filebeat can't connect to logstash

Question

I have Filebeat on my server and Logstash on another server on docker. Here is my filebeat.yml

output:
  logstash:
    enabled: true
hosts:
  - <logstash-server-ip>:5044
tls:
  certificate_authorities:
    - /etc/pki/tls/certs/logstash-forwarder.crt
timeout: 15

filebeat:
  prospectors:
-
  paths:
    - /var/log/secure
  document_type: syslog
-
  paths:
    - "/var/log/nginx/*.log"
  document_type: nginx-access

and this is my logstash 02-beats-input.conf :

input {
  beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  }
}

this is Filebeat log:

2016-10-15T11:59:07-04:00 ERR Connecting error publishing events (retrying): dial tcp <logstash-ip>:5044: getsockopt: connection refused

ps: I think the problem is logstash. configtest said everything is ok but when i run bin/logstash -f /etc/logstash/conf.d -v this is the output:

starting agent {:level=>:info}
starting pipeline {:id=>"main", :level=>:info}
Settings: Default pipeline workers: 2
Starting lumberjack input listener {:address=>"0.0.0.0:5000", :level=>:info}
Beats inputs: Starting input listener {:address=>"0.0.0.0:5044", :level=>:info}
log4j:WARN No appenders could be found for logger (io.netty.util.internal.logging.InternalLoggerFactory).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"], :level=>:info}
Pipeline aborted due to error {:exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in `config_init'", "org/jruby/RubyHash.java:1342:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in `config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in `register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:in `start_workers'", "org/jruby/RubyArray.java:1613:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:in `start_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:in `start_pipeline'"], :level=>:error}
stopping pipeline {:id=>"main"}
Closing inputs {:level=>:info}
Closed inputs {:level=>:info}

Check that you can connect from the FB machine to the LS machine on port 5044, using something like telnet or nc. You may have firewall issues, etc, — Alain Collins, Oct 16 '16 at 20:03
From the error messages, it seems as if the problem is with the outputs, perhaps you should try replacing them with stdout and relaunch with this config — baudsp, Oct 17 '16 at 08:09
@baudsp the problem is beats config file. when i remove it every thing is ok. i have no idea what should i do — Mairon, Oct 17 '16 at 18:15

filebeat can't connect to logstash

0 Answers0