Skip to content

Commit

Permalink
[DOC] Add firewall as possible troubleshooting issue (elastic#21743)
Browse files Browse the repository at this point in the history
* [DOC] Add firewall as possible troubleshooting issue

In case a firewall closes long persistent connections between Beats & Logstash, errors such as `write tcp ... write: connection reset by peer` will be reported by a given Beat.
This documentation page should be useful to identify this kind of issues.

* Update shared-faq.asciidoc

Amend

* Update libbeat/docs/shared-faq.asciidoc

Co-authored-by: DeDe Morton <[email protected]>

* Update libbeat/docs/shared-faq.asciidoc

Co-authored-by: DeDe Morton <[email protected]>

* Update libbeat/docs/shared-faq.asciidoc

Co-authored-by: DeDe Morton <[email protected]>

* Make title more descriptive

Co-authored-by: Luca Belluccini <[email protected]>

Co-authored-by: DeDe Morton <[email protected]>
  • Loading branch information
lucabelluccini and dedemorton authored Oct 21, 2020
1 parent a10dca7 commit 5935293
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions libbeat/docs/shared-faq.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,27 @@ connect to the Lumberjack input plugin. To learn how to install and update
plugins, see {logstash-ref}/working-with-plugins.html[Working with plugins].
endif::[]

ifndef::no-output-logstash[]
[[publishing-ls-fails-connection-reset-by-peer]]
=== Publishing to {ls} fails with "connection reset by peer" message

{beatname_uc} requires a persistent TCP connection to {ls}. If a firewall interferes
with the connection, you might see errors like this:

[source,shell]
----------------------------------------------------------------------
Failed to publish events caused by: write tcp ... write: connection reset by peer
----------------------------------------------------------------------


To solve the problem:

* make sure the firewall is not closing connections between {beatname_uc} and {ls}, or
* set the `ttl` value in the <<logstash-output,{ls} output>> to a value that's
lower than the maximum time allowed by the firewall, and set `pipelining` to 0
(pipelining cannot be enabled when `ttl` is used).
endif::[]

ifndef::no-output-logstash[]
[[metadata-missing]]
=== @metadata is missing in {ls}
Expand Down

0 comments on commit 5935293

Please sign in to comment.