Log4j input plugin

I know it's deprecated.i just wang to use it Conveniently.
when i use it.it run normally.it doesn/t accept any log.
input {
log4j {
mode => "server"
port => 80
}
}
but when i use tcp .it get log and there are many \u0000 in it.
tcp config:
input {
tcp {
port => 80
mode => "server"
ssl_enable => false
type => "log4j-json"
}
}
do you have any suggestion

when i use it.it run normally.it doesn/t accept any log.

Are there any clues in the Logstash log?

but when i use tcp .it get log and there are many \u0000 in it.

Yes, that's expected.

[2017-09-11T17:21:58,366][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://172.16.10.5:8802/]}}
[2017-09-11T17:21:58,371][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://172.16.10.5:8802/, :path=>"/"}
[2017-09-11T17:21:58,465][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#Java::JavaNet::URI:0x1914f8e7}
[2017-09-11T17:21:58,466][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2017-09-11T17:21:58,508][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2017-09-11T17:21:58,516][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#Java::JavaNet::URI:0x332bd20]}
[2017-09-11T17:21:58,520][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>24, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>3000}
[2017-09-11T17:21:58,564][WARN ][logstash.inputs.log4j ] This plugin is deprecated. Please use filebeat instead to collect logs from log4j applications.
[2017-09-11T17:21:58,565][INFO ][logstash.inputs.log4j ] Starting Log4j input listener {:address=>"0.0.0.0:80"}
[2017-09-11T17:21:58,571][INFO ][logstash.inputs.log4j ] Log4j input
[2017-09-11T17:21:58,572][INFO ][logstash.pipeline ] Pipeline main started
[2017-09-11T17:21:58,608][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2017-09-11T17:34:25,292][WARN ][logstash.runner ] SIGINT received. Shutting down the agent.
[2017-09-11T17:34:25,307][WARN ][logstash.agent ] stopping pipeline {:id=>"main"}
it doesn/t tell me any error.can you find something.
i really need it .i want a Remote Connection in the client rather than by a file.

hey.I find sth on other website.someone said thar error common occurredin logstash 5.x.
So i try a past releases. When i use the 2.4.0 .it can work!
root@bd1c91e02892:/usr/logstash-2.4.0# bin/logstash -f hd-citos-log4j.conf
Settings: Default pipeline workers: 24
log4j:WARN No appenders could be found for logger (org.apache.http.client.protocol.RequestAuthCache).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Pipeline main started
{
"message" => "This is a debug message!",
"@version" => "1",
"@timestamp" => "2017-09-12T01:54:28.039Z",
"timestamp" => 1505181267997,
"path" => "edu.zxp.log4jlearn.log4jTest",
"priority" => "DEBUG",
"logger_name" => "edu.zxp.log4jlearn.log4jTest",
"thread" => "main",
"class" => "edu.zxp.log4jlearn.log4jTest",
"file" => "log4jTest.java:9",
"method" => "main",
"host" => "10.18.12.222:55173"
}
{
"message" => "This is info message!",
"@version" => "1",
"@timestamp" => "2017-09-12T01:54:28.081Z",
"timestamp" => 1505181268007,
"path" => "edu.zxp.log4jlearn.log4jTest",
"priority" => "INFO",
"logger_name" => "edu.zxp.log4jlearn.log4jTest",
"thread" => "main",
"class" => "edu.zxp.log4jlearn.log4jTest",
"file" => "log4jTest.java:10",
"method" => "main",
"host" => "10.18.12.222:55173"
}
{
"message" => "This is a warn message!",
"@version" => "1",
"@timestamp" => "2017-09-12T01:54:28.082Z",
"timestamp" => 1505181268008,
"path" => "edu.zxp.log4jlearn.log4jTest",
"priority" => "WARN",
"logger_name" => "edu.zxp.log4jlearn.log4jTest",
"thread" => "main",
"class" => "edu.zxp.log4jlearn.log4jTest",
"file" => "log4jTest.java:11",
"method" => "main",
"host" => "10.18.12.222:55173"
}
{
"message" => "This is error message!",
"@version" => "1",
"@timestamp" => "2017-09-12T01:54:28.083Z",
"timestamp" => 1505181268008,
"path" => "edu.zxp.log4jlearn.log4jTest",
"priority" => "ERROR",
"logger_name" => "edu.zxp.log4jlearn.log4jTest",
"thread" => "main",
"class" => "edu.zxp.log4jlearn.log4jTest",
"file" => "log4jTest.java:12",
"method" => "main",
"host" => "10.18.12.222:55173"
}
So .do you have any suggestion about the logstash 5.5.0.Beacuse i use the elasticsearch5.5.0 and kibana 5.5.0 .
I want to avoid version conflicts.
Sorry for my bad English

I don't know why it isn't working in Logstash 5.5, but I do want to stress that the path you want to choose is not recommended and that problems like this are to be expected. You really really should pick another way of doing this. You can e.g. serialize the log event as JSON and ship over TCP. Then you can use a tcp input to receive it on the Logstash side. I know there's at least one Java library suitable for that.

thank you.do you have a demo about log4j.properties?.
because i truly know little about it.I don/t how to use the Json log4j.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.