我在Client-server(Linux Wind-River)中安装了Filebeat deb软件包,在Elk-server(Ubuntu-16.04-server)中安装了ELK。问题是,我无法从客户端 - 服务器接收日志。我检查了网络统计数据,似乎ELK服务器中的5044端口(侦听端口)正在侦听。我可以从双方ping。我也有两个方向的ssh连接。
This是我用来在服务器上安装这些软件包的链接。
My Filebeat配置:
filebeat.prospectors:
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths. paths:
- /var/log/filebeat/*
- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
document_type: log
#============================= Filebeat modules ===============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["192.168.10.3:5044"]
proxy_url: socks5://wwproxy.seln.ete.ericsson.se:808
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/etc/pki/tls/certs/logstash-forwarder.crt"
# Client Certificate Key
ssl.key: "/etc/pki/tls/private/logstash-forwarder.key"
答案 0 :(得分:0)
我想出了错误!问题是openssl.cnf中的服务器IP应该是桥接接口的IP地址。并且使用此openssl.cnf生成的证书应该在两个服务器中使用。此外,我还将ELK服务器中生成的.key共享给客户端 - 服务器,使其更加安全/可靠。