Netflow_module error

Vikash_Singh1 · August 19, 2019, 11:08am

Hi I am trying to use logstash netflow module but when I am executing "bin/logstash --modules netflow -M netflow.var.input.udp.port=2055" then I am getting error saying:
"[WARN ] 2019-08-19 16:26:18.548 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}"...Although I have configured modules in logstash.yml..
"modules:
- name: netflow
var.input.udp.port: 2055
var.elasticsearch.hosts: "192.168.0.178:9200"
var.kibana.host: "192.168.31.205:5601"
"
still why this error??

thirty2 · August 19, 2019, 11:11am

Hi,

try to add:

var.kibana.scheme: http
var.kibana.ssl.enabled: false
var.kibana.ssl.verification_mode: disable

Stop logstash and install module first by running:

/usr/share/logstash/bin/logstash --modules netflow --setup -M netflow.var.input.udp.port=2055 -M netflow.var.elasticsearch.hosts="yourhost:port" -M netflow.var.kibana.host="yourhost:port" -M netflow.var.kibana.ssl.enabled=false -M netflow.var.kibana.ssl.verification_mode=disable

Vikash_Singh1 · August 19, 2019, 11:26am

After that what should I do?

Vikash_Singh1 · August 19, 2019, 11:33am

@thirty2 I have executed the above code and I am getting output..but I have to execute multiple .conf files so how am I gonna execute those??also I have added those above lines in logstash.yml...still getting an error while executing "sudo bin/logstash --modules netflow -M netflow.var.input.udp.port=2055"

thirty2 · August 19, 2019, 12:12pm

@Vikash_Singh1 You should run the command i posted, the long one.

Vikash_Singh1 · August 19, 2019, 1:00pm

I have executed the program

thirty2 · August 19, 2019, 1:04pm

please be more specific....

Vikash_Singh1 · August 20, 2019, 5:42am

I've executed this statement...now I have to run another instances of .conf file so how am i going to execute those .conf files??

thirty2 · August 20, 2019, 6:00am

Just start the logstash

Vikash_Singh1 · August 20, 2019, 6:04am

but the port 9600 is already busy because of the above code

thirty2 · August 20, 2019, 6:17am

Once you installed module by the command, you can kill it. Then start the logstash

Vikash_Singh1 · August 20, 2019, 7:03am

I am trying to run the logstash using "/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/http.conf"...but the netflow module is not working..I even tried using systemctl start logstash but still didn't getting any results

thirty2 · August 20, 2019, 7:32am

netflow module configuration needs to be configured in /etc/logstash/logstash.yml.

Vikash_Singh1 · August 20, 2019, 7:38am

I have configured it in logstash.yml.
modules:
- name: netflow
var.input.udp.port: 2055
var.elasticsearch.hosts: "192.168.0.178:9200"
var.kibana.host: "192.168.31.205:5601"
var.kibana.scheme: http
var.kibana.ssl.enabled: false
var.kibana.ssl.verification_mode: disable

thirty2 · August 20, 2019, 7:47am

remove your http.conf, then start logstash with systemctl. What is an error? if port is busy, what is runing on the port than?

Vikash_Singh1 · August 20, 2019, 9:05am

Thanks @thirty2...It did work for me

system · September 17, 2019, 9:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.