使用netstat -lntp来看看有侦听在网络某端口的进程。当然,也可以使用 lsof。
Filebeat SSL 證書錯誤

Filebeat SSL 證書錯誤

Filebeat 配置「SSL」證書加密 出現錯誤 ... ERR Failed to publish events

Beatscddisk2017 发表了文章 • 3 个评论 • 11707 次浏览 • 2017-09-08 14:22 • 来自相关话题

各位朋友大家好:   進行配置「Filebeat」證書加密 出現錯誤如下,有哪位朋友遇過此問題可以幫幫忙!   ERR Failed to publish events caused by: read tcp 192.168.1.57:56182->192.168.1.249:5043: wsarecv: An existing connection was forcibly closed by the remote host.   使用過「telnet IP Port」測試「ELK」服務器,確認通訊協議 OK !   Filebeat 配置如檔如下:  (Windows 環境)
filebeat.prospectors:
- input_type: log                      #輸入 type「log」
  paths:
    - D:\Wireshark_Log\*               #指定推送日誌「Log」文件
    
output.logstash:
  hosts: ["192.168.1.249:5043"]         #指定接收Logstash
  tls:
      certificate_authorities:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\logstash\192.168.1.249.crt
      ssl.certificate:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.crt
      ssl.certificate:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.key
以下是「FileBeat」錯誤 日誌
2017-09-08T14:14:57+08:00 ERR Failed to publish events caused by: read tcp 192.168.1.57:56202->192.168.1.249:5043: wsarecv: An existing connection was forcibly closed by the remote host.
2017-09-08T14:14:57+08:00 INFO Error publishing events (retrying): read tcp 192.168.1.57:56202->192.168.1.249:5043: wsarecv: An existing connection was forcibly closed by the remote host.
2017-09-08T14:15:19+08:00 INFO Non-zero metrics in the last 30s: filebeat.harvester.closed=1 filebeat.harvester.open_files=-1 filebeat.harvester.running=-1 libbeat.logstash.call_count.PublishEvents=1 libbeat.logstash.publish.read_errors=1 libbeat.logstash.publish.write_bytes=323 libbeat.logstash.published_but_not_acked_events=5
2017-09-08T14:15:49+08:00 INFO No non-zero metrics in the last 30s
 2017.09.08 感謝 medcl 兄弟幫忙,再次修改如下:
filebeat.prospectors:
- input_type: log                      #輸入 type「log」
  paths:
    - D:\Wireshark_Log\*               #指定推送日誌「Log」文件
    
output.logstash:
  hosts: ["192.168.1.249:5043"]         #指定接收Logstash
  ssl:     # <=== 新版本貌似要改成「SSL」
      certificate_authorities:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\logstash\192.168.1.249.crt
      ssl.certificate:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.crt
      ssl.key: # <===  修正為「ssl.key」      
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.key
以下是「FileBeat」錯誤 日誌
2017-09-08T15:40:23+08:00 INFO Non-zero metrics in the last 30s: filebeat.harvester.open_files=1 filebeat.harvester.running=1 filebeat.harvester.started=1 libbeat.logstash.publish.read_bytes=5120 libbeat.logstash.publish.write_bytes=660 libbeat.publisher.published_events=20
2017-09-08T15:40:29+08:00 ERR Connecting error publishing events (retrying): x509: certificate is valid for 192.168.1.57, not 192.168.1.249
2017-09-08T15:40:53+08:00 INFO Non-zero metrics in the last 30s: libbeat.logstash.publish.read_bytes=1024 libbeat.logstash.publish.write_bytes=132
2017-09-08T15:41:01+08:00 ERR Connecting error publishing events (retrying): x509: certificate is valid for 192.168.1.57, not 192.168.1.249
2017-09-08T15:41:23+08:00 INFO Non-zero metrics in the last 30s: libbeat.logstash.publish.read_bytes=1024 libbeat.logstash.publish.write_bytes=132
2017-09-08T15:41:53+08:00 INFO No non-zero metrics in the last 30s
意思是說  证书对 192.168.1.57 有效,而不是192.168.1.249 。 這裡有些不明白...

