Hi, is there any way I can look if my logstash is taking the pakets that arrives at port 5000?
Thanks MrNerd
Add an output, e.g. stdout { codec => rubydebug } that just dumps the raw events.
1 Like
Input configuration:
input {
tcp {
host => "192.168.128.51"
port => 5000
id => "input-1"
}
}
input {
udp {
host => "192.168.128.51"
port => 5000
id => "input-2"
}
}
And here the output configuration:
output {
stdout { codec => rubydebug }
}
the path where everithing this is configured is: "/etc/logstash/conf.d/input.conf"
(Is the same file for input and output), i mean output and input are in input.conf both
Packets are arriving at port 5000.
@magnusbaeck thanks for everything
[2018-05-08T11:10:54,820][INFO ][logstash.inputs.udp ] UDP listener started {:address=>"192.168.128.51:5000", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
How are you starting Logstash? Is 192.168.128.51 the eth0 interface?
yeah why are u asking that?
Because that's where tcpdump is listening. Please answer my other question.
I just use service logstash restart and systemctl restart logstash.service both if i make any change 
Thanks 4 everything btw
Okay. And are you sure you're looking in the right place for the stdout output? I think it ends up in one of the files in /var/log but I don't recall which one. Are you sure Logstash has loaded the expected configuration? Bumping up the loglevel to debug will shows exactly which configuration Logstash loads.
well I do think so but I'm not sure now I'm searching for a guide to send those pakets to elasticsearch.
Thanks you for worry
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.