philhagen
commented
3 years ago I suspect this may be that the "type" being shipped is not handled. SOF-ELK is not presently handling winlogbeat records, either, so those would be dropped without any processing... I have a few types that are in the queue to handle now... However, I'll rename this issue to be a feature request to handle winlogbeat and try to get that handled.
Hi.
This may be my error. I have opened port 5044 on the server and configured two servers (one filebeats on a linux host, the other WinLogbeats on a Windows host) Neither of these are showing up in the SOF-ELK instance.
Windows Host: I have run a tcpdump on the SOF-ELK server to ensure that packets are getting to the host, I can see the traffic arriving. See example below: 06:05:20.934692 IP 192.168.0.150.65190 > 192.168.20.26.lxi-evntsvc: Flags [.], seq 6578449:6579909, ack 127, win 512, length 1460 06:05:20.934745 IP 192.168.0.150.65190 > 192.168.20.26.lxi-evntsvc: Flags [.], seq 6579909:6581369, ack 127, win 512, length 1460 06:05:20.934796 IP 192.168.20.26.lxi-evntsvc > 192.168.0.150.65190: Flags [.], ack 6581369, win 2073, length 0 06:05:20.934825 IP 192.168.0.150.65190 > 192.168.20.26.lxi-evntsvc: Flags [.], seq 6581369:6582829, ack 127, win 512, length 1460
However nothing shows up in the Dashboard The FileBeats output configuration is (Windows Host) output.logstash: hosts: ["192.168.20.26:5044"]
Any tips on what might be going wrong?