I installed logstash-2.4.0_all.deb on ubuntu server 16.04.1.
I wrote in /etc/logstash/conf.d/ex.conf:
input {
tcp {
type => "eventlog"
port => 3515
codec => json
}
} filter {
}
And I started logstash by the "sudo service logstash start".
By the "sudo service logstash status" I saw that logstash active.
But no file logstash.log in /var/log/logstash.
And no open tcp port 3515 by the "sudo netstat -lpn"
For test I deleted word "input" in /etc/logstash/conf.d/ex.conf and restart logstash.
No entryes about this event in /var/log/logstash/logstash.err and no file /var/log/logstash/logstash.log.
Then you'll know what's going on if root is running Logstash. It's likely a permissions issue with the logstash user not being able to write a file (perhaps one of the log files).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.