Hello,
I get the following error on logstash logs;
[2024-03-04T13:38:54,437][ERROR][logstash.filters.geoip.downloadmanager] Permission denied - /var/lib/logstash/plugins/filters/geoip/1709555933 {:cause=>nil}
[2024-03-04T13:38:54,592][ERROR][logstash.filters.geoip.downloadmanager] Permission denied - /var/lib/logstash/plugins/filters/geoip/1709555933 {:cause=>nil}
The filters show geip_expired_database. No database has been defined manually. Could the permission denied be a firewall issue?
No, this means that Logstash cannot read/remove/create the specified file because of file permissions.
How are you running Logstash? Are you running logstash as a service with systemctl? Did you ran Logstash as the root user or with a sudo at any point?
chown -R logstash: /var/lib/logstash/plugins/filters/[2024-03-04T14:12:51,305][INFO ][logstash.filters.geoip.databasemanager] /var/lib/logstash/plugins/filters/geoip/1662379503 is deleted
[2024-03-04T14:12:51,370][INFO ][logstash.filters.geoip.databasemanager][main] By not manually configuring a database path with `database =>`, you accepted and agreed MaxMind EULA. For more details please visit https://www.maxmind.com/en/geolite2/eula
[2024-03-04T14:12:51,372][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/var/lib/logstash/plugins/filters/geoip/1709557966/GeoLite2-City.mmdb"}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.