This is my input config, but I don't get anything passed input in my pipeline or I would see something in my ruby debug output. No errors in the log.
> tcp {
> type => "syslog"
> port => "4000"
> tags => [ "SysLog" ]
> ssl_enable => true
> ssl_cert => "/usr/share/logstash/logstash_site.crt"
> ssl_key => "/usr/share/logstash/logstash-site.key"
> # ssl_extra_chain_certs => ["/usr/share/logstash/logstash_site.ca-bundle"]
> ssl_verify => false
>}
How do I configure my type argument here? is it still just "syslog"??
type doesn’t matter, it can be anything.
you should check the sender for errors after the logstash listen on that port
What do you mean by sender? There are no errors on the source and I can capture the traffic with tcpdump on Logstash..
if you're sure that the traffic has reach logstash on the designated port, then if you configure stdout output, you should see logstash printing the traffic in the stdout.
1 Like
thank you. I do send to stdout but still can't see anything.. Will it print anything even if ssl config is incorrect?
if you're sending output stdout, and not doing any filtering, then yes logstash will print whatever it receives in the input to stdout. If you don't see anything, then I would suspect that there's input problem.
you can try sending(from the source) and receiving the log (with logstash) without ssl to confirm whether it's ssl issue
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.