I am unsure what I am doing wrong. Any help is much appreciated:
Logstash cmd: [root@logstash bin]# ./logstash -f /etc/logstash/conf.d/rsyslog.conf --config.reload.automatic
Logstash Error1:
[ERROR] 2019-09-10 13:48:13.716 [[main]<tcp] javapipeline - A plugin had an unrecoverable error. Will restart this plugin. Pipeline_id:main Plugin: <LogStash::Inputs::Tcp host=>"10.10.69.33", codec=><LogStash::Codecs::JSON id=>"json_1a9f0a72-71d8-4fb4-aab8-4428fdc49a80", enable_metric=>true, charset=>"UTF-8">, id=>"c7fdbc85088d3782739655cee941b6eec9998ea10591083aee85553b71bafd8c", type=>"rsyslog", port=>10514, enable_metric=>true, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=><password>, tcp_keep_alive=>false, dns_reverse_lookup_enabled=>true> Error: Cannot assign requested address Exception: Java::JavaNet::BindException Stack: sun.nio.ch.Net.bind0(Native Method)
Logstash Error2:
[ERROR] 2019-09-10 13:48:18.059 [[main]<tcp] rejectedExecution - Failed to submit a listener notification task. Event loop shut down? java.util.concurrent.RejectedExecutionException: event executor terminated at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:821) ~[logstash-input-tcp-6.0.3.jar:?]
rsyslog.conf:
`
# The # character at the beginning of a line indicates a comment. Use
# comments to describe your configuration.
input {
tcp {
host => "10.10.69.33"
port => "10514"
codec => "json"
type => "rsyslog"
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
# if [type] == "rsyslog" {
# grok {
# match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
# add_field => [ "received_at", "%{@timestamp}" ]
# add_field => [ "received_from", "%{host}" ]
# }
# date {
# match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
# }
# }
}
output {
if [type] == "rsyslog" {
elasticsearch {
hosts => [ "10.10.69.20:9200" ]
}
}
}
`
Followed the elastic guide here fine: Parsing Logs with Logstash
Having problems with this Elastic Guide: How To Centralize Logs with Rsyslog, Logstash, and Elasticsearch on Ubuntu 14.04
I think my rsyslog is setup fine as I see the dev FW logs flowing in np. I believe I also have disabled the firewalls. These are dev sandboxes. I am using CentOS and the guide is for Ubuntu, but I believe it is fine/Ihave taken it into account.
As for the error, how do I fix Java Plugins? I am using Java 11 and it is installed fine I believe.