How do you install the syslog input plugin?

meatwad · September 30, 2018, 11:01pm

Hi,

I got Elastic configured last night and have Logstash listening on port 5000:

$ netstat -aptn |grep LIST |grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 10743/java

I have rsyslog on a different forwarding its logs and using tcpdump, I can see those logs successfully coming in:

15:01:24.857193 IP (tos 0x0, ttl 64, id 8529, offset 0, flags [DF], proto TCP (6), length 288)
192.168.86.2.56978 > 192.168.86.10.5000: Flags [P.], cksum 0x94f0 (correct), seq 3126601903:3126602139, ack 493492715, win 229, options [nop,nop,TS val 197900065 ecr 454460565], length 236
0x0000: 4500 0120 2151 4000 4006 eb29 c0a8 5602 E...!Q@.@..)..V.
0x0010: c0a8 560a de92 1388 ba5c 28af 1d6a 19eb ..V......(..j..
0x0020: 8018 00e5 94f0 0000 0101 080a 0bcb b721 ...............!
0x0030: 1b16 8495 3c34 3e53 6570 2033 3020 3135 ....<4>Sep.30.15
0x0040: 3a30 313a 3234 2061 726e 6f6c 6420 6b65 :01:24.test.ke
0x0050: 726e 656c 3a20 5b31 3832 3032 302e 3637 rnel:.[182020.67
0x0060: 3339 3837 5d20 5b55 4657 2042 4c4f 434b 3987].[UFW.BLOCK
0x0070: 5d20 494e 3d62 7230 204f 5554 3d20 4d41 ].IN=br0.OUT=.MA
0x0080: 433d 3138 3a30 333a 3733 3a34 393a 3064 C=18:03:73:49:0d
0x0090: 3a35 323a 6238 3a33 653a 3539 3a37 383a :52:b8:3e:59:78:
0x00a0: 6130 3a30 363a 3038 3a30 3020 5352 433d a0:06:08:00.SRC=
0x00b0: 3139 322e 3136 382e 3836 2e31 3738 2044 192.168.86.178.D
0x00c0: 5354 3d31 3932 2e31 3638 2e38 362e 3220 ST=192.168.86.2.
0x00d0: 4c45 4e3d 3238 3420 544f 533d 3078 3030 LEN=284.TOS=0x00
0x00e0: 2050 5245 433d 3078 3030 2054 544c 3d36 .PREC=0x00.TTL=6
0x00f0: 3420 4944 3d30 2044 4620 5052 4f54 4f3d 4.ID=0.DF.PROTO=
0x0100: 5544 5020 5350 543d 3139 3030 2044 5054 UDP.SPT=1900.DPT
0x0110: 3d34 3636 3532 204c 454e 3d32 3634 200a =46652.LEN=264..

But I think I need I need the syslog input plugin but I'm not sure how to do that. I've tried 'elasticsearch-plugin install logstash-input-syslog', 'elasticsearch-plugin install input-syslog', and 'elasticsearch-plugin install syslog' but I'm obviously not getting the plugin name right. If anyone could help point me in the right direction, it would be greatly appreciated!

Thanks!

magnusbaeck · October 3, 2018, 6:01pm

Use the logstash-plugin command to install Logstash plugins, not elasticsearch-plugin. See https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html.

system · October 31, 2018, 6:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.