Winlogbart 6.0.1- Logstash beats parser error

Hi All,

Iam trying to send the windows events using winlogbeat to logstash, all the four components have 6.0.1 version.

Logstash conf

input {
  beats {
    port => 5547
    tags => "windows"
  }
}




output {
    if ( "windows" in [tags] ) {
    elasticsearch {
      index => "winlogbeat-%{+YYYY.MM.dd}"
       hosts => ["https://localhost:9200"]
      cacert => '/usr/share/elasticsearch/bin/x-pack/ca/ca.crt'
      ssl_certificate_verification => false
      ssl => true
      user => "xxxx"
      password => "xxx"
     }
  }
}

Am getting this message in logstash-plain.log

[2018-02-12T09:26:00,366][INFO ][logstash.inputs.metrics  ] Monitoring License OK
[2018-02-12T09:26:05,797][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:5547, remote: x.x.x.x:53209] Handling exception: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
[2018-02-12T09:26:05,800][INFO ][org.logstash.beats.BeatsHandler] [local: 0.0.0.0:5547, remote: x.x.x.x:53209] Handling exception: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 84

Am not sure whats the mistake,I have made please do let me know to fix this issue.
Thanks,
Raj

What does your Winlogbeat configuration look like? Make sure you format the YAML as preformatted text so we can see the exact formatting.

Sure thanks Magnus , I will look in to that

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.