Unable to get logs from filebeats to logstash

gkvganesh · May 8, 2020, 12:57pm

I have installed Filebeat in server A (linux server) to send logs to server B (CentOS server). Server B has Elastic, logstash and kibana installed. I followed the steps to configure logstash output in filebeat.yml from the link https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html
However, I am unable to get the logs in logstash installed in Server B. Do I need to mke further changes?

#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["Server B IP:9600"]
proxy_url: socks5://username:password@Server B IP:2233
index: filebeat
proxy_use_local_resolver: true

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

Hausmeister · May 8, 2020, 1:05pm

Hi Vijay,

to connect to logstash you need to enable an input pipeline in the logstash config.
input {
beats {
host => "IPaddress"
port => 5044
}
}
filter {
...
}
output {
elasticsearch {
hosts => "http://localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

This will open a port at the logstash server Filebeat will connect to and forward all events to elastic. Depending on the logs you might also enable some filter, e.g. for apache.

On ServerB you then configure the connection to ServerA:5044.

Cheers
René

system · June 5, 2020, 1:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.