Hi
I followed the tutorial on "https://extelligenceblog.it/2017/07/23/elastic-stack-suricata-idps-and-pfsense-firewall-part-3-logstash-pipeline-additions-suricata-alerts/"
this step is affected error (/usr/share/logstash/bin/logstash -f ./10-pfsense-filter.conf)
what causes and resolves the error
[ERROR] 2018-02-21 05:47:43.380 [LogStash::Runner] agent - failed to fetch pipeline configuration {:message=>"No config files found: ./10-pfsense-filter.conf. Can you make sure this path is a logstash config file?"}
ELK Stack 5.6.7, Filebeat 6.2
[Logstash]
cd /etc/logstash/conf.d
#tcp syslogs stream via 5140
input {
tcp {
type => "syslog"
port => 5140
}
}
#udp syslogs stream via 5140
input {
udp {
type => "syslog"
port => 5140
}
}
input {
beats {
port => 5044
}
}
sudo nano 10-pfsense-filter.conf
#input { stdin { } }
filter {
if [type] =="suricataIDPS" {
json {
source => "message"
}
date {
match => [ "timestamp", "ISO8601" ]
}
}
}
#output { stdout { codec => rubydebug } }
Filebeat
filebeat.prospectors:
-
fields:
tags:
- SuricataIDPS
- JSON
document_type: suricataIDPS
fields_under_root: true
type: log
paths:
- /var/log/suricata/*/eve.json*
output.logstash:
hosts: ["x.x.x.x:5044"]
logging.files:
keepfiles: 7
name: filebeat.log
path: /var/log/filebeat
logging.to_files: true