Hi All,
So, I am trying to collect Windows Firewall Logs on a Windows 2012R2 Server with the Sidecar filebeat collector.
Collector is configured liked this:
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.inputs:
- type: log
enabled: true
paths:
- C:\Windows\System32\LogFiles\Firewall\pfirewall.log
output.elasticsearch:
hosts: ["XXX.XX.XXX.XX:5045"]
path:
data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
logs: C:\Program Files\Graylog\sidecar\logs
There is a filebeat Input running at port 5045 on the Graylog server.
Graylog sidecar filebeat backend service is started and running at the Windows Server.
When i look in the filebeat logs at the Windows server i see several of these entries:
ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(http://XXX.XX.XXX.XX:5036)): Get http://XXX.XX.XXX.XX:5036: EOF
INFO pipeline/output.go:93 Attempting to reconnect to backoff(elasticsearch(http://XXX.XX.XXX.XX:5036)) with 4 reconnect attempt(s)
INFO [publish] pipeline/retry.go:189 retryer: send unwait-signal to consumer
INFO [publish] pipeline/retry.go:191 done
INFO [publish] pipeline/retry.go:166 retryer: send wait signal to consumer
INFO [publish] pipeline/retry.go:168 done
I am running a winlogbeat collector from the same Windows Server to Graylog without any problems.
Any tips on what could be the problem here?
Greetings,
Tom
