File Beat error
67 views
Skip to first unread message
Usman Ali
Mar 13, 2024, 8:39:55 AM3/13/24
to Wazuh | Mailing List
Hi friends,
I have installed Fluent bit and File Beat both on Manager, I used fluent bit to send log to Gray log and File Beat to load data on Wazuh dashboard,
1) Is it possible to run both on the same served ?
2) my file beat is not working properly it gives me errors kindly have a look at images i have attached and give me some trouble shoot step to resolve it ASAP
Please Please
Ariel Ojeda
Mar 13, 2024, 3:10:36 PM3/13/24
to Wazuh | Mailing List
Hi Usman,
I hope you are well today!
Was this working properly before? Have you made any changes to the configuration? Have you changed any of the Wazuh passwords?
The message seems to be related to credentials, but we should check the Filebeat logs to get more information:
journalctl -xeu filebeat --no-pager | grep -iE "error|warn|crit"
grep -iE "error|warn|crit" /var/log/filebeat/filebeat*
These two commands can be executed on the Wazuh Manager nodes where Filebeat is running.
To make sure that Filebeat and Fluentbit are not interfering, you could stop the FluentBit service and verify if this solves the error, although it doesn't seem to be related. Please note that Filebeat will send the information to Wazuh-Indexer, not to Wazuh-Dashboard. The Dashboard will display the information stored in Wazuh-Indexer.
I hope this helps!
Usman Ali
Mar 14, 2024, 3:11:56 AM3/14/24
to Wazuh | Mailing List
Hi Ariel,
Thanks for the quick response.
I have run both commands, first command (journalctl -xeu filebeat --no-pager | grep -iE "error|warn|crit") output is as following
Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:03:58 dash.soc.local filebeat[944]: 2024-03-14T12:03:58.840+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:04:30 dash. soc .local filebeat[944]: 2024-03-14T12:04:30.026+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:05:15 dash. soc .local filebeat[944]: 2024-03-14T12:05:15.896+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:06:03 dash.bisp.local filebeat[944]: 2024-03-14T12:06:03.372+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:06:37 dash. soc .local filebeat[944]: 2024-03-14T12:06:37.617+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:07:17 dash. soc .local filebeat[944]: 2024-03-14T12:07:17.349+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:07:51 dash. soc .local filebeat[944]: 2024-03-14T12:07:51.667+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:03:58 dash.soc.local filebeat[944]: 2024-03-14T12:03:58.840+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:04:30 dash. soc .local filebeat[944]: 2024-03-14T12:04:30.026+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:05:15 dash. soc .local filebeat[944]: 2024-03-14T12:05:15.896+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:06:03 dash.bisp.local filebeat[944]: 2024-03-14T12:06:03.372+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:06:37 dash. soc .local filebeat[944]: 2024-03-14T12:06:37.617+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:07:17 dash. soc .local filebeat[944]: 2024-03-14T12:07:17.349+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
Mar 14 12:07:51 dash. soc .local filebeat[944]: 2024-03-14T12:07:51.667+0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.24.21:9200)): 401 Unauthorized: Unauthorized
After running second command ( grep -iE "error|warn|crit" /var/log/filebeat/filebeat*) I got no output
Thanks
Usman Ali
Mar 15, 2024, 3:10:51 AM3/15/24
to Wazuh | Mailing List
any guess whats wrong?
Ariel Ojeda
Mar 20, 2024, 5:15:16 PM3/20/24
to Wazuh | Mailing List
Could you please answer the questions I asked before?
Could you please share your filebeat.yml file?
Please run again like this journalctl -xeu filebeat --no-pager | grep -a5 -iE "error|warn|crit" and share a few entries.
Reply all
Reply to author
Forward
0 new messages