Hi I am trying to test the winlogbeat and Elasticsearch the version is 5.6.4
I am new to Elastic, so still finding my way around.
(I have managed to get filebeat working and can see syslogs so the setup is working)
What Im now trying to do is to get winlogbeat working, but Im getting the below error, I have switched off the firewall, there is no AV and can telnet to the ports successfully.
I have followed the steps a couple of times now, with no luck
Logstash is running on port 5044
Elastic is running on port 9200
Here is the error from the logs
2017-12-04T16:05:06Z DBG connect to logstash host opscx1.ops.com:5044:10200
2017-12-04T16:05:07Z DBG handle error: read tcp 192.168.0.1:61223->192.168.0.173:5044: wsarecv: An existing connection was forcibly closed by the remote host.
2017-12-04T16:05:07Z DBG closing
2017-12-04T16:05:07Z DBG 0 events out of 100 events sent to logstash host opscx1.ops.com:5044:10200. Continue sending
2017-12-04T16:05:07Z DBG close connection to logstash host opscx1.ops.com:5044:10200
2017-12-04T16:05:07Z ERR Failed to publish events (host: opscx1.ops.com:5044:10200), caused by: read tcp 192.168.0.1:61223->192.168.0.173:5044: wsarecv: An existing connection was forcibly closed by the remote host.
Winlogbeat file
winlogbeat.event_logs:
- name: Application
ignore_older: 24h
- name: Security
ignore_older: 24h
- name: System
ignore_older: 24h
output.logstash:
# The Logstash hosts
hosts: ["opscx1.ops.com:5044"]
tls:
certificate_authorities: ["C:/ProgramData/winlogbeat/logstash-forwarder.crt"]
logging.to_files: true
logging.files:
path: C:/ProgramData/winlogbeat/Logs
logging.level: debug
Anyone have any ideas as Im worn out?