File-input plugin unable to detect changes in nginx access log


(Matthew Jourard) #1

Hi,

I've been trying to get the file input plugin to work with the nginx access log to no avail.

I've confirmed that the logstash user has read and execute access to /var/log/nginx/access.log, and I'm able to use sudo -u logstash tail /var/log/nginx/access.log -f in order to tail and follow the file.

The sincedb file is not being created in the logstash user home directory, and there is no mention of it in the log files.

I've set config.debug: true and log.level: trace

Here is a copy of my config file:

input {
file {
path => ["/var/log/nginx/access.log"]
start_position => "beginning"
type => "nginx_access"
}
}

filter {}

output {
elasticsearch {
hosts => "https://f51f8c6f2f22df11a038cc6759aec814.us-east-1.aws.found.io:9243"
user => "elastic"
password =>
index => "logstash-mattjnginx"
}
}

When I check curl -s 127.0.0.1:9600/_node/stats/?pretty | less, it says there were 0 events registered

I was able to get the logs shipped up using the filebeat input plugin as well through the syslog plugin and rejigging the nginx configuration to send the access logs to syslog, but I'm confused as to why this isn't working.

Also, system specs:
logstash version: 6.1.1
OS: Amazon Linux - Linux version 4.9.62-21.56.amzn1.x86_64 (mockbuild@gobi-build-64013) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)

Any suggestions?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.