I tested upgrade of ELK stack to V5.6.8 from V5.2.2 running on Centos 7 VM . Elasticsearch upgrade & Kibana upgrade Went fine ..But logstash ran into issue details below
testing Logatsh config :
input {
udp {
type => "arista"
port => "514"
host => "x.x.x.x"
}
tcp {
ssl_verify => false
type => "arista"
port => "514"
host => "x.x.x.x"
}
}
output {
if [type] == "arista" {
elasticsearch {
ssl => false
ssl_certificate_verification => false
hosts => ["x.X.X.X:9200"]
index => "ipsla-%{+YYYY.MM.dd}"
}
}
}
Error :
[2018-03-11T18:32:44,041][ERROR][logstash.pipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Tcp ssl_verify=>false, type=>"arista", port=>514, host=>"10.67.10.208", id=>"6b81d8f1ee654ee08ae4c5ac55c7a190737fb508-2", enable_metric=>true, codec=><LogStash::Codecs::Line id=>"line_923f272b-69ab-4156-a39d-5c12be7043aa", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, data_timeout=>-1, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_key_passphrase=>>
Error: Permission denied
When i enable only UDP port on the logstash config it gives me another error
[2018-03-11T18:40:23,004][WARN ][logstash.inputs.udp ] UDP listener died {:exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:164:in bind'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.2.1/lib/logstash/inputs/udp.rb:95:in
udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.2.1/lib/logstash/inputs/udp.rb:56:in run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:470:in
inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:463:in `start_input'"]}
What will be the reason for the issue ? ...Please help