hi
i ha ve a problem when i run logstash5.6.8version ,i cant slove.
this is my configure
error:
Error: Permission denied
[2018-03-13T16:52:47,053][ERROR][logstash.pipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Tcp port=>810, type=>"huosusdklog", host=>"172.16.15.19", id=>"229060643949c25879b43fc13c94ccdbf01f5414-13", enable_metric=>true, codec=><LogStash::Codecs::Line id=>"line_01b5ed6d-1b2b-4cd2-ada9-cbba17195489", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, data_timeout=>-1, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=>>
Error: Permission denied
[2018-03-13T16:52:47,053][ERROR][logstash.pipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Tcp port=>809, type=>"bilog", host=>"172.16.15.19", codec=><LogStash::Codecs::JSON id=>"json_c6e6bb25-d2a9-4104-a212-4c92e48b3f98", enable_metric=>true, charset=>"UTF-8">, id=>"229060643949c25879b43fc13c94ccdbf01f5414-12", enable_metric=>true, data_timeout=>-1, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=>>
Error: Permission denied
[2018-03-13T16:52:47,053][ERROR][logstash.pipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Tcp port=>802, type=>"php_err", host=>"172.16.15.19", id=>"229060643949c25879b43fc13c94ccdbf01f5414-3", enable_metric=>true, codec=><LogStash::Codecs::Line id=>"line_91acd361-2007-45ca-bc12-fa9988fa95d0", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, data_timeout=>-1, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=>>
Error: Permission denied
input {
tcp {
port => 800
type => business
host => "172.16.15.19"
}
tcp {
port => 801
type => nginx_log
host => "172.16.15.19"
}
tcp {
port => 802
type => php_err
host => "172.16.15.19"
}
tcp {
port => 803
type => php_slow
host => "172.16.15.19"
}
tcp {
port => 804
type => ali_cdn
host => "172.16.15.19"
codec => plain{ charset => "CP936" }
}
..................
}
tcp{
port => 808
type => inter_flow
host => "172.16.15.19
}
beats {
host => "120.25.167.206"
port => 811
}
}
filter {
if [type] == "business"{
ruby {
init => "@kname = ['hostname','log_name','log_timestamp','log_level','event']"
code => "new_event = LogStash::Event.new(Hash[@kname.zip(event['message'].split('#'))]); new_event.remove('@timestamp');event.append(new_event)"
remove_field => ["message","@version","host"]
}
date {
match => ["log_timestamp" , "ISO8601"]
}
}
if [type] == "nginx_log"{
grok {
match => { "message" => "(?:%{NOTSPACE:remote_addr}|-) - (?:%{USER:user}|-) [%{HTTPDATE:log_timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:status} (?:%{NUMBER:body_bytes_sent}|-) %{QS:referrer}%{QS:agent} (?:%{IP3:http_x_forwarded_for}|%{IP2:http_x_forwarded_for}|%{IP:http_x_forwarded_for}|-) %{NOTSPACE:http_head} %{NOTSPACE:hostname} %{NOTSPACE:upstream_response_time} %{NUMBER:request_time} %{NOTSPACE:post_part}" }
match => { "message" => "(?:%{NOTSPACE:remote_addr}|-) - (?:%{USER:user}|-) \[%{HTTPDATE:log_timestamp}\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:status} (?:%{NUMBER:body_bytes_sent}|-) %{QS:referrer}%{QS:agent} (?:%{IP3:http_x_forwarded_for}|%{IP2:http_x_forwarded_for}|%{IP:http_x_forwarded_for}|-) %{NOTSPACE:http_head} %{NOTSPACE:hostname} %{NOTSPACE:upstream_response_time} %{NUMBER:request_time}" }
}
if [request] {
ruby {
init => "@kname = ['uri','url_args']"
code => "new_event = LogStash::Event.new(Hash[@kname.zip(event['request'].split('?'))]); new_event.remove('@timestamp');event.append(new_event)"
remove_field => ["request","message","@version","host","user"]
}
}
date { match => ["log_timestamp" , "dd/MMM/yyyy:HH:mm:ss Z"] }
mutate {
convert => [
"status" , "integer",
"body_bytes_sent" , "integer",
"request_time", "float",
"upstream_response_time", "float"
]
}
date {
match => ["timestamp" , "ISO8601"]
}
mutate { gsub => [ "post_part", "password=[^&]+", "password=@@@@@@@" ] }
}
if [type] == "command" {
grok {
match => {"message" => "%{GREEDYDATA:xx}: : %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE:hostname} %{USERNAME:user}@%{NOTSPACE:tty} %{IPV4:chient_ip} %{NUMBER:client_port} %{IPV4:server_ip} %{NUMBER:server_port} %{GREEDYDATA:command}"}
remove_field => ['message','port','host','@version','xx','tags']
}
grok {
match => {"message" => "%{GREEDYDATA:xx}: : %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE:hostname} %{USERNAME:user}@\s+%{GREEDYDATA:command}"}
remove_field => ['message','port','host','@version','xx','tags']
}
date { match => ["log_timestamp" , "yyyy-MM-dd HH:mm:ss"] }
}
if [type] == "renyun"{
ruby {
init => "@kname = ['hostname','file_path','msg']"
code => "new_event = LogStash::Event.new(Hash[@kname.zip(event['message'].split('#'))]); new_event.remove('@timestamp');event.append(new_event)"
remove_field => ["port","message","@version","host"]
}
}
if [type] == "inter_flow" {
grok {
match => { "message" => "%{NOTSPACE:hostname} %{TIMESTAMP_ISO8601:log_timestamp} %{IP:eth0_ip} %{NUMBER:eth0_in} %{NUMBER:eth0_out} %{IP:eth1_ip} %{NUMBER:eth1_in} %{NUMBER:eth1_out}" }
remove_field => ["message","@version","host"]
}
mutate {
convert => [
"eth0_in" , "integer",
"eth0_out" , "integer",
"eth1_in", "integer",
"eth1_out", "integer"
]
}
date {
match => [ "log_timestamp" , "yyyy-MM-dd HH:mm:ss" ]
}
}
.......
}
anyone have idea how to slove this error