Filebeat無法連接到另一台伺服器上的logstash

Filebeat ( 11.11.11.11) 無法連接到22.22.22.22另一台伺服器 ( ) 上的 logstash ( connection reset by peer)。但是來自其他伺服器的 filebeat 服務可以做到這一點。

我也可以11.11.11.11使用telnet從這個伺服器（ ）連接到這個埠（telnet 22.22.22.22 5044）。

我可以"failed":34816,"total":34816在 filebeat 日誌中看到：

root@stage /var/log/filebeat # tail filebeat
2018-05-09T08:30:48.298Z    INFO    [monitoring]    log/log.go:124  Non-zero metrics in the last 30s    {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2390,"time":2392},"total":{"ticks":539690,"time":539696,"value":539690},"user":{"ticks":537300,"time":537304}},"info":{"ephemeral_id":"e0b9a5bb-4446-4ee1-a6f4-e2b0ccfb1677","uptime":{"ms":2340029}},"memstats":{"gc_next":205064832,"memory_alloc":146205312,"memory_total":29895393656}},"filebeat":{"harvester":{"open_files":39,"running":48}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"batches":17,"failed":34816,"total":34816},"write":{"bytes":17029928,"errors":17}},"pipeline":{"clients":3,"events":{"active":4119,"retry":69632}}},"registrar":{"states":{"current":139}},"system":{"load":{"1":0.24,"15":0.43,"5":0.31,"norm":{"1":0.03,"15":0.0538,"5":0.0388}}}}}}
2018-05-09T08:30:48.391Z    ERROR   pipeline/output.go:92   Failed to publish events: write tcp 11.11.11.11:34626->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:49.943Z    ERROR   logstash/async.go:235   Failed to publish events caused by: write tcp 11.11.11.11:34632->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:50.943Z    ERROR   pipeline/output.go:92   Failed to publish events: write tcp 11.11.11.11:34632->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:51.383Z    ERROR   logstash/async.go:235   Failed to publish events caused by: write tcp 11.11.11.11:34634->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:52.383Z    ERROR   pipeline/output.go:92   Failed to publish events: write tcp 11.11.11.11:34634->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:53.942Z    ERROR   logstash/async.go:235   Failed to publish events caused by: write tcp 11.11.11.11:34636->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:54.942Z    ERROR   pipeline/output.go:92   Failed to publish events: write tcp 11.11.11.11:34636->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:55.407Z    ERROR   logstash/async.go:235   Failed to publish events caused by: write tcp 11.11.11.11:34654->22.22.22.22:5044: write: connection reset by peer
2018-05-09T08:30:56.407Z    ERROR   pipeline/output.go:92   Failed to publish events: write tcp 11.11.11.11:34654->22.22.22.22:5044: write: connection reset by peer

filebeat 已經是最新版本（6.2.4）。

logstash 已經是最新版本 (1:6.2.4-1)。

如何解決或調查？

更新：

如果我關閉logstash，錯誤會發生變化：

ERROR   pipeline/output.go:74   Failed to connect:
dial tcp 22.22.22.22:5044: getsockopt: connection refused

對此不確定，但可以肯定的是，您可以啟用調試以獲取更多資訊：

https://www.elastic.co/guide/en/beats/filebeat/current/enable-filebeat-debugging.html

我還會檢查 logstash 和 filebeat 配置：

日誌儲存：

在這種情況下正在接收並且應該具有如下所示的輸入配置

input {
 beats {
   port => "5044"
   ssl  => false
 }
}

確保 logstash 服務有權在機器上打開監聽套接字。檢查它

netstat -l

文件節拍：

檢查filebeat是否指向正確的logstash埠

output:
 logstash:
   hosts: ["22.22.22.22:5044"]

引用自：https://serverfault.com/questions/911440