Winlogbeat unable to connect to ES after enabling x-pack

K_B1 · July 1, 2019, 1:51pm

My winlogbeat is on windows server and ELK is on Ubuntu server. After upgrading to 7.1.1 and enabling X-pack , winlogbeat is unable to connect to ES and giving me error:
connectex: No connection could be made because the target machine actively refused it

I also tried connecting to logstash and configuring winlogbeat.conf

input {
  beats {
    host => 127.0.0.1
    port => 5044
     }
}

output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    manage_template => false
    index => "windows-%{+YYYY.MM.dd}"
  }
}

but got same error.

I think I'm missing something in security configuration, please help...

andrewkroh · July 1, 2019, 5:55pm

When you set host => 127.0.0.1 in your Logstash configuration you are limiting incoming Beat connections to Beats running on the localhost. If you are expecting connections from outside machines then do not set the host option for the beats input in Logstash.

A similar settings exists in Elasticsearch. It's called network.host. If you're expecting connections from hosts on different machines then you need to set this option. Networking | Elasticsearch Guide [8.11] | Elastic

elasticforme · July 1, 2019, 6:33pm

if you have enable security then you need user and password in your output section. this is what I am using.
did you setup all required internal user using following, then you need user/password
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

   user => elastic
  password => xxxxx

K_B1 · July 2, 2019, 2:10pm

Thank a lot..

K_B1 · July 2, 2019, 2:10pm

thank you

system · July 30, 2019, 2:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.