I am new to this, Need to get the Windows Event Logs from AWS cloud to my VMware Ubuntu Logstash server.
I am not able to connect to my Ubuntu Logstash server (private ip) from an AWS Windows cloud instance (public ip).
- Logstash IP is private ip
- AWS cloud ip is public ip
We created the rule in my firewall ( allow the 5044 port from publicly ) for log receive.
Find below my configuration:
winlogbeat.event_logs: - name: Security ignore_older: 2h event_id: 4727, 4731, 4754, 4726 - name: Application ignore_older: 2h - name: Security ignore_older: 2h output.logstash: hosts: ["192.168.6.103:5044"] bulk_max_size: 1024 index: winlogbeat ssl: certificate_authorities: ["C:/ProgramData/winlogbeat/logstash-forwarder.crt"] logging.to_files: true logging.files: path: C:/ProgramData/winlogbeat/Logs logging.level: debug
Below find the error from Winlogbeat (AWS instance windows 2008 r2 server) .
2017-04-10T02:58:50+01:00 ERR Connecting error publishing events (retrying): dial tcp 192.168.6.103:5044: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 2017-04-10T02:58:50+01:00 DBG send fail
Its urgent your previous post was nice,