Hi
I've recently been trying to make it so Winlogbeat sends it's logs to Logstash but nothing is happening. Then I tried to send logs directly to Elasticsearch and it works. I don't know what the problem is.
I've checked my firewall and there is nothing blocking it.
Logstash configuration:
input {
tcp {
port => 5001
}
}
filter {
grok {
match => [ 'TimeCreated', "Date(%{NUMBER:timestamp})" ]
}
date {
match => [ 'timestamp', 'UNIX_MS' ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => ["winlogbeat"]
}
}
Logstash says in the logs that it's listening on port 5001 for tcp. I've also changed the Winlogbeat output to send with tcp to port 5001.
I also tried to use beats instead of tcp but nothing differed, it still didn't get any input.
To simplify I have not used any SSL, user authentication or anything else that might bother the connection.