Logstash error

suraj.ghorp · January 28, 2021, 7:57pm

Hi Masters,

I am pulling logs from cloud based WAF through logstash. i am getting an below error.

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/C:/Users/9GHORP~1/AppData/Local/Temp/jruby-20620/jruby14413321087602442180jopenssl.jar) to field java.security.MessageDigest.provider
WARNING: Please consider reporting this to the maintainers of org.jruby.ext.openssl.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Sending Logstash logs to C:/Users/9ghorpades/Downloads/logstash-7.10.2-windows-x86_64/logstash-7.10.2/logs which is now configured via log4j2.properties
[2021-01-29T01:12:49,743][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.10.2", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.8+10 on 11.0.8+10 +indy +jit [mswin32-x86_64]"}
[2021-01-29T01:12:50,310][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-01-29T01:12:51,691][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"C:/Users/9ghorpades/Downloads/logstash-7.10.2-windows-x86_64/logstash-7.10.2/bin/SIEM_CONFIG"}
[2021-01-29T01:12:51,742][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
[2021-01-29T01:12:52,642][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2021-01-29T01:12:57,337][INFO ][logstash.runner ] Logstash shut down.
[2021-01-29T01:12:57,427][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

Badger · January 28, 2021, 8:13pm

You told logstash to look there for its configuration and it is not finding it. Is SIEM_CONFIG a file or a directory? Are you sure the user running logstash has read access to it?

suraj.ghorp · February 1, 2021, 4:57pm

Hi

logstash able to pull the logs from cloud based WAF, now i wanted to forward the logs to SSIM forwarder Ip, so i modify the config file.

output {
file {
path => "C:\Users\Downloads\logstash-7.10.2-windows-x86_64\logstash-7.10.2\bin"
codec => "line"
type => "syslog"
hosts => [...:10523"]
After that i am getting below error.

java.base/java.lang.Thread.run(Thread.java:834)"]}
warning: thread "Converge PipelineAction::Create" terminated with exception (report_on_exception is true):
LogStash::Error: Don't know how to handle Java::JavaLang::IllegalStateException for PipelineAction::Create<main>
create at org/logstash/execution/ConvergeResultExt.java:129
add at org/logstash/execution/ConvergeResultExt.java:57
converge_state at C:/Users/Downloads/logstash-7.10.2-windows-x86_64/logstash-7.10.2/logstash-core/lib/logstash/agent.rb:378
[2021-02-01T21:25:53,308][ERROR][logstash.agent ] An exception happened when converging configuration {:exception=>LogStash::Error, :message=>"Don't know how to handle Java::JavaLang::IllegalStateException for PipelineAction::Create<main>"}
[2021-02-01T21:25:53,500][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<LogStash::Error: Don't know how to handle Java::JavaLang::IllegalStateException for PipelineAction::Create<main>>, :backtrace=>["org/logstash/execution/ConvergeResultExt.java:129:in create'", "org/logstash/execution/ConvergeResultExt.java:57:in add'", "C:/Users/Downloads/logstash-7.10.2-windows-x86_64/logstash-7.10.2/logstash-core/lib/logstash/agent.rb:378:in `block in converge_state'"]}
[2021-02-01T21:25:53,623][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

Can you please help.