elasticsearch Barracuda防火墙日志的车队集成

wribegjk  于 11个月前  发布在  ElasticSearch
关注(0)|答案(1)|浏览(90)

我们已经配置了Fleet服务器并添加了弹性代理。输出使用Logstash配置。添加了包含系统集成的代理策略,其工作正常并将日志发送到logstash输出。当我们尝试添加梭子鱼Cloudgen防火墙集成时,集成被添加,但显示以下错误。
文档建议它通过Lumberjack协议接收输出。有伐木工插件有logstash-input-lumberjack和logstash-output-lumberjack。我们需要安装任何这个插件吗?或者它应该以任何其他方式修复,请指导。
以下是弹性代理日志文件中的日志,供参考:
"log.level":"error","@timestamp":"2023-12-08T07:09:38.411Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":857},"message":"Spawned new component lumberjack-default: input not supported","log":{"source":"elastic-agent"},"component":{"id":"lumberjack-default","state":"FAILED"},"ecs.version":"1.6.0"} {"log.level":"error","@timestamp":"2023-12-08T07:09:38.411Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":857},"message":"Spawned new unit lumberjack-default-lumberjack-barracuda_cloudgen_firewall-542abf24-7edb-4c28-852a-b3454c5fa5a7: input not supported","log":{"source":"elastic-agent"},"component":{"id":"lumberjack-default","state":"FAILED"},"unit":{"id":"lumberjack-default-lumberjack-barracuda_cloudgen_firewall-542abf24-7edb-4c28-852a-b3454c5fa5a7","type":"input","state":"FAILED"},"ecs.version":"1.6.0"} {"log.level":"error","@timestamp":"2023-12-08T07:09:38.411Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":857},"message":"Spawned new unit lumberjack-default: input not supported","log":{"source":"elastic-agent"},"component":{"id":"lumberjack-default","state":"FAILED"},"unit":{"id":"lumberjack-default","type":"output","state":"FAILED"},"ecs.version":"1.6.0"

ldxq2e6h

ldxq2e6h1#

正如在Elastic论坛here上向您详细介绍的那样,您必须将弹性代理更新到至少8.7.1版本

相关问题