Hi,
I have installed logstash 6.7.1 and while logs are being written to /var/log/logstash, they're also being written to syslog. How do I disable this behaviour? OS is ubuntu bionic...
Regards,
D
logstash uses log4j. The default configuration does not write to syslog, it writes to /var/log/logstash and stdout.
I have seen posts before from people with your problem. My guess is that you are running logstash as a service and systemd (or whatever service manager you use) is configured to forward its stdout to /var/log/messages. You could reconfigure systemd, or you could update /etc/logstash/log4j2.properties and comment out the line
rootLogger.appenderRef.console.ref = ${sys:ls.log.format}_console
which will greatly reduce (but not eliminate) output to stdout. Or both.
Ah yes, ForwardtoSyslog was enabled by default. Thanks for the pointer 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.