Unless run as root or if you use one of the workarounds, Logstash won't be able to listen to the privileged 514 port. Are you sure Logstash starts up properly with the configuration above?
logstash is not running as root and yes its starting properly. I have Four CentOS machine configured with filebeats and all the logs is being imported nicely and showing on to my KIbana dash board.
Now i have found something into my logstash log,
{:timestamp=>"2016-08-22T11:56:16.685000+0600", :message=>"UDP listener died", :exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:inbind'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-2.0.5/lib/logstash/inputs/udp.rb:67:in udp_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-2.0.5/lib/logstash/inputs/udp.rb:50:inrun'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:334:in inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:328:instart_input'"], :level=>:warn}`
syslog plugin for logstash input has already been installed.
I have changed the port from 514/udp to 9995/udp and reload the logstash service from the server and also reconfigured the router to send syslog with the respective port.
Now the error "UDP listener died" isnt showing but there is no log of router.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
and yes its starting properly. I have Four CentOS machine configured with filebeats and all the logs is being imported nicely and showing on to my KIbana dash board.