Logstash dont receive log

Ilyas_Ahsan · August 23, 2018, 4:24am

Hi

i have problem on logstash, my logstash dont receive any logstash. how do i debug this? because i have no get error

this is my logstash input and output.

input {
syslog {
port => 5043
add_field => {"log_type" => "cdr_syslog"}
}
}
output {
elasticsearch {
hosts => "localhost"
index => "all-syslog_cdr-%{+YYYY.MM.dd}"
}
if "_grokparsefailure" not in [tags] and "_groktimeout" not in [tags] {
elasticsearch {
hosts => localhost
index => "syslog_cdr-%{+YYYY.MM.dd}"
}
}
else {
elasticsearch {
hosts => "localhost"
index => "error-syslog_cdr-%{+YYY.MM.dd}"
}
}
}

thank you

magnusbaeck · August 23, 2018, 6:08am

Can other hosts connect to port 5043 on your machine? If you capture the network traffic, is anything being transmitted? I suggest you temporarily replace your elasticsearch outputs with a stdout { codec => rubydebug } output to remove sources of errors. What you send something by hand using e.g. telnet or netcat, is it getting through?

Ilyas_Ahsan · August 23, 2018, 7:39am

thank you for reply,

i have debug and found issue

[WARN ] 2018-08-23 14:39:08.277 [Ruby-0-Thread-16: :1] syslog - syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:5043", :exception=>#<Errno::EADDRINUSE: Address already in use - bind - Address already in use>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:190:in bind'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:149:inudp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in server'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:110:inblock in run'"]}

system · September 20, 2018, 7:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.