How to configure "Logstash" syslog

kuckaprozova · December 25, 2018, 2:18pm

I have a question. I started using docker-elk but ı have a problem because Logstash syslog is not working.Actually the default conf file was working.

This using : https://github.com/deviantony/docker-elk

But I was working this way;

nc localhost 5000 </var/log/syslog

But now I want to work on the logstash.conf file but I can't do it

default logstash.conf

input {
  tcp {
    port => 5000
  }
}

## Add your filters / logstash plugins configuration here

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
  }
}

logstash.conf

input {
  file {
    path => "/var/log/syslog"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}

output {
 elasticsearch {
   hosts => ["elasticsearch:9200"]
 }
 stdout { codec => rubydebug }
}

Why does this conf file not work? How do I run it?

thanks in advance

magnusbaeck · December 26, 2018, 9:50pm

So... it's the second configuration file that isn't working?

kuckaprozova · December 27, 2018, 10:08am

Yes.

magnusbaeck · January 6, 2019, 8:09pm

Does the Logstash process running inside the Docker container have access to the host's /var/log/syslog file? Unless you're mounting e.g. /var/log from the host into the container Logstash will attempt to read /var/log/syslog from the container's file system, which most likely isn't what you want.

system · February 3, 2019, 8:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.