Dear Folks,
We are faced with a issue, were in we are monitoring data from firewall, syslog and others. The data is coming from logstash (Shipper) to logstash (Indexer) and being forwarded to elastic search.
We are able to collect the data from firewall etc, but not able to collect for syslog, what could be the possible reason for this.
Please suggest.
Regards-
Praveen K
How is the syslog collection done? Is Logstash receiving messages over the network or reading messages from e.g. /var/log/syslog?
Reading messages over /var/log/syslog
Does the Logstash process have permission to read that file? If you start Logstash with --verbose
it'll complain about permission problems.
Actually to clear , it is both i mean network and syslog...Logstash (Shipper) located at client sites logs are being collected here (from devices) and forwarded to Logstash (indexer) through redis (messaging queue) .
Messages/logs are coming till messaging queue / Indexer and getting strucked for syslog only and not for firewall and other....can't understand where id the deadlock.?
Thanks. this issues got resolved.