How to send syslogs to logstash

red888 · July 14, 2017, 8:33pm

I want to send syslog data to logstash.

I'm trying to do this with the beats Syslog Output Plugin.

filebeat config:

filebeat:
  prospectors:
    -
      paths:
        - /var/log/messages
        - /var/log/audit/audit.log
      document_type: syslog
output:
  type: syslog
  syslog:
    network: udp
    raddr: ["localhost:1234"]

logstash config:

input {
  tcp {
    port => "1234"
    type => syslog
  }
}

Something must be wrong because filebeat wont start and I get these errors:
ERR Failed to publish events caused by: write tcp 127.0.0.1:55350->127.0.0.1:9999: write: connection reset by peer

magnusbaeck · July 14, 2017, 9:12pm

You seem to have configured Filebeat to send to localhost:1234 via UDP yet the error message indicates it's localhost:9999 via TCP. Are you really running the configuration you think you are?

red888 · July 17, 2017, 5:35am

Ah sorry that's a typo, the error did say the same port

system · August 14, 2017, 5:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.