I'm having trouble shipping logs from my client server to my ELK stack server. My client server winlogbeat.yml is:
winlogbeat: registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml event_logs: - name: Application - name: Security - name: System output: logstash: hosts: ["10.0.16.111:5044"] template: path: "winlogbeat.template.json" tls: certificate_authorities: ["C:/Program Files/Winlogbeat/logstash-forwarder.crt"] logging: to_files: true files: path: C:/ProgramData/winlogbeat/Logs level: info
The logs are reporting:
2016-05-20T08:24:46-04:00 INFO GeoIP disabled: No paths were set under output.geoip.paths
2016-05-20T08:24:48-04:00 INFO Max Retries set to: 3
2016-05-20T08:24:48-04:00 INFO Activated logstash as output plugin.
2016-05-20T08:24:48-04:00 INFO Publisher name: ClientServer
2016-05-20T08:24:48-04:00 INFO Flush Interval set to: 1s
2016-05-20T08:24:48-04:00 INFO Max Bulk Size set to: 2048
2016-05-20T08:24:48-04:00 INFO Init Beat: winlogbeat; Version: 1.2.3
2016-05-20T08:24:48-04:00 INFO State will be read from and persisted to C:\ProgramData\winlogbeat.winlogbeat.yml
2016-05-20T08:24:48-04:00 INFO winlogbeat sucessfully setup. Start running.
2016-05-20T08:26:19-04:00 INFO Error publishing events (retrying): read tcp ClientServerIP:62588->ELKStackIP:5044: i/o timeout
2016-05-20T08:26:19-04:00 INFO send fail
2016-05-20T08:26:19-04:00 INFO backoff retry: 1s
Does anyone have any suggestions or insight as far as what I'm doing wrong?