Winfilebeat: Failed to connect to backoff - EOF

Hi All,

So, I am trying to collect Windows Firewall Logs on a Windows 2012R2 Server with the Sidecar filebeat collector.

Collector is configured liked this:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

- type: log
  enabled: true
    - C:\Windows\System32\LogFiles\Firewall\pfirewall.log

  hosts: ["XXX.XX.XXX.XX:5045"]

  data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
  logs: C:\Program Files\Graylog\sidecar\logs

There is a filebeat Input running at port 5045 on the Graylog server.

Graylog sidecar filebeat backend service is started and running at the Windows Server.

When i look in the filebeat logs at the Windows server i see several of these entries:

ERROR	pipeline/output.go:100	Failed to connect to backoff(elasticsearch(http://XXX.XX.XXX.XX:5036)): Get http://XXX.XX.XXX.XX:5036: EOF
INFO	pipeline/output.go:93	Attempting to reconnect to backoff(elasticsearch(http://XXX.XX.XXX.XX:5036)) with 4 reconnect attempt(s)
INFO	[publish]	pipeline/retry.go:189	retryer: send unwait-signal to consumer
INFO	[publish]	pipeline/retry.go:191	  done
INFO	[publish]	pipeline/retry.go:166	retryer: send wait signal to consumer
INFO	[publish]	pipeline/retry.go:168	  done

I am running a winlogbeat collector from the same Windows Server to Graylog without any problems.
Any tips on what could be the problem here?



the output is not “elasticsearch” it is “logstash” …

Thanks a lot, that solved it. Working perfectly now :grinning:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.