I am using Logstash-email output with the following configuration:
email {
to => "..."
subject => "..."
port => 25
via => "smtp"
body => "%{message}"
}
But I didn't receive any email.
telnet localhost 25 shows this:
# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 <host_name> ESMTP Postfix
Are there any errors in my config file?
If Logstash has problems sending email it'll tell you about it in its log.
I checked the logs and didn't find any error messages there.
And how do you know your events even reach the output? Also, have you tried increasing Logstash's log level to get more entries in the log?
I am also using Elasticsearch output and stdout { codec => rubydebug } and I can see new messages are coming.
I found this error in Logstash logs:
12:27:29.769 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<Errno::ECONNREFUSED: Connection refused - Connection refused>}
12:27:30.044 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<Errno::ECONNREFUSED: Connection refused - Connection refused>}
I am able to send and receive email from terminal, though:
mailx -v -s "email_subject" <send_to_address>
Errno::ECONNREFUSED: Connection refused - Connection refused
This certainly suggests that nobody's listening on localhost:25. Is Postfix perhaps only listening on the IPv6 interface an Logstash only support IPv4? That could explain why "telnet localhost 25" works and seemingly does so by connecting to ::1.
I am able to send and receive email from terminal, though:
mailx doesn't use SMTP.
Thanks for explanation.
Is there any way to fix that problem to be able to receive emails from Logstash?
That's a Postfix question, but check the inet_protocols parameter in /etc/postfix/main.cf.
In /etc/postfix/main.cf I can see all inet_protocols are enabled:
# Enable IPv4, and IPv6 if supported
inet_protocols = allAnd is Postfix actually listening on 127.0.0.1:25? Does "telnet 127.0.0.1 25" work? Does Wireshark reveal anything about what's going on? Could a firewall be blocking the access?
It looks like everything should work.
I also tried to send email this way and I was able to receive it:
mail -s "subject" recipient@email.com <email_body>
And this way:
sendmail EMAILADDRESS
FROM: FROMADDRESS
SUBJECT: hello world
this is a test email
.
When I tried to send email via sendmail I got this errors:
11:56:31.514 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<IOError: Cannot run program "/usr/sbin/sendmail" (in directory "/"): error=2, No such file or directory>}
11:56:31.590 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<IOError: Cannot run program "/usr/sbin/sendmail" (in directory "/"): error=2, No such file or directory>}
It looks like it happened because I am running Logstash in Docker.
Though when I mounted local file /usr/sbin/sendmail by -v /usr/sbin/sendmail:/usr/sbin/sendmail I got another error:
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/mail-2.6.4/lib/mail/network/delivery_methods/sendmail.rb:73 warning: unsupported popen option: err
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/mail-2.6.4/lib/mail/network/delivery_methods/sendmail.rb:73 warning: unsupported popen option: err
12:29:35.742 [[main]>worker0] ERROR logstash.outputs.email - Something happen while delivering an email {:exception=>#<Errno::EPIPE: Broken pipe - Broken pipe>}mail -s "subject" recipient@email.com <email_body>
mail doesn't use SMTP.
sendmail EMAILADDRESS
sendmail doesn't use SMTP.
It looks like it happened because I am running Logstash in Docker.
That's crucial information! With containers running in bridge mode (the default), connections to localhost inside the container won't reach the host. You need to make sure you really connect to the host (e.g. by using its DNS name). Another option is to run the container in host network mode.
Though when I mounted local file /usr/sbin/sendmail by -v /usr/sbin/sendmail:/usr/sbin/sendmail I got another error:
That'll never work. The sendmail binary needs access to various other files.
Thanks for clarification.
In my case, ELK containers are connected to each other with with link. Is there any way to connect to a local host from a container to be able to run Sendmail or Postfix?
In my case, ELK containers are connected to each other with with link. Is there any way to connect to a local host from a container to be able to run Sendmail or Postfix?
I don't think there's a way to connect to the loopback interface of the host if you're running a container in bridge mode. As I said, either connect to the non-loopback interface on the host (e.g. by using its DNS name) or run the container in host network mode.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.