How to gather logs from a router

Hari_Krishna · April 18, 2020, 4:50pm

I have a Juniper router from which i have to send logs to logstash.
What should i do in this case

warkolm · April 19, 2020, 11:24pm

It should be able to send logs to a network based syslog destination, so use the syslog input.

Hari_Krishna · April 20, 2020, 4:27am

Hi,
What is the port number should i use?

And also i'm running the logstash in a virtual box

warkolm · April 20, 2020, 5:46am

Usually something over 1024, as that will be an unprivileged port, so you don't need to run as root.

Hari_Krishna · April 20, 2020, 6:20am

Hi,

input {
    syslog {
            host => "10.216.131.209"
            type => "syslog"
            port => 10514
          }
    }

I set the port number to 10514 but it gives me this warning

Apr 11 15:09:29 hari-VirtualBox logstash[20457]: [2020-04-11T15:09:29,496][INFO ][logstash.inputs.syslog   ][main] Starting syslog tcp listener {:address=>"10.216.131.209:10514"}
Apr 11 15:09:29 hari-VirtualBox logstash[20457]: [2020-04-11T15:09:29,499][WARN ][logstash.inputs.syslog   ][main] syslog listener died {:protocol=>:tcp, :address=>"10.216.131.209:10514", :exception=>#<Errno::EADDRNOTAVAIL: Cannot assign requested address - bind - Cannot assign requested address>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:127:in `initialize'", "org/jruby/RubyIO.java:878:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:167:in `tcp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in `server'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:114:in `block in run'"]}

warkolm · April 20, 2020, 6:45am

Is that port taken already?

Hari_Krishna · April 20, 2020, 6:53am

No it is not taken

warkolm · April 20, 2020, 6:57am

Is that IP allocated to an interface on the host?

Hari_Krishna · April 20, 2020, 7:06am

Hi,
It's the IP of the router from which i must collect logs.

I'm sorry. I'm just learning the basics of networking. So please guide me if i'm wrong.

warkolm · April 20, 2020, 7:08am

No worries

So the host value is the interface (IP) on the host that Logstash runs on. That is, it's the IP and port that you want to listen on. You'd then configure the router to send to that IP and port.

Hari_Krishna · April 20, 2020, 7:44am

Thanks warkolm. I dont see the error now.

Is it possible to configure the router to send logs to virtualbox's IP(in my case i'm running the logstash on a virtual box)

warkolm · April 20, 2020, 7:45am

Most likely, you'd need to check the Juniper docs on that

Hari_Krishna · April 20, 2020, 7:45am

sure. thanks

system · May 18, 2020, 7:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error in gathering syslogs from router Logstash	3	985	May 18, 2020
Gather Syslogs from a router Logstash	13	10011	July 6, 2017
Receiving messages from remote syslog using logstash Logstash	1	144	October 6, 2023
Permission denied error while collecting logs from external ip Logstash	10	5597	June 4, 2020
Sending Rsyslog data to logstash Logstash	7	1692	November 24, 2020

How to gather logs from a router

Related topics