Logstash doesn't start

and there is no wazuh-alerts indices are being created and updated in ES?

filebeat test output--->dial up... ERROR dial tcp 172.16.6.95:5000: connect: connection refused

but the test output is successful if you run logstash with

logstash -f /etc/logstash/conf.d/01-wazuh.conf?

what’s the content of that conf.d directory ? i don’t see any possible error with your config

/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/01-wazuh.conf --->
works fine:
TLS... WARN secure connection disabled
talk to server... OK

what’s the content of
/etc/systemd/system/logstash.service

https://paste.debian.net/1152679/

sorry, but everything seems in order. any chance logstash user can’t read the config file ? what’s the permission of wazuh.conf ?

other than that, i can’t find anything else

ls /etc/logstash
drwxrwx--- 3 logstash logstash 4096 giu 12 12:35 certs
drwxrwxr-x 2 logstash logstash 4096 giu 13 16:12 conf.d
-rw-r--r-- 1 logstash logstash 2019 giu 16 13:29 jvm.options
-rw-r--r-- 1 logstash logstash 8958 mag 28 20:38 log4j2.properties
-rw-r--r-- 1 logstash logstash 342 mag 28 20:38 logstash-sample.conf
-rw-r--r-- 1 logstash logstash 11929 giu 18 13:01 logstash.yml
-rw-r--r-- 1 logstash logstash 285 giu 18 12:57 pipelines.yml
-rw------- 1 logstash logstash 1707 giu 16 13:30 startup.options

ls -la /etc/logstash/conf.d/
totale 12
drwxrwxr-x 2 logstash logstash 4096 giu 13 16:12 .
drwxrwxr-x 4 logstash logstash 4096 giu 18 13:05 ..
-rw-r--r-- 1 logstash logstash 519 giu 13 16:12 01-wazuh.conf

yeah, i’m out of ideas. maybe someone else have any feedback

I will rebuild the whole virtual machine

I'm became crazy!!!!
I've installed clean logstash, modify files to elastic output.
works fine!
I've modify pipeline.unsafe_shutdown: true
it doesn't works again. Same old problem!!!!
I don't know why!!!!!!!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.