI warkolm,
Thanks for answering.
Yes, I will draw on the experience for the next post.
I tried telnet from windows machine to LS under port 5044 but failed.

4

Failed how?

5

When I try test telnet to LS, the following message appears:
PingSuccessed : true
TcpTestSuccessed : False

6

On LS I run sudo service logstash configtest command to see the message
LS Unrecognized service

7

Can you please show the full command and output that you are running.

8

C:\Windows\system32> Test-NetConnection -Port 5044
WARING: TCP connect to < IP of LS>:5044 failed

ComputerName : IP
RemoteAddress : IP
RemotePort : 5044
InterfaceAlias : Eth0
SourceAddress :
PingSuccessed : true
TcpTestSuccessed : False

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.