Logstash does not open Port for Data-Input

Hi there,
soo i'm trying to get a new cluster to work - everythings setup fine.
We're using CentOS 7, Elasticsearch 7.15, Logstash 7.15.

The service is running fine - no errors when running it in debug mode.
There's also a confirmation that my config files are ok:

[2022-04-13T10:21:49,955][DEBUG][logstash.outputs.Elasticsearch] config LogStash::Outputs::Elasticsearch/@pipeline = nil
[2022-04-13T10:21:49,955][DEBUG][logstash.outputs.Elasticsearch] config LogStash::Outputs::Elasticsearch/@ilm_enabled = "auto"
[2022-04-13T10:21:49,956][DEBUG][logstash.outputs.Elasticsearch] config LogStash::Outputs::Elasticsearch/@ilm_pattern = "{now/d}-000001"
[2022-04-13T10:21:49,956][DEBUG][logstash.outputs.Elasticsearch] config LogStash::Outputs::Elasticsearch/@ilm_policy = "logstash-policy"
Configuration OK

If i check for the specified Port for this pipeline (5140) it shows up when i check it locally on the machine, also i've setup a firewall ruleset for this:

[root@randomserver02 user]# iptables -L | grep 5140
ACCEPT udp -- anywhere anywhere udp dpt:5140
ACCEPT udp -- anywhere anywhere udp dpt:5140 ctstate NEW

[root@randomserver02 user]# netstat -tulnp | grep 5140
udp 0 0* 2797/java

But there are no logs comming in from the source. If i check the port with nmap from a remote machine - it tells me that there is no open Port? I don't really get what COULD be wrong - any ideas?

[user@randomserver01 Elasticsearch]$ nmap -p5140 X.X.X.X
Starting Nmap 6.40 ( http://nmap.org ) at 2022-04-13 10:42 CEST
Nmap scan report for randomserver02.domain.com (X.X.X.X)
Host is up (0.00086s latency).
5140/tcp closed unknown

Kind regards,

Your last test check the port with tcp but you opened it for udp, maybe something there ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.