Logstash output not working and not throwing an error

frankfoti · September 28, 2020, 7:59pm

I have winlogbeat and audit beat working fine for logstash output. I cannot get logstash output from packetbeat (7.9.2 and 7.6.1) and no errors show up in the log. Totally stuck on this and is is a simple config. Any Ideas?

packet beat yml file will not send data to logstash and no errors in the log.

#================================ Outputs =====================================

# Configure what output to use when sending the data collected by the beat.

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
output:
  logstash:
  # The Logstash hosts
    hosts: ["*.*.*.*:5046"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

#================================ Processors =====================================

warkolm · September 29, 2020, 1:22am

What do your Packetbeat logs show?

frankfoti · September 29, 2020, 11:50am

Logs did not show any connection to logstash or attempt.

It turns out the device I was monitoring was not triggering any activity, hence no attempt to send data in. Once I changed to the vpn device I was connected to, data did flow through to logstash.

Thanks

system · October 27, 2020, 11:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.