JSON Error

praveen_siem · April 29, 2016, 9:08am

Hello,

We are in a process of OSSEC-ELK integration. We have finished the initial installations. We are facing below issues:

When we are executing the command : service logstash-forwarder start

we are getting the error:

Failed unmarshalling json: json: cannot unmarshal object into Go value of type []main.FileConfig

and the following error as well:

Could not load config file /etc/logstash-forwarder.conf: json: cannot unmarshal object into Go value of type []main.FileConfig

Appreciate your support.

Best Regards-
Praveen K

tudor · April 29, 2016, 9:23am

Note that Logstash Forwarder is deprecated and replaced by Filebeat. Since you seem to be having a new project, you might want to consider using that instead.

praveen_siem · April 29, 2016, 9:52am

Are you suggesting to use filebeat instead of logstash forwarder ? Will it work.?

tudor · April 29, 2016, 10:10am

Yes, they are pretty much equivalent. But you'll need to rework your configuration file, see: https://www.elastic.co/guide/en/beats/filebeat/current/migrating-from-logstash-forwarder.html

praveen_siem · April 29, 2016, 11:00am

Hi Tudor,

I think the configuration file is correct and fine. When we are testing the json script, it is stating as Valid JSON.
By the way i am putting in the code for your reference here:

{
        "network": {
                "servers": ["X.X.X.X:5000"],


                "ssl ca": "/opt/logstash-forwarder/logstash-forwarder.crt",

                "timeout": 15
        },

        "files": {

                "paths": [
                        "/var/ossec/logs/alerts/alerts.json"
                ],

                "fields": {
                        "type": "ossec-alerts"
                }
        }
}

tudor · April 29, 2016, 11:08am

I think files needs to be an array of dictionaries. You only have a dictionary.

praveen_siem · April 29, 2016, 11:20am

Hi,

We put the multiple values in the paths, but still the same results.
NO LUCK.

magnusbaeck · April 30, 2016, 3:32pm

I think you misunderstood Tudor. Please show your most recent configuration.

praveen_siem · May 3, 2016, 10:01am

Hello Magnus,

We have the following configuration:

{
"network": {
"servers": ["X.X.X.X:5000"],

            "ssl ca": "/opt/logstash-forwarder/logstash-forwarder.crt",

            "timeout": 15
    },

    "files": {

            "paths": [
                    "/var/ossec/logs/alerts/*.log"
            ],

            "fields": {
                    "type": "ossec-alerts"
            }
    }

}

And the errors what we are facing from long time is furnished below:

2016/05/03 07:07:43.629399 Failed unmarshalling json: json: cannot unmarshal object into Go value of type []main.FileConfig
2016/05/03 07:07:43.629411 Could not load config file /etc/logstash-forwarder.conf: json: cannot unmarshal object into Go value of type []main.FileConfig

Appreciate your response.

Best Regards-
Praveen K

magnusbaeck · May 3, 2016, 11:46am

As documented, the files configuration option is an array:

"files": [
  {
    "paths": [
      "/var/ossec/logs/alerts/*.log"
    ],
  },
  ...
],

praveen_siem · May 5, 2016, 8:46am

Thanks magnus, it worked.