Help with LME #459
Replies: 3 comments
-
|
Sorry we missed this... couple things -- can you create an issue for this instead of a conversation. See here: https://github.com/cisagov/LME/issues Also, can you test connectivity from the WEC to the logstash instance running in docker using something like this: 5044 isn't really important from any linux machine. It MUST work from the WEC -> LME. That the only location this communication happens at Have you actually opened the winlogbeat.yml and review its configuration. It should be pointing to your certs and the correct IP / domain name of the linux machine hosting the docker containers. https://github.com/cisagov/LME/blob/main/Chapter%203%20Files/winlogbeat.yml |
Beta Was this translation helpful? Give feedback.
-
|
You might also be able to run |
Beta Was this translation helpful? Give feedback.
-
|
I should have posted again; I figured it out. Was a network issue with
that needed resolving.
…On Tue, Oct 15, 2024 at 1:52 PM Andrew Arz ***@***.***> wrote:
You might also be able to run docker logs ` and review logs there for
additional information from the other side of things. If you dont see
anything here there may be an issue with it reach logstash
—
Reply to this email directly, view it on GitHub
<#459 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BJZECBFIWR4GRJOWOZIOKC3Z3VP5HAVCNFSM6AAAAABPMEWCXSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTAOJVGE2DQMA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
Brad Johnson
Director of Technology Infrastructure Services
Ankeny Community School District
306 SW School Street
Ankeny Iowa, 50023
515-965-9600
*Ankeny Community School District does not discriminate based on race,
color, creed, religion, national origin, sex, gender identity, age,
disability, marital status, sexual orientation, physical attributes,
physical or mental ability or disability, ancestry, political party
preference, military affiliation, socioeconomic status, or familial status.
Inquiries or grievances may be directed to Kenneth Morris, Equity Director,
306 SW School Street, P.O. Box 189, Ankeny, IA, 50021-0189, (515) 965-9600,
***@***.*** ***@***.***>; or the
Iowa Civil Rights Commission, Grimes State Office Building, Des Moines, IA,
50319-0201, (515) 281-4121; or the U.S. Department of Education, Office for
Civil Rights, 500 West Madison Street, Suite 1475, Chicago, IL 60661*
|
Beta Was this translation helpful? Give feedback.
-
Hello,
For the past few days I have been installing LME. I have my windows clients successfully communicating with the Windows Log collector. I can successfully log into the elastic web interface. However, no data is being sent to the Linux server. I have rebuilt the linux server, but am experiencing the same issue. I am running Ubuntu 22.04. I can see that all three docker services are running correctly. I can see that port 5044 is open and accepting traffic by connecting from a different linux machine. However on the collector, in the programdata\winlogbeat\logs folder, I have the following messages over and over: "failed to connect to backoff(async(tcp://my.hostname:5044)): dial tcp my.ip.add.ress:5044: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.","service.name":"winlogbeat","ecs.version":"1.6.0"
From this same machine, I can succesfully ping the dns and ip address of the linux server, as well as access the web interface via browser. I have the firewall turned off on both machines, so I know it's not a firewall issue.
I have followed every step from the documentation each time, I have moved all certificates and the yml file into the proper location, however the issue persists.
My Ubuntu machine was built from a minimal config, the only thing I added was ssh prior to installing the ELK stack via the command in the documentation.
Please advise.
Beta Was this translation helpful? Give feedback.
All reactions