[cowrie - elastic stack] filebeat trying to send logs to estack server - server replies with reset.
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ping -c 3 192.168.10.33
PING 192.168.10.33 (192.168.10.33) 56(84) bytes of data.
64 bytes from 192.168.10.33: icmp_seq=1 ttl=64 time=0.491 ms
64 bytes from 192.168.10.33: icmp_seq=2 ttl=64 time=0.384 ms
64 bytes from 192.168.10.33: icmp_seq=3 ttl=64 time=0.393 ms
--- 192.168.10.33 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2079ms
rtt min/avg/max/mdev = 0.384/0.422/0.491/0.053 ms
here is nmap output from fed.home:
Code:
nmap -sA -A -sV 192.168.10.33 -p 22,23
Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-09 12:40 EET
Nmap scan report for thug.home (192.168.10.33)
Host is up (0.00033s latency).
PORT STATE SERVICE VERSION
22/tcp unfiltered ssh
23/tcp unfiltered telnet
MAC Address: 00:22:15:04:D3:6E (Asustek Computer)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Apple Mac OS X 10.7.X, FreeBSD 8.X
OS CPE: cpe:/o:apple:mac_os_x:10.7.4 cpe:/o:freebsd:freebsd:8.0
OS details: Apple Mac OS X 10.7.4 (Lion) (Darwin 11.4.0), FreeBSD 8.0-CURRENT
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.33 ms thug.home (192.168.10.33)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.38 seconds
here is tcpdump capture from thug.home:
Code:
tcpdump -vvv tcp port 5045
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:50:10.979015 IP (tos 0x0, ttl 64, id 19292, offset 0, flags [DF], proto TCP (6), length 60)
thug.home.46236 > fed.home.osp: Flags [S], cksum 0x95b6 (incorrect -> 0x4d2d), seq 2241528375, win 29200, options [mss 1460,sackOK,TS val 1896296975 ecr 0,nop,wscale 7], length 0
12:50:10.979564 IP (tos 0x0, ttl 64, id 57265, offset 0, flags [DF], proto TCP (6), length 40)
fed.home.osp > thug.home.46236: Flags [R.], cksum 0xf2d9 (correct), seq 2391754938, ack 2241528376, win 0, length 0
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
any clues to how fix it are appreciated.
ill post conf files if you need em.
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Original Poster
Rep:
logstash-plain.log is filled with these errors:
Code:
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
[2018-02-10T18:14:21,078][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit
[2018-02-10T18:14:28,325][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2018-02-10T18:14:28,328][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-02-10T18:14:28,448][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-02-10T18:14:28,472][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, input, filter, output at line 6, column 1 (byte 132) after ## JVM configuration
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
[2018-02-10T18:14:28,474][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit
[2018-02-10T18:14:36,115][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2018-02-10T18:14:36,119][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-02-10T18:14:36,273][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-02-10T18:14:36,305][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, input, filter, output at line 6, column 1 (byte 132) after ## JVM configuration
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
[2018-02-10T18:14:36,307][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit
EDIT: it was YAML indentation bug, its fixed now.
but this is the error filebeat generates:
Code:
2018-02-10T19:01:00+02:00 INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=10334512 beat.memstats.memory_alloc=5982840 beat.memstats.memory_total=19083712 filebeat.harvester.open_files=3 filebeat.harvester.running=3 libbeat.config.module.running=0 libbeat.pipeline.clients=1 libbeat.pipeline.events.active=4117 registrar.states.current=3
2018-02-10T19:01:03+02:00 ERR Failed to connect: dial tcp 192.168.10.22:5045: getsockopt: connection refused
telnet 192.168.10.22 5045 (connection to logstash server) produces error :
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.