Hi Everyone,
My packetbeat agent won't ship packets to logstash. Could someone give me hint to solve this issue ?
Packetbeat log :
2019-07-02T02:18:24.403Z INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":760,"time":{"ms":11}},"total":{"ticks":2280,"time":{"ms":39},"value":2280},"user":{"ticks":1520,"time":{"ms":28}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"af8fd8a2-49fc-49d6-af15-37ae500e974a","uptime":{"ms":1050161}},"memstats":{"gc_next":42739424,"memory_alloc":23677752,"memory_total":56891272}},"libbeat":{"config":{"module":{"running":0}},"output":{"read":{"errors":1},"write":{"bytes":126}},"pipeline":{"clients":15,"events":{"active":910,"published":11,"retry":1,"total":11}}},"system":{"load":{"1":0.02,"15":0.22,"5":0.22,"norm":{"1":0.02,"15":0.22,"5":0.22}}}}}}
2019-07-02T02:18:35.891Z ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(http://192.168.31.139:5044)): Get http://192.168.31.139:5044: read tcp 192.168.31.137:34764->192.168.31.139:5044: read: connection reset by peer
2019-07-02T02:18:35.893Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(http://192.168.31.139:5044)) with 28 reconnect attempt(s)
2019-07-02T02:18:35.895Z INFO [publish] pipeline/retry.go:189 retryer: send unwait-signal to consumer
2019-07-02T02:18:35.896Z INFO [publish] pipeline/retry.go:191 done
2019-07-02T02:18:35.897Z INFO [publish] pipeline/retry.go:166 retryer: send wait signal to consumer
2019-07-02T02:18:35.898Z INFO [publish] pipeline/retry.go:168 done
Packetbeat configuration:
#----------------------------- Logstash output --------------------------------
#output.logstash:
enabled: true
The Logstash hosts
hosts: ["192.168.31.139:5044"]
loadbalance: true
Optional SSL. By default is off.
List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
logstash configuration
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
Best regards,
P.S: I followed up the instruction to create manual template in the documentation