无法连接回退(async(tcp://ip:5044)):拨打tcp ip:5044:I/O超时 [英] Failed to connect to backoff(async(tcp://ip:5044)): dial tcp ip:5044: i/o timeout

问题描述

Filebeat在机器B上运行，该文件读取日志并在机器A上推送到ELK logstash.

Filebeat is running on Machine B which read logs and push to ELK logstash on Machine A.

但是在Machine B filebeat日志中，它显示错误i/o timeout

But in the Machine B filebeat log, it shows the error i/o timeout

2019-08-24T12:13:10.065+0800    ERROR   pipeline/output.go:100  Failed to connect to backoff(async(tcp://example.com:5044)): dial tcp xx.xx.xx.xx:5044: i/o timeout 
2019-08-24T12:13:10.065+0800    INFO    pipeline/output.go:93   Attempting to reconnect to backoff(async(tcp://example.com:5044)) with 1 reconnect attempt(s)

我已经检查了机器A上的logtash，该机器运行良好，可以在0 0.0.0.0:5044

I've check the logstash on Machine A which running well, can listening on 0 0.0.0.0:5044

这是logstash日志

Here is the logstash log

[INFO ] 2019-08-24 12:09:35.217 [[main]-pipeline-manager] beats - Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}

这是netstat输出，

$ sudo netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5044            0.0.0.0:*               LISTEN      20668/java

我还检查计算机A上的防火墙是否已关闭.

I also check the firewall on Machine A is closed.

$ firewall-cmd --list-all
FirewallD is not running

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination

我也使用telnet连接机器A，但是我明白了，

I also use telnet to connect Machine A, But I get this,

$ telnet example.com 5044
Trying xx.xx.xx.xx...
telnet: connect to address xx.xx.xx.xx: Connection timed out

我在机器A(本地)上以相同的配置运行filebeat，以检查机器B(远程)上的文件beat的配置是否错误，效果很好.

I run the filebeat with same config on Machine A(local) to check it the config for filebeat on Machine B(remote) is wrong, it works well.

2019-08-24T14:17:35.195+0800    INFO    pipeline/output.go:95   Connecting to backoff(async(tcp://localhost:5044))
2019-08-24T14:17:35.198+0800    INFO    pipeline/output.go:105  Connection to backoff(async(tcp://localhost:5044)) established

推荐答案

最后，我发现它是由VPS提供程序aliyun引起的，它仅打开了一些通用端口，例如22、80,443.

At last I find it's caused by the VPS Provider aliyun, it only open some common port such 22, 80,443.

我需要登录到阿里云VPS管理页面，并打开5044，以使VPS提供程序绕过5044端口.

I need to login to aliyun VPS management page, and open 5044 to make VPS Provider bypass the 5044 port.

*注意:* 附件:使用ELK配置文件拍子时遇到的其他一些问题.

*Note: * Attachment: some other issues I encountered when config filebeat with ELK.

**问题1:**无法连接到退避(async(tcp://ip:5044)):拨打tcp ip:5044:connect:连接被拒绝

**Issue 1: ** Failed to connect to backoff(async(tcp://ip:5044)): dial tcp ip:5044: connect: connection refused

2019-08-26T10:25:41.955+0800    ERROR   pipeline/output.go:100  Failed to connect to backoff(async(tcp://example.com:5044)): dial tcp xx.xx.xx.xx:5044: connect: connection refused
2019-08-26T10:25:41.955+0800    INFO    pipeline/output.go:93   Attempting to reconnect to backoff(async(tcp://example:5044)) with 2 reconnect attempt(s)

问题2:无法发布事件，原因是:写TCP ip:46890-> ip:5044:写:连接被对等方重置

Issue 2: Failed to publish events caused by: write tcp ip:46890->ip:5044: write: connection reset by peer

2019-08-26T10:28:32.274+0800    ERROR   logstash/async.go:256   Failed to publish events caused by: write tcp xx.xx.xx.xx:46890->xx.xx.xx.xx:5044: write: connection reset by peer
2019-08-26T10:28:33.311+0800    ERROR   pipeline/output.go:121  Failed to publish events: write tcp xx.xx.xx.xx:46890->xx.xx.xx.xx:5044: write: connection reset by peer

问题3: Filebeat错误:伐木工人协议错误和Logstash error: OPENSSL_internal:WRONG_VERSION_NUMBER

Issue 3: Filebeat error: lumberjack protocol error and Logstash error: OPENSSL_internal:WRONG_VERSION_NUMBER

Filebeat日志错误

Filebeat log error,

2019-08-26T08:49:09.505+0800    INFO    pipeline/output.go:95   Connecting to backoff(async(tcp://example.com:5044))
2019-08-26T08:49:09.588+0800    INFO    pipeline/output.go:105  Connection to backoff(async(tcp://example.com:5044)) established
2019-08-26T08:49:09.605+0800    ERROR   logstash/async.go:256   Failed to publish events caused by: lumberjack protocol error
2019-08-26T08:49:09.606+0800    ERROR   logstash/async.go:256   Failed to publish events caused by: client is not connected

Logstash日志，

Logstash log,

[INFO ] 2019-08-26 08:49:29.444 [defaultEventExecutorGroup-4-2] BeatsHandler - [local: 0.0.0.0:5044, remote: undefined] Handling exception: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
[WARN ] 2019-08-26 08:49:29.445 [nioEventLoopGroup-2-7] DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
        ...

所有这三个问题都是由未命中配置引起的，这是可行的配置，

All the three issues are caused by miss configuration, here is the workable config,

logstash版本

logstash version,

/usr/share/logstash/bin/logstash -V
logstash 7.3.1

文件格式版本

/usr/share/filebeat/bin/filebeat version
filebeat version 7.3.1 (amd64), libbeat 7.3.1 [a4be71b90ce3e3b8213b616adfcd9e455513da45 built 2019-08-19 19:30:50 +0000 UTC]

logstash conf文件/etc/logstash/conf.d/beat.conf

logstash conf file /etc/logstash/conf.d/beat.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate_authorities => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
    ssl_verify_mode => "peer"
  }
}

output {
  elasticsearch {
    hosts => "http://127.0.0.1:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

filebeat conf文件/etc/filebeat/filebeat.yml

filebeat conf file /etc/filebeat/filebeat.yml

#=========================== Filebeat inputs =============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /data/error_logs/Log_error_201908


#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["example.com:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

  # Certificate for SSL client authentication
  ssl.certificate: "/etc/pki/tls/certs/logstash-forwarder.crt"

  # Client Certificate Key
  ssl.key: "/etc/pki/tls/private/logstash-forwarder.key"

这篇关于无法连接回退(async(tcp://ip:5044)):拨打tcp ip:5044:I/O超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！