Winlogbeat unable to connect ELK Ubuntu

Hi Good Day,

I have setup a Ubuntu with ELK installed. Wants to receive logs from Windows 10 machine.
The ELK and the Windows currently on same network since testing. Have enabled xpack.security to true. Get auto generated password from ELK. Now, when I wants to connect from my Windows 10 machine to Ubuntu ELK, it's keep failed. Showing the ELK:9200 target actively refused.

have removed comment on Kibana and Elaticsearch.output and pointing it to ELK server's IP.
For the authentication credentials, I have put username and password for "elastic" which I've generated in ELK when I enabled "xpack.security.enabled: true".
Does this causing the issue?

Error message from powershell:
Exiting: error connecting to Kibana: fail to get the kibana version: HTTP GET request to http://:5601/api/status fails: fail to execute the HTTP GET request: Get "http://:5601/api/status": dial tcp :5601: connectex: No connection could be made because the target machine actively refused it.. Response: .

My winlogbeat.yml:

====Dashboards====
setup.dashboards.enabled: true

====Kibana====
setup.kibana:
host: "ELK IP: 5601"

----Elasticsearch Output----
output.elasticsearch:
hosts: ["ELK IP:9200"]

Installed winlogbeat as service. Started service.
Powershell (run as admin)
.\winlogbeat.exe setup (after this command execute the error message was out/ target machine actively refused)

That would suggest to me that there is a firewall in place.

Hi Mark,

Thanks for reply.

The ELK server and the Windows 10 machine are at same network since testing on getting logs from Windows machine. There is no firewall between those two hosts. I have allowed port 5601 and 9200 at Ubuntu ELK. I can ping among the two hosts.

Is there any other issues?

Hi Mark,

I have disabled ELK Ubuntu firewall and installed telnet service. Now from Windows 10 it can telnet to ELK Ubuntu but when I run the command ".\winlogbeat.exe setup" @ Powershell, it still showing the same error target machine actively refused it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.