How to run Logstash-forwarder from client machine

Question

I am new to logstash. I installed elasticsearch, kibana, logstash and logstash-forwarder in Ubuntu from this tutorial everything is fine while running on the local machine. Now I want to include log file from another system so I installed logstash-forwarder on client machine but it fails to run. I cannot able to figure out mistake. In client machine I didn`t install logstash since logstash is running on server.If anything I misunderstood please let me know. What would be the configuration of server and client access.

Logstash forwarder in client:

{
  "network": {
    "servers": [ "server_ip_addr:5000" ],
    "timeout": 15,
    "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt"
  },
  "files": [
    {
      "paths": [
        "/var/log/syslog",
        "/var/log/auth.log"
       ],
      "fields": { "type": "syslog" }
    }
   ]
}

Thanks

Answer 1

Install logstash-forwarder is enough.

Here are the ways to troubleshooting your problem.

1. Check if logstash is running on port 5000

Login logstash server, and run :

telnet localhost 5000

If you can't telnet, then make sure, logstash service is running properly.

2. Check if there are firewall issue between clients and logstash server.

Login client (where you installed forwarder on it)

telnet server_ip_addr 5000

If you can't, you need open the firewall port 5000 between client to logstash server.

3. In config file, the file part is fine, could you update the network part,

Let me know the result

"network": {
    "servers": [ "server_ip_addr:5000" ],
    "timeout": 15,
    "ssl certificate": "/etc/pki/tls/certs/logstash-forwarder.crt",
    "ssl key": "/etc/pki/tls/certs/logstash-forwarder.key",
    "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt"
  },