ERR SSL client failed to connect with: dial tcp 192.168.1.10:5044: getsockopt: connection refused

April 25, 2016 3.2k views
Security Elasticsearch Ubuntu

Hi ,
I try to connect to ELK server from my server client but I get this error when I restart my filebeat daemon :

  • Restarting Sends log files to Logstash or directly to Elasticsearch. filebeat 2016/04/25 12:27:55.381622 transport.go:125: ERR SSL client failed to connect with: dial tcp 192.168.1.10:5044: getsockopt: connection refused

Can any one help me ?

1 comment
  • Hi @benchaabenwissem!

    Is 192.168.1.10 the IP of the machine that is running Logstash/ElasticSearch? Are both machines on the same local network? Can you please post the output of the following command when run on 192.168.1.10 so that we can see if the issue is related to a firewall rule?

    sudo iptables -L -n
    
1 Answer

Hi, i have the same error :
localhost /usr/bin/filebeat[80858]: transport.go:125: SSL client failed to connect with: dial tcp 172.16.1.133:5044: getsockopt: connection refused"

both of machines running on the same cluster (local)
input {
beats {
port => 5044
ssl => true
sslcertificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl
key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "DooperaLog" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
geoip {
source => "clientip"
}
}

}

output {
if [type] == "DooperaLog" {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
managetemplate => false
index => "Doopera-%{+YYYY.MM.dd}"
document
type => "%{[@metadata][type]}"
}
}

}

that's work with syslog configuration and i have filebeat*xxxxx output but when i change to matching with my what i need i don't see anything.

Any help please ?

Have another answer? Share your knowledge.