How to configure "Logstash" syslog

kuckaprozova · December 25, 2018, 2:18pm

I have a question. I started using docker-elk but ı have a problem because Logstash syslog is not working.Actually the default conf file was working.

This using : https://github.com/deviantony/docker-elk

But I was working this way;

nc localhost 5000 </var/log/syslog

But now I want to work on the logstash.conf file but I can't do it

default logstash.conf

input {
  tcp {
    port => 5000
  }
}

## Add your filters / logstash plugins configuration here

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
  }
}

logstash.conf

input {
  file {
    path => "/var/log/syslog"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}

output {
 elasticsearch {
   hosts => ["elasticsearch:9200"]
 }
 stdout { codec => rubydebug }
}

Why does this conf file not work? How do I run it?

thanks in advance

magnusbaeck · December 26, 2018, 9:50pm

So... it's the second configuration file that isn't working?

kuckaprozova · December 27, 2018, 10:08am

Yes.

magnusbaeck · January 6, 2019, 8:09pm

Does the Logstash process running inside the Docker container have access to the host's /var/log/syslog file? Unless you're mounting e.g. /var/log from the host into the container Logstash will attempt to read /var/log/syslog from the container's file system, which most likely isn't what you want.

system · February 3, 2019, 8:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to configure syslog (input) in logstash conf file Logstash docker	8	472	July 27, 2021
Logstash Docker Container Syslog input Logstash docker	3	1196	June 13, 2022
Confused with running Logstash in docker Logstash	8	3091	June 29, 2017
LogStash Not Receiving Logs Logstash docker	1	463	December 30, 2020
Logstash not receiving Docker syslog input Logstash	3	2346	September 24, 2019

How to configure "Logstash" syslog

Related topics