Hi Team,
I am new to this, Need to get the Windows Event Logs from AWS cloud to my VMware Ubuntu Logstash server.
I am not able to connect to my Ubuntu Logstash server (private ip) from an AWS Windows cloud instance (public ip).
- Logstash IP is private ip
- AWS cloud ip is public ip
We created the rule in my firewall ( allow the 5044 port from publicly ) for log receive.
Find below my configuration:
winlogbeat.event_logs:
- name: Security
ignore_older: 2h
event_id: 4727, 4731, 4754, 4726
- name: Application
ignore_older: 2h
- name: Security
ignore_older: 2h
output.logstash:
hosts: ["192.168.6.103:5044"]
bulk_max_size: 1024
index: winlogbeat
ssl:
certificate_authorities: ["C:/ProgramData/winlogbeat/logstash-forwarder.crt"]
logging.to_files: true
logging.files:
path: C:/ProgramData/winlogbeat/Logs
logging.level: debug
Below find the error from Winlogbeat (AWS instance windows 2008 r2 server) .
2017-04-10T02:58:50+01:00 ERR Connecting error publishing events (retrying): dial tcp 192.168.6.103:5044: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 2017-04-10T02:58:50+01:00 DBG send fail
Its urgent your previous post was nice,
Thanks,
Balasubramaniam.A.G