堆栈内存溢出
  简体   繁体   English

使用ELK和Filebeat在不同服务器之间传送日志时出错

[英]Error in shipping logs between different servers using ELK and Filebeat

 原文  2018-04-06 15:18:43       elasticsearch/ logstash/ filebeat

问题描述

I have installed Filebeat deb package in Client-server(Linux Wind-River) and ELK in Elk-server(Ubuntu-16.04-server). 我已经在客户端服务器(Linux Wind-River)和麋鹿服务器(Ubuntu-16.04-server)的ELK中安装了Filebeat deb软件包。 The problem is, I can't receive logs from Client-server. 问题是,我无法从客户端服务器接收日志。 I checked the network statistics and it seems 5044 port(Listening port) in ELK server is LISTENING. 我检查了网络统计信息,似乎ELK服务器中的5044端口(侦听端口)正在侦听。 I can ping from both sides. 我可以从两边ping。 I also have ssh connection in both directions. 我也有双向的ssh连接。

This is the link which I used to install these packages on servers. 是我用来在服务器上安装这些软件包的链接。

My Filebeat configurations: 我的Filebeat配置: 

filebeat.prospectors:
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.  paths:
   - /var/log/filebeat/*
   - /var/log/*.log  
  #- c:\programdata\elasticsearch\logs\*
document_type: log
#============================= Filebeat modules =============================== 
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading  
reload.enabled: false
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#----------------------------- Logstash output -------------------------------- 
output.logstash:
# The Logstash hosts
hosts: ["192.168.10.3:5044"]
proxy_url: socks5://wwproxy.seln.ete.ericsson.se:808
# Optional SSL. By default is off. 
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/etc/pki/tls/certs/logstash-forwarder.crt"
# Client Certificate Key
ssl.key: "/etc/pki/tls/private/logstash-forwarder.key"

1 个解决方案

解决方案1
 0 已采纳  2018-04-10 11:38:20

I figured out the Error! 我发现了错误! The problem is the server IP in openssl.cnf should be the IP address of bridged Interface. 问题是openssl.cnf中的服务器IP应该是桥接接口的IP地址。 And the certificate generated with this openssl.cnf should be used in both the servers. 并且在两个服务器中都应使用由openssl.cnf生成的证书。 Further, I also shared the .key generated in ELK server to Client-server to be more secured/authenticate. 此外,我还将ELK服务器中生成的.key共享给客户端服务器,以提高安全性/验证性。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Filebeat / ELK中为不同的日志定义分离的索引? - How to define seperated indexes for different logs in Filebeat/ELK? 使用filebeat在日期/时间之间合并日志 - Merge logs between date/time using filebeat 无法将Filebeat连接到Logstash以使用ELK进行日志记录 - Unable to connect Filebeat to logstash for logging using ELK 如果日志包含特定字段,如何限制Filebeat仅将日志发送到ELK? - How to constrain Filebeat to only ship logs to ELK if they contain a specific field? 在Kubernetes中运行ELK堆栈的Filebeat不会捕获日志中的pod名称 - Filebeat with ELK stack running in Kubernetes does not capture pod name in logs 日志和ELK堆栈在单独的服务器上,如何显示日志? - Logs and ELK stack on separate servers, how to display the logs? 将filebeat的日志发送到kibana时出错? - Error in send logs of filebeat to kibana? Filebeat:将不同的日志从filebeat发送到不同的logstash管道 - Filebeat : Send different logs from filebeat to different logstash Pipeline ELK和Filebeat配置 - ELK and Filebeat configuration ELK堆栈中的Logstash和filebeat - Logstash and filebeat in the ELK stack
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM