Log4j Logstash plugin error

Hi, I am getting

[2016-11-09T14:37:28,009][DEBUG][logstash.inputs.log4j    ] Closing connection {:client=>"", :exception=>#<IOError: org.apache.log4j.spi.LoggingEvent; class invalid for deserialization>}

while sending logs from log4j to logstash using log4j plugin.


docker image sebp/elk (elk stack 5.0)
log4j 1.2.17

logstash conf:

input {
   log4j {
     mode => "server"
     host => ""
     port => 4560
     type => "log4j"
 output {
   stdout {




The next wierd thing is that I had to set log.level to debug to see that error message.

Appreciate any help, thanks!

Probably an incompatibility between the log4j libraries and/or JVMs. I relies on JVM-native Java object serialization and that's not a stable protocol. I suggest you use another method of collecting logs from your Java program.

magnusbaeck Could you suggest any methods?

  • Log as JSON to a file and use Filebeat to ship it. This is the most reliable method but makes a somewhat more complicated deployment.
  • Send logs as JSON via UDP.
  • Send logs as JSON via TCP.

Will try, thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.