so we've started to renew our Cluster for various reasons:
3 Node Cluster (CentOS 7)
After we setup xpack Security within Elasticsearch - we proceeded to get our Log-Sources connected. It worked just fine for the firewalls - using the modules of Filebeat. No Problem with the delivery whatsoever.
When we tried to connect our Windows Clients to Elasticsearch - we fail.
The Config Test says it's ok - but the output test runs into a timeout.
C:\Program Files\Winlogbeat>winlogbeat test output
parse url... OK
parse host... OK
dns lookup... OK
dial up... ERROR dial tcp 10.28.99.66:9200: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Here's the .yml Configuration on both sides:
output.elasticsearch: enabled: true hosts: ["X.X.X.X:9200", "Y.Y.Y.Y:9200", "Z.Z.Z.Z:9200"] username: "winlogbeat" password: "YjkS1EvKdPaZvYUC" ssl.certificate_authorities: "C:\Program Files\winlogbeat\certs\ca.newkey" #ssl.certificate: "C:\Program Files\winlogbeat\certs\cert.newkey" #ssl.key: "C:\Program Files\winlogbeat\certs\key.newkey protocol: "https"
we've tried it both with ssl.certifacte & key enable and disabled.
xpack.security.enabled: true xpack.security.transport.ssl.enabled: true #xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: certs/key.newkey xpack.security.transport.ssl.certificate: certs/cert.newkey xpack.security.transport.ssl.certificate_authorities: ["/etc/elasticsearch/certs/ca.newkey"]
We've tried both with certificate verificate set to none and certificate.
I parsed the logs of Elasticsearch - but cannot find any errors belonging to the Windows Server on which we're testing on.
Firewall Rules are in place.
I am sure that i'm just in a kind of tunnel vision and i'm missing out on a crucial simple part - but i fail to see it - maybe someone can help?
Thanks in advance!