Filebeat 配置「SSL」證書加密 出現錯誤 ... ERR Failed to publish events

Beatscddisk2017 发表了文章 • 3 个评论 • 11707 次浏览 • 2017-09-08 14:22 • 来自相关话题

各位朋友大家好:   進行配置「Filebeat」證書加密 出現錯誤如下,有哪位朋友遇過此問題可以幫幫忙!   ERR Failed to publish events caused by: read tcp 192.168.1.57:56182->192.168.1.249:5043: wsarecv: An existing connection was forcibly closed by the remote host.   使用過「telnet IP Port」測試「ELK」服務器,確認通訊協議 OK !   Filebeat 配置如檔如下:  (Windows 環境)
filebeat.prospectors:
- input_type: log                      #輸入 type「log」
  paths:
    - D:\Wireshark_Log\*               #指定推送日誌「Log」文件
    
output.logstash:
  hosts: ["192.168.1.249:5043"]         #指定接收Logstash
  tls:
      certificate_authorities:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\logstash\192.168.1.249.crt
      ssl.certificate:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.crt
      ssl.certificate:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.key
以下是「FileBeat」錯誤 日誌
2017-09-08T14:14:57+08:00 ERR Failed to publish events caused by: read tcp 192.168.1.57:56202->192.168.1.249:5043: wsarecv: An existing connection was forcibly closed by the remote host.
2017-09-08T14:14:57+08:00 INFO Error publishing events (retrying): read tcp 192.168.1.57:56202->192.168.1.249:5043: wsarecv: An existing connection was forcibly closed by the remote host.
2017-09-08T14:15:19+08:00 INFO Non-zero metrics in the last 30s: filebeat.harvester.closed=1 filebeat.harvester.open_files=-1 filebeat.harvester.running=-1 libbeat.logstash.call_count.PublishEvents=1 libbeat.logstash.publish.read_errors=1 libbeat.logstash.publish.write_bytes=323 libbeat.logstash.published_but_not_acked_events=5
2017-09-08T14:15:49+08:00 INFO No non-zero metrics in the last 30s
 2017.09.08 感謝 medcl 兄弟幫忙,再次修改如下:
filebeat.prospectors:
- input_type: log                      #輸入 type「log」
  paths:
    - D:\Wireshark_Log\*               #指定推送日誌「Log」文件
    
output.logstash:
  hosts: ["192.168.1.249:5043"]         #指定接收Logstash
  ssl:     # <=== 新版本貌似要改成「SSL」
      certificate_authorities:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\logstash\192.168.1.249.crt
      ssl.certificate:
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.crt
      ssl.key: # <===  修正為「ssl.key」      
      - C:\filebeat-5.5.0-windows-x86_64\ssl\filebeat\192.168.1.57.key
以下是「FileBeat」錯誤 日誌
2017-09-08T15:40:23+08:00 INFO Non-zero metrics in the last 30s: filebeat.harvester.open_files=1 filebeat.harvester.running=1 filebeat.harvester.started=1 libbeat.logstash.publish.read_bytes=5120 libbeat.logstash.publish.write_bytes=660 libbeat.publisher.published_events=20
2017-09-08T15:40:29+08:00 ERR Connecting error publishing events (retrying): x509: certificate is valid for 192.168.1.57, not 192.168.1.249
2017-09-08T15:40:53+08:00 INFO Non-zero metrics in the last 30s: libbeat.logstash.publish.read_bytes=1024 libbeat.logstash.publish.write_bytes=132
2017-09-08T15:41:01+08:00 ERR Connecting error publishing events (retrying): x509: certificate is valid for 192.168.1.57, not 192.168.1.249
2017-09-08T15:41:23+08:00 INFO Non-zero metrics in the last 30s: libbeat.logstash.publish.read_bytes=1024 libbeat.logstash.publish.write_bytes=132
2017-09-08T15:41:53+08:00 INFO No non-zero metrics in the last 30s
意思是說  证书对 192.168.1.57 有效,而不是192.168.1.249 。 這裡有些不明白...