Javapipeline unrecoverable error - Logstash

I am unsure what I am doing wrong. Any help is much appreciated:
Logstash cmd: [root@logstash bin]# ./logstash -f /etc/logstash/conf.d/rsyslog.conf --config.reload.automatic
Logstash Error1:
[ERROR] 2019-09-10 13:48:13.716 [[main]<tcp] javapipeline - A plugin had an unrecoverable error. Will restart this plugin. Pipeline_id:main Plugin: <LogStash::Inputs::Tcp host=>"10.10.69.33", codec=><LogStash::Codecs::JSON id=>"json_1a9f0a72-71d8-4fb4-aab8-4428fdc49a80", enable_metric=>true, charset=>"UTF-8">, id=>"c7fdbc85088d3782739655cee941b6eec9998ea10591083aee85553b71bafd8c", type=>"rsyslog", port=>10514, enable_metric=>true, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=><password>, tcp_keep_alive=>false, dns_reverse_lookup_enabled=>true> Error: Cannot assign requested address Exception: Java::JavaNet::BindException Stack: sun.nio.ch.Net.bind0(Native Method)
Logstash Error2:
[ERROR] 2019-09-10 13:48:18.059 [[main]<tcp] rejectedExecution - Failed to submit a listener notification task. Event loop shut down? java.util.concurrent.RejectedExecutionException: event executor terminated at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:821) ~[logstash-input-tcp-6.0.3.jar:?]
rsyslog.conf:
`
# The # character at the beginning of a line indicates a comment. Use
# comments to describe your configuration.
input {
tcp {
host => "10.10.69.33"
port => "10514"
codec => "json"
type => "rsyslog"
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
# if [type] == "rsyslog" {
# grok {
# match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
# add_field => [ "received_at", "%{@timestamp}" ]
# add_field => [ "received_from", "%{host}" ]
# }
# date {
# match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
# }
# }
}
output {
if [type] == "rsyslog" {
elasticsearch {
hosts => [ "10.10.69.20:9200" ]
}
}
}

`
Followed the elastic guide here fine: Parsing Logs with Logstash
Having problems with this Elastic Guide: How To Centralize Logs with Rsyslog, Logstash, and Elasticsearch on Ubuntu 14.04
I think my rsyslog is setup fine as I see the dev FW logs flowing in np. I believe I also have disabled the firewalls. These are dev sandboxes. I am using CentOS and the guide is for Ubuntu, but I believe it is fine/Ihave taken it into account.

As for the error, how do I fix Java Plugins? I am using Java 11 and it is installed fine I believe.

Apologies I think it is somethign with enabling TCP port 10514 on the host...firewalld is off though hmmm.

I can't figure it out...I have the firewall disabled and port 10514 is in the services file? WHat gives? ANyone?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.