Winlogbeat unable to connect to ES after enabling x-pack

My winlogbeat is on windows server and ELK is on Ubuntu server. After upgrading to 7.1.1 and enabling X-pack , winlogbeat is unable to connect to ES and giving me error:
connectex: No connection could be made because the target machine actively refused it

I also tried connecting to logstash and configuring winlogbeat.conf

input {
  beats {
    host => 127.0.0.1
    port => 5044
     }
}

output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    manage_template => false
    index => "windows-%{+YYYY.MM.dd}"
  }
}

but got same error.

I think I'm missing something in security configuration, please help...

When you set host => 127.0.0.1 in your Logstash configuration you are limiting incoming Beat connections to Beats running on the localhost. If you are expecting connections from outside machines then do not set the host option for the beats input in Logstash.

A similar settings exists in Elasticsearch. It's called network.host. If you're expecting connections from hosts on different machines then you need to set this option. https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html#common-network-settings

1 Like

if you have enable security then you need user and password in your output section. this is what I am using.
did you setup all required internal user using following, then you need user/password
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

   user => elastic
  password => xxxxx
1 Like

Thank a lot..

thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.