How to send syslogs to logstash

red888 · July 14, 2017, 8:33pm

I want to send syslog data to logstash.

I'm trying to do this with the beats Syslog Output Plugin.

filebeat config:

filebeat:
  prospectors:
    -
      paths:
        - /var/log/messages
        - /var/log/audit/audit.log
      document_type: syslog
output:
  type: syslog
  syslog:
    network: udp
    raddr: ["localhost:1234"]

logstash config:

input {
  tcp {
    port => "1234"
    type => syslog
  }
}

Something must be wrong because filebeat wont start and I get these errors:
ERR Failed to publish events caused by: write tcp 127.0.0.1:55350->127.0.0.1:9999: write: connection reset by peer

magnusbaeck · July 14, 2017, 9:12pm

You seem to have configured Filebeat to send to localhost:1234 via UDP yet the error message indicates it's localhost:9999 via TCP. Are you really running the configuration you think you are?

red888 · July 17, 2017, 5:35am

Ah sorry that's a typo, the error did say the same port

system · August 14, 2017, 5:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending logs to syslog using logstash Logstash	17	854	July 7, 2023
Receive multiple Logstash inputs with TCP, UDP and Beats Beats filebeat	7	3433	November 15, 2021
Filebeat Syslog isn't Opening Port Beats filebeat	5	1265	June 3, 2021
Winlogbeat to syslog Beats winlogbeat	2	3203	January 11, 2017
Filebeat is not sending logs to Logstash, logstash is localhost Elasticsearch	2	712	October 1, 2020

How to send syslogs to logstash

Related topics